Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic HTTP authentication filters #15720

Merged
merged 11 commits into from
Sep 19, 2024
Merged

Basic HTTP authentication filters #15720

merged 11 commits into from
Sep 19, 2024

Conversation

timkelty
Copy link
Contributor

@timkelty timkelty commented Sep 11, 2024
edited
Loading

Description

  • Adds \craft\filters\SiteFilterTrait::$enabled so all site filters can be easily toggled (eg per environment)
  • Adds \craft\filters\BasicHttpAuthLogin, providing similar (but more configurable) functionality to \craft\config\GeneralConfig::$enableBasicHttpAuth, allowing users to log in as a Craft user with Basic HTTP auth credentials.
  • Adds \craft\filters\BasicHttpAuthStatic, making it easy to block access to a site with a static username/password
    • defaults to CRAFT_HTTP_BASIC_AUTH_USERNAME, CRAFT_HTTP_BASIC_AUTH_PASSWORD
  • Deprecates \craft\config\GeneralConfig::$enableBasicHttpAuth

Both filters use the same \craft\filters\SiteFilterTrait as our other filters, meaning they can be limited by site if desired, and they only apply to site requests.

Example usage

<?php

// config/app.web.php
return [
    // Equivalent functionality to\craft\config\GeneralConfig::$enableBasicHttpAuth
    'as optionalBasicLogin' => [
        'class' => \craft\filters\BasicHttpAuthLogin::class,

        // List of action ID patterns, see \yii\filters\auth\AuthMethod::$optional
        'optional' => ['*'],
    ],

    // Required user login for all site requests, when not in production
    'as requiredBasicLogin' => [
        'class' => \craft\filters\BasicHttpAuthLogin::class,
        'when' => fn() => \Craft::$app->env !== 'production',
    ],

    // Block all frontend requests with default credentials from env vars
    'as basicStatic' => \craft\filters\BasicHttpAuthStatic::class,

    // Block all frontend requests to siteA with configured credentials
    'as basicStaticWithConfig' => [
        'class' => \craft\filters\BasicHttpAuthStatic::class,
        'username' => 'foo',
        'password' => 'secret',
        'site' => ['siteA'],
    ],
];

@brandonkelly brandonkelly changed the base branch from 4.x to 4.13 September 14, 2024 11:59
@timkelty timkelty self-assigned this Sep 17, 2024
@brandonkelly brandonkelly merged commit 61d6821 into 4.13 Sep 19, 2024
3 checks passed
@brandonkelly brandonkelly deleted the feature/http-basic-auth branch September 19, 2024 15:47
@timkelty timkelty mentioned this pull request Oct 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandonkelly brandonkelly Awaiting requested review from brandonkelly

Assignees

@timkelty timkelty

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timkelty @brandonkelly