remove basic auth (#63)

IMPLEMENTATION.md

@@ -134,8 +134,8 @@ every service, as well as endpoints specific to RRM providers. They are both
 marked here under the "SDK" tag.
 
 Depending on RRM service configuration, the API server may also enable CORS
-selectively or globally, HTTP basic auth, and/or OpenWiFi auth (via Bearer
+selectively or globally, and OpenWiFi auth (via Bearer tokens or internal 
-tokens or internal API keys).
+API keys).
 
 ### Provisioning Monitor
 `ProvMonitor` syncs device topology ("venues") and configuration with the

src/main/java/com/facebook/openwifirrm/RRMConfig.java

@@ -332,24 +332,6 @@ public class RRMConfig {
 			 */
 			public String corsDomainList = "";
 
-			/**
-			 * Enable HTTP basic auth?
-			 * ({@code APISERVERPARAMS_USEBASICAUTH})
-			 */
-			public boolean useBasicAuth = false;
-
-			/**
-			 * The HTTP basic auth username (if enabled)
-			 * ({@code APISERVERPARAMS_BASICAUTHUSER})
-			 */
-			public String basicAuthUser = "admin";
-
-			/**
-			 * The HTTP basic auth password (if enabled)
-			 * ({@code APISERVERPARAMS_BASICAUTHPASSWORD})
-			 */
-			public String basicAuthPassword = "openwifi";
-
 			/**
 			 * Enable OpenWiFi authentication via tokens (external) and API keys
 			 * (internal)
@@ -558,15 +540,6 @@ public class RRMConfig {
 		if ((v = env.get("APISERVERPARAMS_CORSDOMAINLIST")) != null) {
 			apiServerParams.corsDomainList = v;
 		}
-		if ((v = env.get("APISERVERPARAMS_USEBASICAUTH")) != null) {
-			apiServerParams.useBasicAuth = Boolean.parseBoolean(v);
-		}
-		if ((v = env.get("APISERVERPARAMS_BASICAUTHUSER")) != null) {
-			apiServerParams.basicAuthUser = v;
-		}
-		if ((v = env.get("APISERVERPARAMS_BASICAUTHPASSWORD")) != null) {
-			apiServerParams.basicAuthPassword = v;
-		}
 		if ((v = env.get("APISERVERPARAMS_USEOPENWIFIAUTH")) != null) {
 			apiServerParams.useOpenWifiAuth = Boolean.parseBoolean(v);
 		}

src/main/java/com/facebook/openwifirrm/modules/ApiServer.java

@@ -14,7 +14,6 @@ import java.net.URISyntaxException;
 import java.net.UnknownHostException;
 import java.time.Instant;
 import java.util.Arrays;
-import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -248,9 +247,6 @@ public class ApiServer implements Runnable {
 		Spark.get("/api/v1/optimizeTxPower", new OptimizeTxPowerEndpoint());
 
 		logger.info("API server listening on HTTP port {}", params.httpPort);
-		if (params.useBasicAuth) {
-			logger.info("HTTP basic auth is enabled.");
-		}
 	}
 
 	/** Stop the server. */
@@ -265,42 +261,6 @@ public class ApiServer implements Runnable {
 			: String.format("%s?%s", path, queryString);
 	}
 
-	/**
-	 * Perform HTTP basic authentication given an expected user/password.
-	 *
-	 * If authentication passes, do nothing and return true. Otherwise, send an
-	 * HTTP 401 response with a "WWW-Authenticate" header and return false.
-	 */
-	private boolean performHttpBasicAuth(
-		Request request,
-		Response response,
-		String user,
-		String password
-	) {
-		// Extract header:
-		//   Authorization: Basic <base64(<user>:<password>)>
-		final String AUTH_PREFIX = "Basic ";
-		String authHeader = request.headers("Authorization");
-		if (authHeader != null && authHeader.startsWith(AUTH_PREFIX)) {
-			String contents = authHeader.substring(AUTH_PREFIX.length());
-			String creds = new String(Base64.getDecoder().decode(contents));
-			int splitIdx = creds.indexOf(':');
-			if (splitIdx != -1) {
-				String u = creds.substring(0, splitIdx);
-				String p = creds.substring(splitIdx + 1);
-				if (u.equals(user) && p.equals(password)) {
-					// auth success
-					return true;
-				}
-			}
-		}
-
-		// auth failure
-		response.header("WWW-Authenticate", "Basic");
-		Spark.halt(401, "Unauthorized");
-		return false;
-	}
-
 	/**
 	 * Perform OpenWiFi authentication via tokens (external) and API keys
 	 * (internal).
@@ -393,16 +353,6 @@ public class ApiServer implements Runnable {
 			}
 		}
 
-		// HTTP basic auth (if enabled)
-		if (params.useBasicAuth) {
-			performHttpBasicAuth(
-				request,
-				response,
-				params.basicAuthUser,
-				params.basicAuthPassword
-			);
-		}
-
 		// OpenWifi auth (if enabled)
 		if (params.useOpenWifiAuth) {
 			// Only protect API endpoints

src/test/java/com/facebook/openwifirrm/modules/ApiServerTest.java

@@ -79,9 +79,6 @@ public class ApiServerTest {
 		// Create config
 		this.rrmConfig = new RRMConfig();
 		rrmConfig.moduleConfig.apiServerParams.httpPort = TEST_PORT;
-		rrmConfig.moduleConfig.apiServerParams.useBasicAuth = false;
-		rrmConfig.moduleConfig.apiServerParams.basicAuthUser = "";
-		rrmConfig.moduleConfig.apiServerParams.basicAuthPassword = "";
 
 		// Create clients (null for now)
 		UCentralClient client = null;