[OpenSIPS-Users] Rest client for auth

Bogdan-Andrei Iancu bogdan at opensips.org
Fri Jun 23 05:43:19 EDT 2017


Hi Tito,

yes, the calculate_ha1 must be correlated with how the password is kept 
in the DB - see 
https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/

In regards, to $var(username), usually it is just the username part ($fU)

Regards,

Bogdan-Andrei Iancu
   OpenSIPS Founder and Developer
   http://www.opensips-solutions.com

OpenSIPS Bootcamp 2017, Houston, US
   http://opensips.org/training/OpenSIPS_Bootcamp_2017.html

On 06/23/2017 12:38 PM, Tito Cumpen wrote:
> Bogdan,
>
>
> I found the solution to the issue I wasnt setting
> modparam("auth", "calculate_ha1", 1)
> which allows the password to be in plaintext in the pseudo var. In 
> addition I had to join the $fU+"@"+$fd since the $fu carries sip:
>
>
> Thanks,
> TIto
>
>
> On Thu, Jun 22, 2017 at 8:49 PM, Tito Cumpen <tito at xsvoce.com 
> <mailto:tito at xsvoce.com>> wrote:
>
>     Hey Bogdan,
>
>
>     I see that the module params define the spec variables now and I
>     tried the following in my register method block
>
>      exec("php /etc/opensips/authenticate.php $var(input)","" ,
>     "$var(out)", "$var(err)", "$avp(env)");
>
>     this returns the text password
>
>      $var(username)= $fu;
>                      $avp(password)= $var(out);
>
>
>      if (!pv_www_authorize(""))
>                      {
>     xlog("new challenger  $tU\n");
>                      # $var(rc) = www_authorize("", "subscriber");
>                       $var(rc) = pv_www_authorize("");
>              xlog("Return code is $var(rc) \n");
>             switch ( $var(rc) ) {
>          case 1 :
>                      if (!save("location","f"))
>                               sl_reply_error();
>                      exit;
>              # success
>              break;
>           case -1:
>             sl_send_reply("404","User not found");
>            exit;
>             break;
>           case -2:
>               sl_send_reply("403","Forbidden (Bad auth)");
>                       exit;
>               break;
>                case -3:
>     www_challenge("", "0");
>               exit;
>           default:
>                                    www_challenge("", "0");
>                       exit;
>       }
>      }
>
>
>     but I am not able to authenticate I keep getting  -1 as if the
>     user didn't exist although the script is returning a value and
>     casting it to
>
>     On Wed, Jun 21, 2017 at 1:59 PM, Tito Cumpen <tito at xsvoce.com
>     <mailto:tito at xsvoce.com>> wrote:
>
>         Bogdan,
>
>
>         would I have to use the exec module to cast the into the
>         username and password variables? Also I am not sure how the
>         function expects those variables to be passed to it ? It is
>         based on variables with these two names to be set prior to
>         being called?
>
>         $var(username)="abc";
>         $avp(password)="xyz";
>
>         Thanks,
>         Tito
>
>         On Fri, May 26, 2017 at 7:21 AM, Bogdan-Andrei Iancu
>         <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>             Hi Tito,
>
>             You can do that by fetching the password via an explicit
>             DB query from script and pushing it for auth check using
>             pv_www_authorize():
>             http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5590848
>             <http://www.opensips.org/html/docs/modules/2.3.x/auth.html#idp5590848>
>
>             Best regards,
>
>             Bogdan-Andrei Iancu
>                OpenSIPS Founder and Developer
>                http://www.opensips-solutions.com
>             <http://www.opensips-solutions.com>
>
>             OpenSIPS Bootcamp 2017, Huston, US
>                http://opensips.org/training/OpenSIPS_Bootcamp_2017.html
>             <http://opensips.org/training/OpenSIPS_Bootcamp_2017.html>
>
>             On 05/25/2017 04:51 PM, Tito Cumpen wrote:
>>             Group,
>>             Is it possible to use a rest api for auth_db? Meaning can
>>             opensips authenticate a user based on a rest query
>>             against a rest api? I thought about using db http by
>>             fronting the request with a local http server but I don't
>>             see a way to pass a custom headers to the query. This
>>             custom header would contain the auth session token.
>>             Thanks,
>>             Tito
>>
>>             _______________________________________________
>>             Users mailing list
>>             Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>             <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170623/7fdb9774/attachment.html>


More information about the Users mailing list