Skip to content

Commit

Permalink
[#1467] Add multi-user support in Auth basic plugin with dynamic user…
Browse files Browse the repository at this point in the history
…-password handling and update AUTH_BASIC_LOCATION regex to be more open
  • Loading branch information
TheophileDiot committed Dec 31, 2024
1 parent 5c21ecb commit 5e5130c
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
- [FEATURE] Add country tracking to bans data
- [FEATURE] Refactored the way the database migrations are handled to make it more reliable and faster using alembic
- [FEATURE] Add configurable limit for SecRequestBodyNoFilesLimit in ModSecurity via the `MODSECURITY_REQ_BODY_NO_FILES_LIMIT` setting
- [FEATURE] Add multi-user support in `Auth basic` plugin
- [DEPRECATION] Remove `X-XSS-Protection` header from the `header` plugin as it is deprecated
- [DEPS] Updated coreruleset-v4 version to v4.10.0

Expand Down
12 changes: 10 additions & 2 deletions src/common/core/authbasic/confs/server-http/htpasswd
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
{%- if USE_AUTH_BASIC == "yes" -%}
{%- set passlib_hash = import('passlib.hash') -%}
{{ AUTH_BASIC_USER }}:{{ passlib_hash.sha512_crypt.hash(AUTH_BASIC_PASSWORD) }}
{%- endif %}
{% for k, v in all.items() %}
{% if k.startswith("AUTH_BASIC_USER") and v != "" -%}
{% set user = v %}
{% set password = all[k.replace("USER", "PASSWORD")] if k.replace("USER", "PASSWORD") in all else "" %}
{% if password != "" %}
{{ user }}:{{ passlib_hash.sha512_crypt.hash(password) }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
8 changes: 5 additions & 3 deletions src/common/core/authbasic/plugin.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"help": "URL of the protected resource or sitewide value.",
"id": "auth-basic-location",
"label": "Auth basic Location",
"regex": "^(sitewide|/[a-zA-Z0-9.\\/\\-]*)$",
"regex": "^.*$",
"type": "text"
},
"AUTH_BASIC_USER": {
Expand All @@ -30,7 +30,8 @@
"id": "auth-basic-user",
"label": "Auth basic Username",
"regex": "^[\\w\\-]+",
"type": "text"
"type": "text",
"multiple": "auth-basic-credentials"
},
"AUTH_BASIC_PASSWORD": {
"context": "multisite",
Expand All @@ -39,7 +40,8 @@
"id": "auth-basic-password",
"label": "Password",
"regex": "^.+",
"type": "password"
"type": "password",
"multiple": "auth-basic-credentials"
},
"AUTH_BASIC_TEXT": {
"context": "multisite",
Expand Down

0 comments on commit 5e5130c

Please sign in to comment.