From da7987ca926e9bd82ff2989a920ea9740da24f95 Mon Sep 17 00:00:00 2001 From: ramishra Date: Mon, 26 Jul 2021 11:28:18 +0530 Subject: Add new basic auth middleware This adds a middleware that can be used as an alternative to noauth in standalone environments. This middleware uses a password file which supports the Apache htpasswd syntax. This file is read for every request, so no service restart is required when changes are made. The only password digest supported is bcrypt, and the ``bcrypt`` python library is used for password checks since it supports ``$2y$`` prefixed bcrypt passwords as generated by the Apache htpasswd utility. Adapted from I874783b8ece0eedf27a94dfed5163d0c82f8b9de. Change-Id: I3d80d86afd063af9fa2f411885dbd0dc65a7bbc7 --- .../notes/basic-auth-middleware-5f812399e325425f.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 releasenotes/notes/basic-auth-middleware-5f812399e325425f.yaml (limited to 'releasenotes/notes/basic-auth-middleware-5f812399e325425f.yaml') diff --git a/releasenotes/notes/basic-auth-middleware-5f812399e325425f.yaml b/releasenotes/notes/basic-auth-middleware-5f812399e325425f.yaml new file mode 100644 index 0000000..4394e46 --- /dev/null +++ b/releasenotes/notes/basic-auth-middleware-5f812399e325425f.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + Adds a basic http auth middleware as an alternative to noauth in + standalone environments. This middleware uses a password file which + supports the Apache `htpasswd`_ syntax. This file is read for every + request, so no service restart is required when changes are made. + The only password digest supported is bcrypt, and the ``bcrypt`` + python library is used for password checks since it supports ``$2y$`` + prefixed bcrypt passwords as generated by the Apache htpasswd utility. + + .. _htpasswd: https://httpd.apache.org/docs/current/misc/password_encryptions.html -- cgit v1.2.1