Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Authentication support #12

Closed
copiousfreetime opened this Issue · 12 comments

4 participants

@copiousfreetime

All operations should have the ability to be authenticated against some system.

@jsmestad

Would love to see this added.

@lantins

As a short term measure, you could restrict access by IP address inside your config.ru

@copiousfreetime

There are a couple of ways to add authentication to stickler.

  • use the ip address inside your config.ru or rack config as @lantins suggests
  • use http-auth ** first put in a middleware before stickler that implements httpauth ** And then on the normal gem command side of things, you can update your gem server uri to use http auth with a uri like https://user:pass@stickler.example.com/

I don't know if the stickler specific commands will work with that yet, but I'll get some time this month to play around with it and see what it would take.

@lantins

Last time I tried HTTP-AUTH it didn't work, I was unable to upload new gems.
Downloading worked no problem though.

n.b. that was several months ago.

@copiousfreetime

@lantins good to know, thanks.

@jsmestad

@copiousfreetime I can confirm that http auth (nginx in our case) blocks any sort of upload command.

It looks like the fix is that you have to specify the basic auth portion as a header. For example,

require 'base64'

login = Base64.urlsafe_encode64("user:qwerty123")
c = Excon.new('http://localhost/path')
puts c.request(:method => :get, :headers => {'Authorization' => "Basic #{login}"})
@copiousfreetime

I've just committed c3580d4 and pushed version v2.2.0 to rubygems. Please update and let me know if it all works.

This just updates stickler to be able to use HTTP Basic Auth on the client side. Use --server http://user:password@host:port/ on the commandline or :server: http://user:password@host:port/ in your ~/.gem/stickler file and it should work.

Please reopen this issue if there are any problems.

@copiousfreetime

Make that version 2.2.2 that was released, I had a couple of release issues.

@anveo

I'm still having an issue. My config.ru looks like:

require 'rubygems'
require 'stickler'

users = {'foo' => 'bar'}
use Rack::Auth::Basic, 'Stickler' do |username, password|
  users.key?(username) && users[username] == password
end

stickler_dir = File.expand_path(File.join(File.dirname( __FILE__ ), "public"))
run Stickler::Server.new(stickler_dir).app

~/.gem/stickler looks like:

:server: http://foo:bar@gems.example.com

I ran:

∴ stickler mirror rails --gem-version 3.1.3

And get the following output:

Asking http://foo:bar@gems.example.com/ to mirror rails-3.1.3 from rubygems.org : ERROR ->

No error message is shown, and there doesn't seem to be anything useful in the thin logs.

@copiousfreetime

Sounds good, I will do my best to duplicated it and see what happens.

@copiousfreetime

I can duplicate your issue @anveo. I'm working on a fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.