Re: [Kea-users] Stork API Key

Thu, 15 Dec 2022 08:10:32 -0800 

Am 15.12.22 um 16:44 schrieb Eric Graham:
Thanks, Rick, for the clarification. I dug into the code to double check that HTTP basic auth is not used. 


The API spec is here: 
https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/api/users-paths.yaml#L1-L33



If basic auth were in use, there would be a security section as 
described here: 
https://swagger.io/docs/specification/authentication/basic-authentication/



Here is the code that authenticates the user for the /session endpoint: 
https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/backend/server/restservice/users.go#L54-L68



A use of the middleware to ensure the user is logged in before 
continuing the request: 
https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/backend/server/restservice/middleware.go#L269-L281




In summary, the user provides a username (treated as an email if it 
contains '@' or a username otherwise) and a password, which maps to 
their identity. The password is hashed with PostgreSQL's |crypt|​ 
function and stored. That identity is tied to the session token, which 
are passed to the server in the session cookie upon any (authenticated) 
request and checked for equality and validity (+ expiration) in the 
database. Basic auth is not checked.


Thanks Rick, thanks Eric!


It's now my turn to figure out how to use this cookie-based approach in 
n8n to auth my requests.


--

Aside from that, a bit off-topic in terms of Stork:


querying the ctrl-agent on one of my kea-servers seems to work 
un-authenticated:



curl -X POST -H "Content-Type: application/json" -d '{ "command": 
"lease4-get-all", "arguments": { "subnets": [1] }, "service": [ "dhcp4" 
] }' http://10.0.0.230:8000/


But yes: off-topic in terms of the thread subject ;-)

And maybe related to some missing configuration on my side:

https://kea.readthedocs.io/en/kea-2.2.0/arm/agent.html#configuration

contains a block with:

"
"authentication": {
            "type": "basic",
            "realm": "kea-control-agent",
            "clients": [
            {
                "user": "admin",
                "password": "1234"
            } ]
        }
"

while the example (home user .. so maybe not that safe) at

https://kea.readthedocs.io/en/kea-2.2.0/arm/config-templates.html


does not contain that "authentication" block (and that's where I copied 
from).


So I assume I should add this to my config asap.

Thanks so far, Stefan


--
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-users






















					Reply via email to