[Bugfix] Fix basic auth in deployed apps (#52)

* Renamed auth env vars and updated them to work in prod env

* Updated basic auth parsing to ignore empty strings
This commit is contained in:
Kieran 2024-03-04 13:29:26 -08:00 committed by GitHub
parent 5c9933b684
commit 254054c0c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 22 additions and 5 deletions

View file

@ -28,7 +28,7 @@ docker run \
## Authentication
Currently HTTP basic auth is optionally supported. To use it, set the `AUTH_USERNAME` and `AUTH_PASSWORD` environment variables when starting the container. If you don't set both of these, no authentication will be required.
Currently HTTP basic auth is optionally supported. To use it, set the `BASIC_AUTH_USERNAME` and `BASIC_AUTH_PASSWORD` environment variables when starting the container. If you don't set both of these, no authentication will be required.
## License

View file

@ -17,10 +17,10 @@ config :pinchflat,
# The user may or may not store metadata for their needs, but the app will always store its copy
metadata_directory: "/config/metadata",
tmpfile_directory: Path.join([System.tmp_dir!(), "pinchflat", "data"]),
# Setting AUTH_USERNAME and AUTH_PASSWORD implies you want to use basic auth.
# Setting BASIC_AUTH_USERNAME and BASIC_AUTH_PASSWORD implies you want to use basic auth.
# If either is unset, basic auth will not be used.
basic_auth_username: System.get_env("AUTH_USERNAME"),
basic_auth_password: System.get_env("AUTH_PASSWORD"),
basic_auth_username: System.get_env("BASIC_AUTH_USERNAME"),
basic_auth_password: System.get_env("BASIC_AUTH_PASSWORD"),
file_watcher_poll_interval: 1000
# Configures the endpoint

View file

@ -21,6 +21,10 @@ if System.get_env("PHX_SERVER") do
config :pinchflat, PinchflatWeb.Endpoint, server: true
end
config :pinchflat,
basic_auth_username: System.get_env("BASIC_AUTH_USERNAME"),
basic_auth_password: System.get_env("BASIC_AUTH_PASSWORD")
if config_env() == :prod do
config_path =
System.get_env("CONFIG_PATH") ||

View file

@ -54,10 +54,14 @@ defmodule PinchflatWeb.Router do
username = Application.get_env(:pinchflat, :basic_auth_username)
password = Application.get_env(:pinchflat, :basic_auth_password)
if username && password do
if credential_set?(username) && credential_set?(password) do
Plug.BasicAuth.basic_auth(conn, username: username, password: password, realm: "Pinchflat")
else
conn
end
end
defp credential_set?(credential) do
credential && credential != ""
end
end

View file

@ -44,5 +44,14 @@ defmodule PinchflatWeb.RoutingTest do
assert conn.status == 200
end
test "it treats empty strings as not being set when using basic auth", %{conn: conn} do
Application.put_env(:pinchflat, :basic_auth_username, "")
Application.put_env(:pinchflat, :basic_auth_password, "pass")
conn = get(conn, "/")
assert conn.status == 200
end
end
end