Basic authentication removal

Author: mmd-osm

.github/workflows/codeql.yml

@@ -40,7 +40,7 @@ jobs:
          sudo apt-get install -y gcc g++ make autoconf automake libtool \
                                  libfcgi-dev libxml2-dev libmemcached-dev \
                                  libboost-program-options-dev libcrypto++-dev libyajl-dev \
-                                 libpqxx-dev zlib1g-dev libargon2-dev libfmt-dev
+                                 libpqxx-dev zlib1g-dev libfmt-dev
 
     - name: Autobuild
       uses: github/codeql-action/autobuild@v3

CMakeLists.txt

@@ -81,7 +81,6 @@ find_package(Threads REQUIRED)
 find_package(PQXX 6.0 REQUIRED)
 find_package(LibXml2 2.6.31 REQUIRED)
 find_package(Libmemcached REQUIRED)
-find_package(Argon2 REQUIRED)
 
 find_package(Boost 1.43 REQUIRED COMPONENTS program_options)
 target_compile_definitions(cgimap_common_compiler_options INTERFACE

cmake/FindArgon2.cmake

@@ -7,7 +7,7 @@ RUN apt-get update -qq && \
     apt-get install -y gcc g++ make cmake \
        libfcgi-dev libxml2-dev libmemcached-dev \
        libboost-program-options-dev libcrypto++-dev libyajl-dev \
-       libpqxx-dev zlib1g-dev libargon2-dev libfmt-dev \
+       libpqxx-dev zlib1g-dev libfmt-dev \
        postgresql-15 postgresql-server-dev-all \
        --no-install-recommends && \
     apt-get clean && \
@@ -31,7 +31,7 @@ FROM debian:bookworm-slim
 RUN apt-get update -qq && \
     apt-get install -y \
        libfcgi-bin libmemcached11 libboost-program-options1.74.0 \
-       libxml2 libcrypto++8 libyajl2 libpqxx-6.4 zlib1g libargon2-1 argon2 libfmt9 \
+       libxml2 libcrypto++8 libyajl2 libpqxx-6.4 zlib1g libfmt9 \
        --no-install-recommends && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*

docker/debian/Dockerfile_bookworm

@@ -7,7 +7,7 @@ RUN apt-get update -qq && \
     apt-get install -y gcc g++ make cmake \
        libfcgi-dev libxml2-dev libmemcached-dev \
        libboost-program-options-dev libcrypto++-dev libyajl-dev \
-       libpqxx-dev zlib1g-dev libargon2-dev libfmt-dev \
+       libpqxx-dev zlib1g-dev libfmt-dev \
        postgresql-16 postgresql-server-dev-all \
        --no-install-recommends && \
     apt-get clean && \
@@ -31,7 +31,7 @@ FROM debian:trixie
 RUN apt-get update -qq && \
     apt-get install -y \
        libfcgi-bin libmemcached11 libboost-program-options1.74.0 \
-       libxml2 libcrypto++8 libyajl2 libpqxx-7.8 zlib1g libargon2-1 argon2 libfmt9 \
+       libxml2 libcrypto++8 libyajl2 libpqxx-7.8 zlib1g libfmt9 \
        --no-install-recommends && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*

docker/debian/Dockerfile_trixie

@@ -8,7 +8,7 @@ RUN apt-get update -qq && \
        libfcgi-dev libxml2-dev libmemcached-dev \
        libboost-program-options-dev \
        libcrypto++-dev libyajl-dev \
-       libpqxx-dev zlib1g-dev libargon2-dev libfmt-dev \
+       libpqxx-dev zlib1g-dev libfmt-dev \
        postgresql-12 postgresql-server-dev-all \
        --no-install-recommends && \
     apt-get clean && \
@@ -33,7 +33,7 @@ FROM ubuntu:20.04
 RUN apt-get update -qq && \
     apt-get install -y \
        libfcgi-bin libmemcached11 libboost-locale1.71.0 libboost-program-options1.71.0 \
-       libxml2 libcrypto++6 libyajl2 libpqxx-6.4 zlib1g libargon2-1 \
+       libxml2 libcrypto++6 libyajl2 libpqxx-6.4 zlib1g \
        --no-install-recommends && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*

docker/ubuntu/Dockerfile

@@ -7,7 +7,7 @@ RUN apt-get update -qq && \
     apt-get install -y gcc g++ make cmake \
        libfcgi-dev libxml2-dev libmemcached-dev \
        libboost-program-options-dev libcrypto++-dev libyajl-dev \
-       libpqxx-dev zlib1g-dev libargon2-dev libfmt-dev \
+       libpqxx-dev zlib1g-dev libfmt-dev \
        postgresql-14 postgresql-server-dev-all \
        --no-install-recommends && \
     apt-get clean && \
@@ -31,7 +31,7 @@ FROM ubuntu:22.04
 RUN apt-get update -qq && \
     apt-get install -y \
        libfcgi-bin libmemcached11 libboost-program-options1.74.0 \
-       libxml2 libcrypto++8 libyajl2 libpqxx-6.4 zlib1g libargon2-1 argon2 libfmt8 \
+       libxml2 libcrypto++8 libyajl2 libpqxx-6.4 zlib1g libfmt8 \
        --no-install-recommends && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*

docker/ubuntu/Dockerfile2204

@@ -74,7 +74,6 @@ class readonly_pgsql_selection : public data_selection {
 
   bool supports_user_details() const override;
   bool is_user_blocked(const osm_user_id_t) override;
-  bool get_user_id_pass(const std::string&, osm_user_id_t &, std::string &, std::string &) override;
   std::set< osm_user_role_t > get_roles_for_user(osm_user_id_t id) override;
   std::optional< osm_user_id_t > get_user_id_for_oauth2_token(
       const std::string &token_id, bool &expired, bool &revoked,

include/cgimap/backend/apidb/readonly_pgsql_selection.hpp

@@ -172,11 +172,6 @@ class data_selection {
   // is user currently blocked?
   virtual bool is_user_blocked(const osm_user_id_t) = 0;
 
-  virtual bool get_user_id_pass(const std::string& display_name, 
-                                osm_user_id_t &,
-                                std::string & pass_crypt, 
-                                std::string & pass_salt) = 0;
-
   virtual std::set<osm_user_role_t> get_roles_for_user(osm_user_id_t id) = 0;
 
   virtual std::optional< osm_user_id_t > get_user_id_for_oauth2_token(

include/cgimap/basicauth.hpp

@@ -32,7 +32,6 @@ class global_settings_base {
   virtual int64_t get_scale() const = 0;
   virtual std::optional<uint32_t> get_relation_max_members() const = 0;
   virtual std::optional<uint32_t> get_element_max_tags() const = 0;
-  virtual bool get_basic_auth_support() const = 0;
   virtual uint32_t get_ratelimiter_ratelimit(bool) const = 0;
   virtual uint32_t get_ratelimiter_maxdebt(bool) const = 0;
   virtual bool get_ratelimiter_upload() const = 0;
@@ -81,10 +80,6 @@ class global_settings_default : public global_settings_base {
      return {};  // default: unlimited
   }
 
-  bool get_basic_auth_support() const override {
-    return true;
-  }
-
   uint32_t get_ratelimiter_ratelimit(bool moderator) const override {
     if (moderator) {
        return 1024 * 1024; // 1MB/s
@@ -162,10 +157,6 @@ class global_settings_via_options : public global_settings_base {
      return m_element_max_tags;
   }
 
-  bool get_basic_auth_support() const override {
-    return m_basic_auth_support;
-  }
-
   uint32_t get_ratelimiter_ratelimit(bool moderator) const override {
     if (moderator) {
        return m_moderator_ratelimiter_ratelimit;
@@ -197,7 +188,6 @@ class global_settings_via_options : public global_settings_base {
   void set_scale(const po::variables_map &options);
   void set_relation_max_members(const po::variables_map &options);
   void set_element_max_tags(const po::variables_map &options);
-  void set_basic_auth_support(const po::variables_map &options);
   void set_ratelimiter_ratelimit(const po::variables_map &options);
   void set_ratelimiter_maxdebt(const po::variables_map &options);
   void set_ratelimiter_upload(const po::variables_map &options);
@@ -213,7 +203,6 @@ class global_settings_via_options : public global_settings_base {
   int64_t m_scale;
   std::optional<uint32_t> m_relation_max_members;
   std::optional<uint32_t> m_element_max_tags;
-  bool m_basic_auth_support;
   uint32_t m_ratelimiter_ratelimit;
   uint32_t m_moderator_ratelimiter_ratelimit;
   uint32_t m_ratelimiter_maxdebt;
@@ -258,9 +247,6 @@ class global_settings final {
   // Maximum number of tags for an OSM object (may be unlimited)
   static std::optional<uint32_t> get_element_max_tags() { return settings->get_element_max_tags(); }
 
-  // Enable HTTP basic authentication support
-  static bool get_basic_auth_support() { return settings->get_basic_auth_support(); }
-
   // average number of bytes/s to allow each client/moderator
   static uint32_t get_ratelimiter_ratelimit(bool moderator) { return settings->get_ratelimiter_ratelimit(moderator);  }
 

include/cgimap/data_selection.hpp

@@ -15,7 +15,6 @@
 #include "cgimap/data_update.hpp"
 #include "cgimap/data_selection.hpp"
 #include "cgimap/routes.hpp"
-#include "cgimap/basicauth.hpp"
 #include "cgimap/oauth2.hpp"
 #include <string>
 

include/cgimap/options.hpp

@@ -15,7 +15,6 @@ target_sources(cgimap_core PRIVATE
     http.cpp
     logger.cpp
     mime_types.cpp
-    basicauth.cpp
     oauth2.cpp
     options.cpp
     osm_responder.cpp
@@ -76,7 +75,6 @@ target_link_libraries(cgimap_core
     ZLIB::ZLIB
     CryptoPP::CryptoPP
     Libmemcached::Libmemcached
-    Argon2::Argon2
     $<$<BOOL:${ENABLE_YAJL}>:YAJL::YAJL>
     PQXX::PQXX)
 

include/cgimap/process_request.hpp

@@ -789,42 +789,6 @@ bool readonly_pgsql_selection::is_user_blocked(const osm_user_id_t id) {
   return !res.empty();
 }
 
-bool readonly_pgsql_selection::get_user_id_pass(const std::string& user_name, osm_user_id_t & id,
-						 std::string & pass_crypt, std::string & pass_salt) {
-
-  std::string email = boost::algorithm::trim_copy(user_name);
-
-  m.prepare("get_user_id_pass",
-    R"(SELECT id, pass_crypt, COALESCE(pass_salt, '') as pass_salt FROM users
-           WHERE (email = $1 OR display_name = $2)
-             AND (status = 'active' or status = 'confirmed') LIMIT 1
-      )");
-
-  m.prepare("get_user_id_pass_case_insensitive",
-    R"(SELECT id, pass_crypt, COALESCE(pass_salt, '') as pass_salt FROM users
-           WHERE (LOWER(email) = LOWER($1) OR LOWER(display_name) = LOWER($2))
-             AND (status = 'active' or status = 'confirmed')
-      )");
-
-
-  auto res = m.exec_prepared("get_user_id_pass", email, user_name);
-
-  if (res.empty()) {
-    // try case insensitive query
-    res = m.exec_prepared("get_user_id_pass_case_insensitive", email, user_name);
-    // failure, in case no entries or multiple entries were found
-    if (res.size() != 1)
-      return false;
-  }
-
-  auto row = res[0];
-  id = row["id"].as<osm_user_id_t>();
-  pass_crypt = row["pass_crypt"].as<std::string>();
-  pass_salt = row["pass_salt"].as<std::string>();
-
-  return true;
-}
-
 std::set< osm_user_role_t > readonly_pgsql_selection::get_roles_for_user(osm_user_id_t id)
 {
   std::set<osm_user_role_t> roles;