[Kea-users] Stork API Key

Stefan G. Weichinger lists at xunil.at
Thu Dec 15 16:10:09 UTC 2022 

Am 15.12.22 um 16:44 schrieb Eric Graham:
> Thanks, Rick, for the clarification. I dug into the code to double check 
> that HTTP basic auth is not used.
> 
> The API spec is here: 
> https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/api/users-paths.yaml#L1-L33
> 
> If basic auth were in use, there would be a security section as 
> described here: 
> https://swagger.io/docs/specification/authentication/basic-authentication/
> 
> Here is the code that authenticates the user for the /session endpoint: 
> https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/backend/server/restservice/users.go#L54-L68
> 
> A use of the middleware to ensure the user is logged in before 
> continuing the request: 
> https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/backend/server/restservice/middleware.go#L269-L281
> 
> 
> In summary, the user provides a username (treated as an email if it 
> contains '@' or a username otherwise) and a password, which maps to 
> their identity. The password is hashed with PostgreSQL's |crypt|​ 
> function and stored. That identity is tied to the session token, which 
> are passed to the server in the session cookie upon any (authenticated) 
> request and checked for equality and validity (+ expiration) in the 
> database. Basic auth is not checked.

Thanks Rick, thanks Eric!

It's now my turn to figure out how to use this cookie-based approach in 
n8n to auth my requests.

--

Aside from that, a bit off-topic in terms of Stork:

querying the ctrl-agent on one of my kea-servers seems to work 
un-authenticated:

curl -X POST -H "Content-Type: application/json" -d '{ "command": 
"lease4-get-all", "arguments": { "subnets": [1] }, "service": [ "dhcp4" 
] }' http://10.0.0.230:8000/

But yes: off-topic in terms of the thread subject ;-)

And maybe related to some missing configuration on my side:

https://kea.readthedocs.io/en/kea-2.2.0/arm/agent.html#configuration

contains a block with:

"
"authentication": {
             "type": "basic",
             "realm": "kea-control-agent",
             "clients": [
             {
                 "user": "admin",
                 "password": "1234"
             } ]
         }
"

while the example (home user .. so maybe not that safe) at

https://kea.readthedocs.io/en/kea-2.2.0/arm/config-templates.html

does not contain that "authentication" block (and that's where I copied 
from).

So I assume I should add this to my config asap.

Thanks so far, Stefan

More information about the Kea-users mailing list