Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow authentication via URI query parameter #641

Closed
SaberStrat opened this issue Aug 25, 2024 · 1 comment
Closed

Allow authentication via URI query parameter #641

SaberStrat opened this issue Aug 25, 2024 · 1 comment
Labels
enhancement

Comments

@SaberStrat
Copy link

SaberStrat commented Aug 25, 2024
edited
Loading

Currently, alpine-server's AuthenticationFilter checks only for a header X-API-Key for an API key. However, there are use cases for clients that cannot pass a header or only with difficulty.

One such case are SVG badges. More specifically, this would be a requirement for DependencyTrack/dependency-track#3596.

This enhancement suggests allowing an API-key to be passed via URI query parameter instead of a header. I'd gladly submit a PR myself.

Question is, should this be an alternative to the header that's always available, or should this be enabled explicitly?
This was referenced Aug 25, 2024
Merged
Merged
SaberStrat pushed a commit to SaberStrat/dependency-track that referenced this issue Sep 1, 2024
Enable auth via URI query param for badge API
1f592ae 
Allows API authentication via URI query param for badge requests as an
alternative to header authentication because typical use cases for
badges do not easily allow header injection.

Requires stevespringett/Alpine#641

Signed-off-by: Kirill.Sybin <[email protected]>
SaberStrat pushed a commit to SaberStrat/dependency-track that referenced this issue Sep 1, 2024
Update badge resource tests to auth via URI query
6bf1e60 
Update tests to focus on API authentication via URI query parameter, but
keep some tests that test header authentication as that remains an
option.

Requires  stevespringett/Alpine#641

Signed-off-by: Kirill.Sybin <[email protected]>
SaberStrat pushed a commit to SaberStrat/dependency-track that referenced this issue Sep 3, 2024
Enable auth via URI query param for badge API
59be490 
Allows API authentication via URI query param for badge requests as an
alternative to header authentication because typical use cases for
badges do not easily allow header injection.

Requires stevespringett/Alpine#641

Signed-off-by: Kirill.Sybin <[email protected]>
SaberStrat pushed a commit to SaberStrat/dependency-track that referenced this issue Sep 3, 2024
Update badge resource tests to auth via URI query
2790e1c 
Update tests to focus on API authentication via URI query parameter, but
keep some tests that test header authentication as that remains an
option.

Requires  stevespringett/Alpine#641

Signed-off-by: Kirill.Sybin <[email protected]>
@nscuro
Copy link
Collaborator

nscuro commented Sep 9, 2024

Implemented via #642

@nscuro nscuro closed this as completed Sep 9, 2024
SaberStrat pushed a commit to SaberStrat/dependency-track that referenced this issue Sep 11, 2024
Enable auth via URI query param for badge API
60ffaaf 
Allows API authentication via URI query param for badge requests as an
alternative to header authentication because typical use cases for
badges do not easily allow header injection.

Requires stevespringett/Alpine#641

Signed-off-by: Kirill.Sybin <[email protected]>
SaberStrat pushed a commit to SaberStrat/dependency-track that referenced this issue Sep 11, 2024
Update badge resource tests to auth via URI query
8c40c9a 
Update tests to focus on API authentication via URI query parameter, but
keep some tests that test header authentication as that remains an
option.

Requires  stevespringett/Alpine#641

Signed-off-by: Kirill.Sybin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nscuro @SaberStrat