Skip to content
This repository has been archived by the owner on Mar 29, 2019. It is now read-only.

Replace with #229



Copy link

This patch adds three new features to ChiliProject to resolve

  1. A new action to the sys controller to check if a user (identified by basic auth) is has a certain named permission
  2. A new mode for User.try_to_login. It allows to cache the auth credentials in the Rails.cache (e.g. Memcached). It creates a hash from the session secret, username, and password and saves it to the cache on successful login. This hash is less secure than the default hash in the database (it is SHA1-based and salted by the session secret), it is probably sufficient for storage in a memory cache. This mode is required to use either "expensive" hashes (e.g when we switch to PBKDF2) or when using external auth sources like LDAP which are rather slow.
  3. A replacement for called which uses the new sys API for authentication.

This has several advantages as it completely removes the duplication of the complex authentication and authorization logic from the Perl module. We no longer require database modules and the code is now probably even threadsafe (allowing the usage of the Apache worker mpm).

The downside is that we use the ChiliProject for each auth request which might slow things down for very limited (or not concurrent) installs. However, each request right now takes <= 20 ms with Passenger on my systems, so it should probably be okay.

The Perl module still needs some more testing (which I would gladly take if you have some time) so I'm targeting this module for ChiliProject 3.5.

It caches the credentials in the Rails cache in a way that they are checked at least once every 10 minutes (if supported by the used cache store).
This action can be used to check if a certain user (identified with
basic auth) has a certain permission on a named project.
# The full URL to your ChiliProject instance
ChiliProjectBaseUrl "http://your.server/chiliproject"

# The key as enterd in your ChiliProject in
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: enterd -> entered

Copy link

thegcat commented Jan 2, 2013

See line notes, everything else looks good.

@meineerde meineerde closed this Feb 2, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
None yet
2 participants