Support multiple credentials and ACL
sshipway opened this issue · 1 comments
Is your feature request related to a problem? Please describe.
SOmetimes, itis necessary for multiple systems to access the Weakforced API, but you want to separate the credentials for security reasons. It may be that a custom function has the potential to do damage, and you want this to be restricted to just one place.
Describe the solution you'd like
Currently, weakforced supports a single user (wforce) and password for authentication.
Ideally, we would be able to have multiple user:password credentials defined, and to be able to test against the authenticated username in custom functions (so, for example, a custom function could exit with an error unless the authorised credential was used)
Describe alternatives you've considered
Using the same credentials everywhere works, but has obvious security implications, plus making a change to the password means changing it everywhere.
A web proxy could possibly achieve this, but since the functions are selected by parameters rather than by URL path it is more complex.
Additional context
We have 3 applications linked to weakforced for authorisation. We recently had to change the wforce password due to an issue in one application, which meant having to change in all 3 applications (managed by different teams) and test suites. This could be simpler.
BTW in the latest versions of wforce (2.6 onwards) the commands are all available as /command/blah
as well as the old-style /?command=blah
if that helps...