OpenHAB
/
openhab-core
mirror of https://github.com/openhab/openhab-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rework system:restauth config parameters (#2477) 

Following the discussion in #2476, I believe the order and "advanced" status of config parameters in API Security (`system:restauth`) should be changed.
This promotes "Implicit User Role" to a non-advanced option (even if it can break some clients, it is clearly stated in the description), and demotes "Allow Basic Authentication" to an advanced option (API Tokens can be used to authenticate to the API as a better alternative to Basic).

Signed-off-by: Yannick Schaus <github@schaus.net>
pull/2481/head
Yannick Schaus 2021-09-06 08:34:33 +02:00 committed by GitHub
parent 95da7021d9
commit ff2f90684f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
bundles/org.openhab.core.io.rest.auth/src/main/resources/OH-INF/config/restauth.xml
View File

@ -5,7 +5,15 @@
xsi:schemaLocation="https://openhab.org/schemas/config-description/v1.0.0 https://openhab.org/schemas/config-description-1.0.0.xsd"> xsi:schemaLocation="https://openhab.org/schemas/config-description/v1.0.0 https://openhab.org/schemas/config-description-1.0.0.xsd">
<config-description uri="system:restauth"> <config-description uri="system:restauth">
<parameter name="implicitUserRole" type="boolean">
<label>Implicit User Role</label>
<description>By default, operations requiring the "user" role are available when unauthenticated. Disabling this
option will enforce authorization for these operations. Warning: This causes clients that do not support
authentication to break.</description>
<default>true</default>
</parameter>
<parameter name="allowBasicAuth" type="boolean"> <parameter name="allowBasicAuth" type="boolean">
<advanced>true</advanced>
<label>Allow Basic Authentication</label> <label>Allow Basic Authentication</label>
<description>Allow the use of Basic authentication to access protected API resources, in addition to access tokens <description>Allow the use of Basic authentication to access protected API resources, in addition to access tokens
and API tokens.</description> and API tokens.</description>
@ -19,14 +27,6 @@
indefinitely. This value defines the expiration time in hours. Set it to 0 for disabling the cache.</description> indefinitely. This value defines the expiration time in hours. Set it to 0 for disabling the cache.</description>
<default>6</default> <default>6</default>
</parameter> </parameter>
<parameter name="implicitUserRole" type="boolean">
<advanced>true</advanced>
<label>Implicit User Role</label>
<description>By default, operations requiring the "user" role are available when unauthenticated. Disabling this
option will enforce authorization for these operations. Warning: This causes clients that do not support
authentication to break.</description>
<default>true</default>
</parameter>
</config-description> </config-description>
</config-description:config-descriptions> </config-description:config-descriptions>