Authentication support

[copiousfreetime]

All operations should have the ability to be authenticated against some system.

[jsmestad]

Would love to see this added.

[lantins]

As a short term measure, you could restrict access by IP address inside your config.ru

[copiousfreetime]

There are a couple of ways to add authentication to stickler.

• use the ip address inside your config.ru or rack config as @lantins suggests
• use http-auth
  ** first put in a middleware before stickler that implements httpauth
  ** And then on the normal gem command side of things, you can update your gem server uri to use http auth with a uri like https://user:pass@stickler.example.com/

I don't know if the stickler specific commands will work with that yet, but I'll get some time this month to play around with it and see what it would take.

[lantins]

Last time I tried HTTP-AUTH it didn't work, I was unable to upload new gems.
Downloading worked no problem though.

n.b. that was several months ago.

[copiousfreetime]

@lantins good to know, thanks.

[jsmestad]

👍

[jsmestad]

@copiousfreetime I can confirm that http auth (nginx in our case) blocks any sort of upload command.

It looks like the fix is that you have to specify the basic auth portion as a header. For example,

require 'base64'

login = Base64.urlsafe_encode64("user:qwerty123")
c = Excon.new('http://localhost/path')
puts c.request(:method => :get, :headers => {'Authorization' => "Basic #{login}"})

[copiousfreetime]

I've just committed c3580d4 and pushed version v2.2.0 to rubygems. Please update and let me know if it all works.

This just updates stickler to be able to use HTTP Basic Auth on the client side. Use --server http://user:password@host:port/ on the commandline or :server: http://user:password@host:port/ in your ~/.gem/stickler file and it should work.

Please reopen this issue if there are any problems.

[copiousfreetime]

Make that version 2.2.2 that was released, I had a couple of release issues.

[anveo]

I'm still having an issue. My config.ru looks like:

require 'rubygems'
require 'stickler'

users = {'foo' => 'bar'}
use Rack::Auth::Basic, 'Stickler' do |username, password|
  users.key?(username) && users[username] == password
end

stickler_dir = File.expand_path(File.join(File.dirname( __FILE__ ), "public"))
run Stickler::Server.new(stickler_dir).app

~/.gem/stickler looks like:

:server: http://foo:bar@gems.example.com

I ran:

∴ stickler mirror rails --gem-version 3.1.3

And get the following output:

Asking http://foo:bar@gems.example.com/ to mirror rails-3.1.3 from rubygems.org : ERROR ->

No error message is shown, and there doesn't seem to be anything useful in the thin logs.

[copiousfreetime]

Sounds good, I will do my best to duplicated it and see what happens.

[copiousfreetime]

I can duplicate your issue @anveo. I'm working on a fix.