Enable Basic Auth for testing purposes (#4632)

* WIP Basic Auth in Registry

* more and test in ci

* remove env

* fix docs for now

* tests

* more

* fixes

* comment failing test

* fix the test

* wip UI integration of basic auth

* ui implementation of basic auth

* last working setup

* cleanup

* fixes

* review

* bump common-app-components

* finalize

* update deps

* more

* fix pom

---------

Co-authored-by: Andrea Peruffo <aperuffo@aperuffo-thinkpadp1gen4i.remote.csb>

.github/workflows/verify.yaml

@@ -306,7 +306,7 @@ jobs:
   build-verify-python-sdk:
     name: Verify Python SDK
     runs-on: ubuntu-latest
-    # if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE')
+    if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE')
     steps:
       - name: Checkout Code with Ref '${{ github.ref }}'
         uses: actions/checkout@v3
@@ -343,7 +343,7 @@ jobs:
   build-verify-go-sdk:
     name: Verify Go SDK
     runs-on: ubuntu-latest
-    # if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE')
+    if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE')
     steps:
       - name: Checkout Code with Ref '${{ github.ref }}'
         uses: actions/checkout@v3

.gitignore

@@ -32,4 +32,4 @@ python-sdk/apicurioregistrysdk/client
 python-sdk/openapi.json
 __pycache__
 
-
+.env

app/src/main/java/io/apicurio/registry/auth/AuthConfig.java

@@ -18,7 +18,17 @@ public class AuthConfig {
     Logger log;
 
     @ConfigProperty(name = "quarkus.oidc.tenant-enabled", defaultValue = "false")
-    boolean authenticationEnabled;
+    @Info(category = "auth", description = "Enable auth", availableSince = "0.1.18-SNAPSHOT", registryAvailableSince = "2.0.0.Final", studioAvailableSince = "1.0.0")
+    boolean oidcAuthEnabled;
+
+    @Dynamic(label = "HTTP basic authentication", description = "When selected, users are permitted to authenticate using HTTP basic authentication (in addition to OAuth).", requires = "apicurio.authn.enabled=true")
+    @ConfigProperty(name = "apicurio.authn.basic-client-credentials.enabled", defaultValue = "false")
+    @Info(category = "auth", description = "Enable basic auth client credentials", availableSince = "0.1.18-SNAPSHOT", registryAvailableSince = "2.1.0.Final", studioAvailableSince = "1.0.0")
+    Supplier<Boolean> basicClientCredentialsAuthEnabled;
+
+    @ConfigProperty(name = "quarkus.http.auth.basic", defaultValue = "false")
+    @Info(category = "auth", description = "Enable basic auth", availableSince = "1.1.X-SNAPSHOT", registryAvailableSince = "3.X.X.Final", studioAvailableSince = "1.0.0")
+    boolean basicAuthEnabled;
 
     @ConfigProperty(name = "apicurio.auth.role-based-authorization", defaultValue = "false")
     @Info(category = "auth", description = "Enable role based authorization", availableSince = "2.1.0.Final")
@@ -97,7 +107,8 @@ public class AuthConfig {
     @PostConstruct
     void onConstruct() {
         log.debug("===============================");
-        log.debug("Auth Enabled: " + authenticationEnabled);
+        log.debug("OIDC Auth Enabled: " + oidcAuthEnabled);
+        log.debug("Basic Auth Enabled: " + basicAuthEnabled);
         log.debug("Anonymous Read Access Enabled: " + anonymousReadAccessEnabled);
         log.debug("Authenticated Read Access Enabled: " + authenticatedReadAccessEnabled);
         log.debug("RBAC Enabled: " + roleBasedAuthorizationEnabled);
@@ -117,8 +128,12 @@ void onConstruct() {
         log.debug("===============================");
     }
 
-    public boolean isAuthEnabled() {
-        return this.authenticationEnabled;
+    public boolean isOidcAuthEnabled() {
+        return this.oidcAuthEnabled;
+    }
+
+    public boolean isBasicAuthEnabled() {
+        return this.basicAuthEnabled;
     }
 
     public boolean isRbacEnabled() {

app/src/main/java/io/apicurio/registry/auth/AuthorizedInterceptor.java

@@ -60,7 +60,7 @@ public Object authorizeMethod(InvocationContext context) throws Exception {
         }
 
         // If authentication is not enabled, just do it.
-        if (!authConfig.authenticationEnabled) {
+        if (!authConfig.oidcAuthEnabled && !authConfig.basicAuthEnabled) {
             return context.proceed();
         }
 

app/src/main/java/io/apicurio/registry/rest/v3/SystemResourceImpl.java

@@ -103,8 +103,9 @@ private UserInterfaceConfigAuth uiAuthConfig() {
         UserInterfaceConfigAuth rval = new UserInterfaceConfigAuth();
         rval.setObacEnabled(authConfig.isObacEnabled());
         rval.setRbacEnabled(authConfig.isRbacEnabled());
-        rval.setType(authConfig.isAuthEnabled() ? UserInterfaceConfigAuth.Type.oidc : UserInterfaceConfigAuth.Type.none);
-        if (authConfig.isAuthEnabled()) {
+        rval.setType(authConfig.isOidcAuthEnabled() ? UserInterfaceConfigAuth.Type.oidc :
+                authConfig.isBasicAuthEnabled() ? UserInterfaceConfigAuth.Type.basic : UserInterfaceConfigAuth.Type.none);
+        if (authConfig.isOidcAuthEnabled()) {
             Map<String, String> options = new HashMap<>();
             options.put("url", uiConfig.authOidcUrl);
             options.put("redirectUri", uiConfig.authOidcRedirectUri);

app/src/main/resources/application.properties

@@ -8,6 +8,9 @@ quarkus.oidc.token-path=https://auth.apicur.io/auth/realms/apicurio-local/protoc
 quarkus.oidc.client-id=registry-api
 quarkus.http.auth.proactive=false
 
+# Build time property to enable username and password SecurityIdentity
+quarkus.security.users.embedded.enabled=true
+
 # HTTP
 quarkus.http.port=8080
 quarkus.http.non-application-root-path=/