Mercurial > prosody-modules
view mod_http_authentication/README.markdown @ 2670:6e01878103c0
mod_smacks: Ignore user when writing or reading session_cache on prosody 0.9
At least under some circumstances it seems that session.username is nil when
a user tries to resume his session in prosody 0.9.
The username is not relevant when no limiting is done (limiting the number of
entries in the session cache is only possible in prosody 0.10), so this
commit removes the usage of the username when accessing the prosody 0.9 session
cache.
| author | tmolitor <thilo@eightysoft.de> |
|---|---|
| date | Thu, 06 Apr 2017 02:12:14 +0200 |
| parents | c6e86b74f62e |
| children | 1380ae0e003f |
line wrap: on
line source
--- labels: - 'Stage-Beta' summary: Enforces HTTP Basic authentication across all HTTP endpoints served by Prosody ... # mod_http_authentication This module enforces HTTP Basic authentication across all HTTP endpoints served by Prosody. ## Configuration Name Default Description ------------------------------- ------------------------------- ----------------------------- minddistrict_http_credentials "minddistrict:secretpassword" The credentials that HTTP clients must provide to access the HTTP interface. Should be a string with the syntax "username:password". unauthenticated_http_endpoints { "/http-bind", "/http-bind/" } A list of paths that should be excluded from authentication. ## Usage This is a global module, so should be added to the global `modules_enabled` option in your config file. It applies to all HTTP virtual hosts. ## Known issues The module use a new API in Prosody 0.10. This API currently has an open issue ([issue #554](https://prosody.im/issues/issue/554)) that means this module cannot be unloaded dynamically at runtime. In practice this shouldn't be an issue, and we will resolve the problem inside Prosody in due course. ## Details By Kim Alvefur \<zash@zash.se\>