Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[master] rest_cherrypy: accept / force credentials via HTTP header #66814

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[master] rest_cherrypy: accept / force credentials via HTTP header #66814

wants to merge 1 commit into from
+106 −5

Conversation

Malte-Wagner
Copy link

The acceptance of HTTP headers opens the possibility to either set or force credentials for a session.
A reverse proxy, can handle authentication and
inject the custom headers X-Forwarded-User, X-Forwarded-Password and/or X-Forwarded-Eauth. In general, these headers can work in conjunction with the eauth sharedsecret / rest / auto methods to externalize and flexibilize authentication, without raising code complexity for new or niche authentication methods inside salt.

What does this PR do?

This PR enables rest_cherrypy to gather credentials via HTTP headers, that may be set by reverse proxy, to use them for session creation or session checking.

What issues does this PR fix or reference?

#22046

Previous Behavior

Credentials are only allowed via request body.

New Behavior

Credentials are allowed via request body and http header.
Prevalence is http header over request body values.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Commits signed with GPG?

Yes

Please review Salt's Contributing Guide for best practices, including the
PR Guidelines.

See GitHub's page on GPG signing for more information about signing commits with GPG.

@Malte-Wagner
rest_cherrypy: accept / force credentials via HTTP header
d3672b7 
The acceptance of HTTP headers opens the possibility to either set
or force credentials for a session.
A reverse proxy, can handle authentication and
inject the custom headers X-Forwarded-User, X-Forwarded-Password
and/or X-Forwarded-Eauth. In general, these headers can work in
conjunction with the eauth sharedsecret / rest / auto methods to
externalize and flexibilize authentication, without raising
code complexity for new or niche authentication methods inside salt.
@Malte-Wagner Malte-Wagner requested a review from a team as a code owner August 19, 2024 11:14
@Malte-Wagner Malte-Wagner requested a review from dwoz August 19, 2024 11:14
@welcome Welcome
Copy link

welcome bot commented Aug 19, 2024

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@salt-project-bot-prod-environment salt-project-bot-prod-environment bot changed the title rest_cherrypy: accept / force credentials via HTTP header [master] rest_cherrypy: accept / force credentials via HTTP header Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwoz dwoz Awaiting requested review from dwoz dwoz was automatically assigned from saltstack/team-core

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Malte-Wagner