Conan server API authentication
Proposal
Once we have https://gitlab.com/gitlab-org/gitlab-ee/issues/12567 we can add authentication to the API.
This means we need to implement GET /v1/users/authenticate
endpoint that when correct username and password are provided (as a result of the conan user
command - https://docs.conan.io/en/latest/reference/commands/misc/user.html) will return access token.
Once the user is logged in Conan client will provide the token in the HTTP_AUTHORIZATION
header. We will change GET /v1/ping
from https://gitlab.com/gitlab-org/gitlab-ee/issues/12567 to return 200 OK
and empty list of server capabilities if the token is correct and stick to 401 Unauthorized
otherwise.
Example workflow:
curl -I -u demo:demo http://conan-server:9300/v1/users/authenticate
HTTP/1.1 200 OK
Server: gunicorn/19.9.0
Date: Tue, 02 Jul 2019 09:03:06 GMT
Connection: close
Content-Type: text/plain
Content-Length: 124
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiZGVtbyIsImV4cCI6MTU2MjA2NTM4Nn0.tQQQeLFTY9QDnfWeufy6mMzAV5shwHpLOcEQgv7pBr8
The token returned will be provided by the client to the subsequent calls in a header:
“HTTP_AUTHORIZATION”=>”Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiZGVtbyIsImV4cCI6MTU2MjA2NTM4Nn0.tQQQeLFTY9QDnfWeufy6mMzAV5shwHpLOcEQgv7pBr8”
conan_server
is using JSON Web Tokens. The authentication endpoint can be found here - https://github.com/conan-io/conan/blob/develop/conans/server/rest/controller/common/users.py#L17-L29.