Fix/anonymous to accept a consumer

[Tieske]

Summary

current implementation for anonymous access does not allow to run plugins on anonymous consumers. This change changes the boolean setting to accept anonymous access into a uuid setting which can hold the uuid of the consumer to associate with the anonymous access.

When this user is set, the credentials will not be set, and the header X-Anonymous-Consumer: true will still be set.

Full changelog

Updated plugins:

• basic-auth
• key-auth
• oauth2
• hmac-auth
• jwt
• ldap-auth

[thibaultcha]

Going down this road is still a terrible idea on the long term imo, due to the concerning amount of code being duplicated. As suggested before, another way to implement this would be that such authentication plugins could comply to an interface, and the core could detect a plugin is an authentication one, and execute them. Depending on the return value of a plugin, we can determine:

• errors (500)
• non authenticated calls (403)
• mis-authenticated calls (401)

And the core can take appropriate actions from there: setting authentication headers, allowing a call to be proxied as "anonymous", responding with HTTP 401 or 403, etc...

[Tieske]

Agreed, should be revised, but as part of plugin api refactoring.