[OpenSIPS-Users] Rest client for auth
Bogdan-Andrei Iancu
bogdan at opensips.org
Fri Jun 23 05:43:19 EDT 2017
Hi Tito,
yes, the calculate_ha1 must be correlated with how the password is kept
in the DB - see
https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/
In regards, to $var(username), usually it is just the username part ($fU)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
OpenSIPS Bootcamp 2017, Houston, US
http://opensips.org/training/OpenSIPS_Bootcamp_2017.html
On 06/23/2017 12:38 PM, Tito Cumpen wrote:
> Bogdan,
>
>
> I found the solution to the issue I wasnt setting
> modparam("auth", "calculate_ha1", 1)
> which allows the password to be in plaintext in the pseudo var. In
> addition I had to join the $fU+"@"+$fd since the $fu carries sip:
>
>
> Thanks,
> TIto
>
>
> On Thu, Jun 22, 2017 at 8:49 PM, Tito Cumpen <tito at xsvoce.com
> <mailto:tito at xsvoce.com>> wrote:
>
> Hey Bogdan,
>
>
> I see that the module params define the spec variables now and I
> tried the following in my register method block
>
> exec("php /etc/opensips/authenticate.php $var(input)","" ,
> "$var(out)", "$var(err)", "$avp(env)");
>
> this returns the text password
>
> $var(username)= $fu;
> $avp(password)= $var(out);
>
>
> if (!pv_www_authorize(""))
> {
> xlog("new challenger $tU\n");
> # $var(rc) = www_authorize("", "subscriber");
> $var(rc) = pv_www_authorize("");
> xlog("Return code is $var(rc) \n");
> switch ( $var(rc) ) {
> case 1 :
> if (!save("location","f"))
> sl_reply_error();
> exit;
> # success
> break;
> case -1:
> sl_send_reply("404","User not found");
> exit;
> break;
> case -2:
> sl_send_reply("403","Forbidden (Bad auth)");
> exit;
> break;
> case -3:
> www_challenge("", "0");
> exit;
> default:
> www_challenge("", "0");
> exit;
> }
> }
>
>
> but I am not able to authenticate I keep getting -1 as if the
> user didn't exist although the script is returning a value and
> casting it to
>
> On Wed, Jun 21, 2017 at 1:59 PM, Tito Cumpen <tito at xsvoce.com
> <mailto:tito at xsvoce.com>> wrote:
>
> Bogdan,
>
>
> would I have to use the exec module to cast the into the
> username and password variables? Also I am not sure how the
> function expects those variables to be passed to it ? It is
> based on variables with these two names to be set prior to
> being called?
>
> $var(username)="abc";
> $avp(password)="xyz";
>
> Thanks,
> Tito
>
> On Fri, May 26, 2017 at 7:21 AM, Bogdan-Andrei Iancu
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
> Hi Tito,
>
> You can do that by fetching the password via an explicit
> DB query from script and pushing it for auth check using
> pv_www_authorize():
> http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5590848
> <http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5590848>
>
> Best regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
> <http://www.opensips-solutions.com>
>
> OpenSIPS Bootcamp 2017, Huston, US
> http://opensips.org/training/OpenSIPS_Bootcamp_2017.html
> <http://opensips.org/training/OpenSIPS_Bootcamp_2017.html>
>
> On 05/25/2017 04:51 PM, Tito Cumpen wrote:
>> Group,
>> Is it possible to use a rest api for auth_db? Meaning can
>> opensips authenticate a user based on a rest query
>> against a rest api? I thought about using db http by
>> fronting the request with a local http server but I don't
>> see a way to pass a custom headers to the query. This
>> custom header would contain the auth session token.
>> Thanks,
>> Tito
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170623/7fdb9774/attachment.html>
More information about the Users
mailing list