Merge pull request #526 from joola/feature/#515

#515 basic auth opt-in and disable on http.
joola · Jun 2, 2014 · 4d45185 · 4d45185
2 parents 9e00292 + c05c1e0
commit 4d45185
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,6 +10,9 @@ services:
   - mongodb
   - rabbitmq
 
+env:
+  JOOLAIO_CONFIG_AUTHENTICATION_BASICAUTH_ENABLED=TRUE
+
 #branches:
 #  only:
 #    - master

diff --git a/config/default.yml b/config/default.yml
@@ -1,4 +1,4 @@
-version: 0.0.90
+version: 0.0.95
 interfaces:
   webserver:
     enabled: true
@@ -65,6 +65,8 @@ store:
 dispatch:
     expires: 60
 authentication:
+  basicauth:
+    enabled: false
   tokens:
     expireafter: 1200000
   ratelimits:

diff --git a/lib/dispatch/users.js b/lib/dispatch/users.js
@@ -432,8 +432,20 @@ exports.authenticate = {
     callback = callback || function () {
     };
 
+    var err;
+    if (!joola.config.get('authentication:basicauth').enabled) {
+      err = new Error('Forbidden');
+      err.code = 403;
+      return callback(err);
+    }
+    else if (joola.webserver.http && joola.config.get('authentication:basicauth').enabled) {
+      err = new Error('Forbidden');
+      err.code = 403;
+      return callback(err);
+    }
+
     if (context.user.workspace !== workspace && context.user.permissions.indexOf('superuser') === -1) {
-      var err = new Error('Forbidden');
+      err = new Error('Forbidden');
       err.code = 403;
       return callback(err);
     }