Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat-330/allow anonymous #349

Merged
merged 8 commits into from
Nov 7, 2024
Merged

Feat-330/allow anonymous #349

merged 8 commits into from
Nov 7, 2024

Conversation

calebbourg
Copy link
Contributor

@calebbourg calebbourg commented Nov 5, 2024
edited
Loading

Adds allow_anonymous concept to existing auth layers. Issue: #330

@calebbourg
Copy link
Contributor Author

@GlenDC I provided the logic in ProxyAuthService's Service implementation to acknowledge allow_anonymous but did not for AsyncRequireAuthorization. It seemed it may be better handled in a given AsyncAuthorizeRequest implementation as that is where operations on header values and things like that were happening in the examples. Wasn't 100% on that choice but curious what your vision was.

Also would it make sense for me to add an example showing how this might be used?

@calebbourg calebbourg marked this pull request as ready for review November 5, 2024 18:25
@GlenDC GlenDC self-requested a review November 6, 2024 08:06
GlenDC
GlenDC requested changes Nov 6, 2024
View reviewed changes
Copy link
Member

@GlenDC GlenDC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done, it is exactly in the right direction and partly spot on.
Added a couple of remarks and one guide post/comment to help you reach the finish line. Thanks for your contribution and do let me know if there's any questions, remarks, feedback or anything else I can be of help with.

rama-http/src/layer/proxy_auth.rs Outdated Show resolved Hide resolved
rama-http/src/layer/auth/async_require_authorization.rs Outdated Show resolved Hide resolved
@calebbourg
add UserId::Anonymous
7c4514c 
represents a case where credentials are missing and server allows
for anonymous users.
@calebbourg
add allow_anonymous to ProxyAuthLayer
c05cd3e 
Updates Service implementation to handle cases where allow_anonymous == true
@calebbourg
use Context.insert
c9dd4ff 
removes a few redundant lines
@calebbourg
define AthorizationContext
9895db9
@calebbourg
check for headers as part of AuthorizeContex ValidateRequest implemen…
4a28908 
…tation
@calebbourg calebbourg force-pushed the feat-330/allow-anonymous branch from 6a727df to 4a28908 Compare November 7, 2024 01:35
@calebbourg calebbourg mentioned this pull request Nov 7, 2024
Closed
GlenDC
GlenDC requested changes Nov 7, 2024
View reviewed changes
Copy link
Member

@GlenDC GlenDC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are getting close.

Things to do, next to my remarks is:

  • The new impl block you added for ValidateRequest needs to be removed.
  • update the existing impl blocks for that trait:
    • impl<S, B, ResBody> ValidateRequest<S, B> for Bearer<ResBody> <- this replaced with the wrapper AuthorizeContext<Bearer<ResBody>>
    • impl<S, B, ResBody> ValidateRequest<S, B> for Basic<ResBody> <- this replaced with the wrapper AuthorizeContext<Basic<ResBody>>
  • You also need to provide setter methods for setting that allow_anonymous on the layer + service by adding these to:
    • impl blocks for things like `impl<S, C> ValidateRequestHeaderLayer<S, AuthorizeContext>
    • impl<S, C> ValidateRequestHeader<S, AuthorizeContext<C>>
    • no need to differentiate C between Basic and Bearer here, given the constructors that we provide already limit what C can be, and C's value is not used here. So this keeps it easy and minimal

rama-http/src/layer/auth/require_authorization.rs Outdated Show resolved Hide resolved
rama-http/src/layer/auth/require_authorization.rs Outdated Show resolved Hide resolved
rama-http/src/layer/auth/require_authorization.rs Show resolved Hide resolved
@GlenDC
Copy link
Member

GlenDC commented Nov 7, 2024

Thank you @calebbourg for your contribution, effort and patience on this one. I hope the feedback does not discourage you. As always I'm here for you if there are remarks, feedback, questions or anything else of such nature. Take care.

@calebbourg
Copy link
Contributor Author

Thank you very much. Not discouraged at all. I welcome and appreciate the feedback. It's very helpful.

GlenDC
GlenDC requested changes Nov 7, 2024
View reviewed changes
Copy link
Member

@GlenDC GlenDC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done, and fast indeed. Don't sweat it though, unless you're having fun :)
A couple of minor remarks, other than that I think we're good to go once these are resolved I'll give it a last review and if all is well I can merge it in if you're ok with it as well.

rama-http/src/layer/auth/require_authorization.rs Show resolved Hide resolved
rama-http/src/layer/proxy_auth.rs Outdated Show resolved Hide resolved
rama-http/src/layer/validate_request/validate_request_header.rs Show resolved Hide resolved
@calebbourg
remove empty line
71063ce
@calebbourg
update allow_anonymous logic
6926d4c 
The presence of an Authorization header implies intent to be identified and authenticated
GlenDC
GlenDC approved these changes Nov 7, 2024
View reviewed changes
Copy link
Member

@GlenDC GlenDC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done, thank you for going the extra mile.
The added unit tests and documentation is greatly appreciated!

💯🎈

@GlenDC GlenDC merged commit 5efa6e7 into plabayo:main Nov 7, 2024
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GlenDC GlenDC GlenDC approved these changes

Assignees

@calebbourg calebbourg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@calebbourg @GlenDC