From 7e9aabb2cc70e504dc48f7219902be14a4748f4c Mon Sep 17 00:00:00 2001 From: Jun Woo Shin Date: Wed, 31 Aug 2022 11:16:17 -0700 Subject: [PATCH] remove basic auth (#63) --- IMPLEMENTATION.md | 4 +- .../com/facebook/openwifirrm/RRMConfig.java | 27 ---------- .../openwifirrm/modules/ApiServer.java | 50 ------------------- .../openwifirrm/modules/ApiServerTest.java | 5 +- 4 files changed, 3 insertions(+), 83 deletions(-) diff --git a/IMPLEMENTATION.md b/IMPLEMENTATION.md index f0c6b1b..434f3cb 100644 --- a/IMPLEMENTATION.md +++ b/IMPLEMENTATION.md @@ -134,8 +134,8 @@ every service, as well as endpoints specific to RRM providers. They are both marked here under the "SDK" tag. Depending on RRM service configuration, the API server may also enable CORS -selectively or globally, HTTP basic auth, and/or OpenWiFi auth (via Bearer -tokens or internal API keys). +selectively or globally, and OpenWiFi auth (via Bearer tokens or internal +API keys). ### Provisioning Monitor `ProvMonitor` syncs device topology ("venues") and configuration with the diff --git a/src/main/java/com/facebook/openwifirrm/RRMConfig.java b/src/main/java/com/facebook/openwifirrm/RRMConfig.java index 86e7b1a..e5cbf9a 100644 --- a/src/main/java/com/facebook/openwifirrm/RRMConfig.java +++ b/src/main/java/com/facebook/openwifirrm/RRMConfig.java @@ -332,24 +332,6 @@ public class RRMConfig { */ public String corsDomainList = ""; - /** - * Enable HTTP basic auth? - * ({@code APISERVERPARAMS_USEBASICAUTH}) - */ - public boolean useBasicAuth = false; - - /** - * The HTTP basic auth username (if enabled) - * ({@code APISERVERPARAMS_BASICAUTHUSER}) - */ - public String basicAuthUser = "admin"; - - /** - * The HTTP basic auth password (if enabled) - * ({@code APISERVERPARAMS_BASICAUTHPASSWORD}) - */ - public String basicAuthPassword = "openwifi"; - /** * Enable OpenWiFi authentication via tokens (external) and API keys * (internal) @@ -558,15 +540,6 @@ public class RRMConfig { if ((v = env.get("APISERVERPARAMS_CORSDOMAINLIST")) != null) { apiServerParams.corsDomainList = v; } - if ((v = env.get("APISERVERPARAMS_USEBASICAUTH")) != null) { - apiServerParams.useBasicAuth = Boolean.parseBoolean(v); - } - if ((v = env.get("APISERVERPARAMS_BASICAUTHUSER")) != null) { - apiServerParams.basicAuthUser = v; - } - if ((v = env.get("APISERVERPARAMS_BASICAUTHPASSWORD")) != null) { - apiServerParams.basicAuthPassword = v; - } if ((v = env.get("APISERVERPARAMS_USEOPENWIFIAUTH")) != null) { apiServerParams.useOpenWifiAuth = Boolean.parseBoolean(v); } diff --git a/src/main/java/com/facebook/openwifirrm/modules/ApiServer.java b/src/main/java/com/facebook/openwifirrm/modules/ApiServer.java index 346a693..c4927ac 100644 --- a/src/main/java/com/facebook/openwifirrm/modules/ApiServer.java +++ b/src/main/java/com/facebook/openwifirrm/modules/ApiServer.java @@ -14,7 +14,6 @@ import java.net.URISyntaxException; import java.net.UnknownHostException; import java.time.Instant; import java.util.Arrays; -import java.util.Base64; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -248,9 +247,6 @@ public class ApiServer implements Runnable { Spark.get("/api/v1/optimizeTxPower", new OptimizeTxPowerEndpoint()); logger.info("API server listening on HTTP port {}", params.httpPort); - if (params.useBasicAuth) { - logger.info("HTTP basic auth is enabled."); - } } /** Stop the server. */ @@ -265,42 +261,6 @@ public class ApiServer implements Runnable { : String.format("%s?%s", path, queryString); } - /** - * Perform HTTP basic authentication given an expected user/password. - * - * If authentication passes, do nothing and return true. Otherwise, send an - * HTTP 401 response with a "WWW-Authenticate" header and return false. - */ - private boolean performHttpBasicAuth( - Request request, - Response response, - String user, - String password - ) { - // Extract header: - // Authorization: Basic :)> - final String AUTH_PREFIX = "Basic "; - String authHeader = request.headers("Authorization"); - if (authHeader != null && authHeader.startsWith(AUTH_PREFIX)) { - String contents = authHeader.substring(AUTH_PREFIX.length()); - String creds = new String(Base64.getDecoder().decode(contents)); - int splitIdx = creds.indexOf(':'); - if (splitIdx != -1) { - String u = creds.substring(0, splitIdx); - String p = creds.substring(splitIdx + 1); - if (u.equals(user) && p.equals(password)) { - // auth success - return true; - } - } - } - - // auth failure - response.header("WWW-Authenticate", "Basic"); - Spark.halt(401, "Unauthorized"); - return false; - } - /** * Perform OpenWiFi authentication via tokens (external) and API keys * (internal). @@ -393,16 +353,6 @@ public class ApiServer implements Runnable { } } - // HTTP basic auth (if enabled) - if (params.useBasicAuth) { - performHttpBasicAuth( - request, - response, - params.basicAuthUser, - params.basicAuthPassword - ); - } - // OpenWifi auth (if enabled) if (params.useOpenWifiAuth) { // Only protect API endpoints diff --git a/src/test/java/com/facebook/openwifirrm/modules/ApiServerTest.java b/src/test/java/com/facebook/openwifirrm/modules/ApiServerTest.java index 82f7e5f..f128e4b 100644 --- a/src/test/java/com/facebook/openwifirrm/modules/ApiServerTest.java +++ b/src/test/java/com/facebook/openwifirrm/modules/ApiServerTest.java @@ -79,9 +79,6 @@ public class ApiServerTest { // Create config this.rrmConfig = new RRMConfig(); rrmConfig.moduleConfig.apiServerParams.httpPort = TEST_PORT; - rrmConfig.moduleConfig.apiServerParams.useBasicAuth = false; - rrmConfig.moduleConfig.apiServerParams.basicAuthUser = ""; - rrmConfig.moduleConfig.apiServerParams.basicAuthPassword = ""; // Create clients (null for now) UCentralClient client = null; @@ -692,4 +689,4 @@ public class ApiServerTest { Unirest.put(url + "?venue=asdf&algorithm=" + algorithms.get(0)).asString().getStatus() ); } -} \ No newline at end of file +}