From 762e103ccc99e61a03f0bdf57cb8228dd940c57e Mon Sep 17 00:00:00 2001 From: "Tarek N. Elsamni" Date: Mon, 29 Jul 2019 12:18:59 +0100 Subject: [PATCH] Add support for HTTP Basic auth based on ENV vars (#21) * Support basic auth based on ENV vars * Update README. * Fix rubocop. --- README.md | 7 +++++-- app/controllers/application_controller.rb | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 32fae73..f15e5da 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,8 @@ You can install ciao via the official Docker image `brotandgames/ciao` or using - `SECRET_KEY_BASE` will be auto-generated if you omit it - Check [SMTP Configuration](smtp_configuration.md) for all possible configuration variables, notes and example configurations for Gmail, Sendgrid etc. - By mounting a Docker volume you can avoid loosing data on restart or upgrade -- Time zone is configurable per `TIME_ZONE` variable (default: UTC) eg. `TIME_ZONE="Vienna"` - you can find all possible values by executing `docker run --rm brotandgames/ciao rake time:zones` +- Time zone is configurable per `TIME_ZONE` variable (default: UTC) eg. `TIME_ZONE="Vienna"` - you can find all possible values by executing `docker run --rm brotandgames/ciao rake time:zones` (since version 1.2.0) +- You can enable HTTP Basic auth for ciao by defining `BASIC_AUTH_USERNAME` and `BASIC_AUTH_PASSWORD` eg. `BASIC_AUTH_USERNAME="ciao-admin"` `BASIC_AUTH_PASSWORD="********"` (since version 1.3.0) IMPORTANT: Be sure to enable authentication (eg. HTTP Basic auth) and TLS certificates if you serve ciao publicly. @@ -225,7 +226,9 @@ dokku config:set --no-restart ciao \ SMTP_AUTHENTICATION=plain \ SMTP_ENABLE_STARTTLS_AUTO=auto \ SMTP_USERNAME=ciao \ - SMTP_PASSWORD="sensitive_password" + SMTP_PASSWORD="sensitive_password" \ + BASIC_AUTH_USERNAME="username_for_basic_auth" \ # leave empty to disable basic auth + BASIC_AUTH_PASSWORD="password_for_basic_auth" ```` Deploy ciao using your deployment method eg. [Dockerfile Deployment](http://dokku.viewdocs.io/dokku/deployment/methods/dockerfiles/), [Docker Image Deployment](http://dokku.viewdocs.io/dokku/deployment/methods/images/) etc. diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e724fcf..62fe0b6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,19 @@ # frozen_string_literal: true class ApplicationController < ActionController::Base + before_action :authenticate protect_from_forgery unless: -> { request.format.json? } + + def authenticate + # rubocop:disable Metrics/LineLength + basic_auth_username = ENV.fetch('BASIC_AUTH_USERNAME', '') + basic_auth_password = ENV.fetch('BASIC_AUTH_PASSWORD', '') + + return true if basic_auth_username.empty? + + authenticate_or_request_with_http_basic('Ciao Application') do |username, password| + username == basic_auth_username && password == basic_auth_password + end + # rubocop:enable Metrics/LineLength + end end