View Issue Details

IDProjectCategoryView StatusLast Update
0006731Talermerchant backend API (HTTP specification)public2021-02-02 15:09
ReporterChristian Grothoff Assigned ToChristian Grothoff  
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Target Version0.9Fixed in Version0.9 
Summary0006731: support authentication via Authorization header in merchant backend
DescriptionThis requires having/storing the credential in the DB and allowing the user to change the credentials when configuring the instances.
TagsNo tags attached.

Activities

Christian Grothoff

2021-01-31 12:53

manager   ~0017474

10a3b45..9dded1a adds the required auth_salt and auth_hash fields to all instances of the merchant backend.

Christian Grothoff

2021-01-31 13:12

manager   ~0017475

0366878..caa71e0 updates the merchant backend API spec with 'auth_token' strings to be passed to the backend to setup authentication when creating/patching an instance.

Christian Grothoff

2021-01-31 13:14

manager   ~0017476

9dded1a..83f0cd8 implements importing the 'auth_token' values into the DB.

Open sub-issues:
- allow command-line/environment-variable to override/set auth-token for default instance
- actually check authentication headers
- update test suite to include auth token checks

Christian Grothoff

2021-01-31 14:01

manager   ~0017477

We should consider https://www.rfc-editor.org/rfc/rfc8959.txt when specifying the final format of the "Authorization" header.

Christian Grothoff

2021-01-31 22:23

manager   ~0017478

83f0cd8..25c0b94 implements the access control logic (untested!) and the command-line override logic.

Christian Grothoff

2021-01-31 22:28

manager   ~0017479

Still to do:
- extend C API to allow setting the authentication token for instances
- extend test logic to test authentication

Christian Grothoff

2021-02-02 15:09

manager   ~0017487

Tests added (96726fd..068433c), documentation updated (caa71e0..b55d534).

Issue History

Date Modified Username Field Change
2021-01-30 16:38 Christian Grothoff New Issue
2021-01-30 16:38 Christian Grothoff Status new => assigned
2021-01-30 16:38 Christian Grothoff Assigned To => Christian Grothoff
2021-01-31 12:53 Christian Grothoff Note Added: 0017474
2021-01-31 13:12 Christian Grothoff Note Added: 0017475
2021-01-31 13:14 Christian Grothoff Note Added: 0017476
2021-01-31 14:01 Christian Grothoff Note Added: 0017477
2021-01-31 22:23 Christian Grothoff Note Added: 0017478
2021-01-31 22:28 Christian Grothoff Note Added: 0017479
2021-02-02 15:09 Christian Grothoff Status assigned => resolved
2021-02-02 15:09 Christian Grothoff Resolution open => fixed
2021-02-02 15:09 Christian Grothoff Fixed in Version => 0.9
2021-02-02 15:09 Christian Grothoff Note Added: 0017487
2021-02-02 15:09 Christian Grothoff Target Version 0.9.1 => 0.9