Add HTTP basic authentication for endpoints about yasgui HOT 8 CLOSED

reverted commit. Problem:

• Basic authentication via ajax requests works when request is send with with the 'withCredentials' flag
• The browser throws an error when the domain is cors-enabled using a wildcard value, and when the credentials flag is true.

As a consequence, setting the withCredentials flag to true, will cause YASGUI to fail on all (not just the ones with basic auth) endpoints which are cors-enabled using a wildcard.
For those datasets that have basic authentication, YASGUI would only work when nginx has a non-wildcard value (a simple workaround: add_header 'Access-Control-Allow-Origin' "$http_origin";)

So, postpone this issue a bit, and find out whether there is a better solution

from yasgui.

Please, could you explain me how to access an endpoint that is protected with BASIC authentication ? Where I have to put credentials?

from yasgui.

This can only be done with the previous version of YASGUI:
http://legacy.yasgui.org

-Rinke

On Thu, Sep 24, 2015 at 10:59 PM Enrico Fagnoni [email protected]
wrote:

Please, could you explain me how to access an endpoint that is protected
with BASIC authentication ? Where I have to put credentials?

—
Reply to this email directly or view it on GitHub
#45 (comment).

from yasgui.

Hi Rinke,
it is something planned also for the new version or just an dead feature? I
see a proposed but reverted patch

Could you please point me somewhere I can get docs to know how to use auth
in legacy version.

Thankyou for your attention. Great project!

Enrico

2015-09-25 11:49 GMT+02:00 Rinke Hoekstra [email protected]:

This can only be done with the previous version of YASGUI:
http://legacy.yasgui.org

-Rinke

On Thu, Sep 24, 2015 at 10:59 PM Enrico Fagnoni [email protected]
wrote:

Please, could you explain me how to access an endpoint that is protected
with BASIC authentication ? Where I have to put credentials?

—
Reply to this email directly or view it on GitHub
#45 (comment).

—
Reply to this email directly or view it on GitHub
#45 (comment).

from yasgui.

Hi Enrico,

What Rinke meant is that in the legacy version, you are able to set http headers via the YASGUI interface. You can handle the basic authentication info via these headers.

The reverted solution was a more high level attempt to solve basic authentication, i.e. by providing users with a password prompt. As explained above, this does not work in all scenarios, which is why it was reverted.

To help people who need basic authentication, I will add the functionality for users to specify http headers (similar to the functionality in the legacy version). This will probably be done over the weekend

from yasgui.

@ecow and @RinkeHoekstra , YASGUI now supports setting headers manually.
For basic authentication this is still a bit ugly though: you'll need to set 'Authorization' as key and an authentication token (see https://en.wikipedia.org/wiki/Basic_access_authentication) as value.

As described in my first comment in this thread, there is no easy and clean fix for enabling a password prompt for endpoints with basic authentication, because the appropriate flags won't work with wild-card cors-enabled endpoints. Solving this issue automatically is not possible: the 'Access-Control-Allow-Origin' response header is not accessible via javascript, so I cannot detect when to enable or disable basic authentication.

Instead, I propose to add an option to the tab pane menu that enables or disables authentication (default: disabled).
In your scenario, you should be able to toggle this option, and get a password login prompt. I'll see whether I can add this soon

from yasgui.

Great. Thank you.

from yasgui.

I'll close this ticket. It seems that adding generic means of authentication to any other triple store is just not possible (see Triply-Dev/YASGUI.YASQE-deprecated#94 as well).
And: given the configurability of YASGUI and YASQE, publishers can always modify some default settings of their own YASGUI instance by modifying the XHR settings and the default request headers together with the appropriate response headers given by the server (e.g. no wildcard CORS flag) to get authentication working

from yasgui.