Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add config option to allow disabling Basic authentication #6689

Merged
merged 4 commits into from
Sep 30, 2024
Merged

feat: add config option to allow disabling Basic authentication #6689

merged 4 commits into from
Sep 30, 2024

Conversation

guqing
Copy link
Member

@guqing guqing commented Sep 23, 2024
edited
Loading

What type of PR is this?

/milestone 2.20.x
/area core
/kind improvement

What this PR does / why we need it:

允许通过 halo.security.basic-auth.disabled=true 配置来禁用 Basic Auth 认证

Which issue(s) this PR fixes:

Fixes #5408

Does this PR introduce a user-facing change?

允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证,在 2.20 版本生产环境下默认禁用了 Basic Auth

@f2c-ci-robot f2c-ci-robot bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. area/core Issues or PRs related to the Halo Core labels Sep 23, 2024
@f2c-ci-robot f2c-ci-robot bot added this to the 2.20.x milestone Sep 23, 2024
@f2c-ci-robot f2c-ci-robot bot added the kind/improvement Categorizes issue or PR as related to a improvement. label Sep 23, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 23, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 71.42857% with 2 lines in your changes missing coverage. Please review.

Project coverage is 57.99%. Comparing base (982a45b) to head (4a7159a).
Report is 22 commits behind head on main.

Files with missing lines Patch % Lines
...halo/app/infra/config/WebServerSecurityConfig.java 75.00% 0 Missing and 1 partial ⚠️
.../halo/app/infra/properties/SecurityProperties.java 66.66% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #6689      +/-   ##
============================================
- Coverage     58.29%   57.99%   -0.31%     
- Complexity     3963     3978      +15     
============================================
  Files           680      696      +16     
  Lines         23338    23521     +183     
  Branches       1584     1569      -15     
============================================
+ Hits          13604    13640      +36     
- Misses         9108     9258     +150     
+ Partials        626      623       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@f2c-ci-robot f2c-ci-robot bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 23, 2024
@f2c-ci-robot f2c-ci-robot bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 24, 2024
@guqing guqing force-pushed the refactor/disable-basic-auth branch from 9adc12e to a2b9468 Compare September 29, 2024 03:22
@guqing guqing force-pushed the refactor/disable-basic-auth branch from 336287f to 4a7159a Compare September 29, 2024 10:11
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

ruibaby
ruibaby reviewed Sep 29, 2024
View reviewed changes
Copy link
Member

@ruibaby ruibaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@f2c-ci-robot f2c-ci-robot bot added the lgtm Indicates that a PR is ready to be merged. label Sep 29, 2024
@guqing
Copy link
Member Author

guqing commented Sep 29, 2024

⚠️ 此 PR 属于破坏性更新,生产环境下默认禁用了 Basic Auth

JohnNiang
JohnNiang approved these changes Sep 30, 2024
View reviewed changes
Copy link
Member

@JohnNiang JohnNiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@f2c-ci-robot f2c-ci-robot
Copy link

f2c-ci-robot bot commented Sep 30, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@f2c-ci-robot f2c-ci-robot bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 30, 2024
@f2c-ci-robot f2c-ci-robot bot merged commit 56804c9 into halo-dev:main Sep 30, 2024
8 checks passed
@guqing guqing deleted the refactor/disable-basic-auth branch September 30, 2024 04:00
@JohnNiang JohnNiang mentioned this pull request Sep 30, 2024
Closed
@ruibaby ruibaby modified the milestones: 2.20.x, 2.20.0 LTS Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruibaby ruibaby ruibaby left review comments

@JohnNiang JohnNiang JohnNiang approved these changes

@wan92hen wan92hen Awaiting requested review from wan92hen

Assignees

@ruibaby ruibaby

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/core Issues or PRs related to the Halo Core kind/improvement Categorizes issue or PR as related to a improvement. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
2.20.0 LTS
Development

Successfully merging this pull request may close these issues.

halo后台登录页和的nginx的auth_basic身份认证有冲突
3 participants
@guqing @JohnNiang @ruibaby