FIX: Formatting of Authentication.rst

488197a9 · florian · 4439d99e · 488197a9
Commit 488197a9 authored 3 years ago by florian
--- a/src/doc/specification/Authentication.rst
+++ b/src/doc/specification/Authentication.rst
 Authentication
 ==============
- Some features of CaosDB are available to registered users only. Making any changes 
+Some features of CaosDB are available to registered users only. Making any
- to the data stock via HTTP requires authentication by `username` _plus_ `password`. 
+changes to the data stock via HTTP requires authentication by ``username`` **plus**
- They are to be send as a HTTP header, while the password is to be hashed by the sha512 algorithm:
+``password``. They are to be send as a HTTP header, while the password is to be
+hashed by the sha512 algorithm:
-=========== ====================
+============= ======================
-username:   password:
+username:     password:
-=========== ====================
+============= ======================
-`$username` `$SHA512ed_password`
+``$username`` ``$SHA512ed_password``
-=========== ====================
+============= ======================
 Sessions
 --------
@@ -20,77 +21,91 @@ Login
 Request Challenge
 ^^^^^^^^^^^^^^^^^
-``GET http://host:port/mpidsserver/login?username=$username``
+* ``GET http://host:port/mpidsserver/login?username=$username``
-``GET http://host:port/mpidsserver/login`` with `username` header``
+* ``GET http://host:port/mpidsserver/login`` with ``username`` header
-*no password required to be sent over http*
+**No password is required to be sent over http.**
-The request returns an AuthToken with a login challenge as a cookie. 
+The request returns an AuthToken with a login challenge as a cookie.
 The AuthToken is a dictionary of the following form:
+.. code-block::
- {scope=$scope;
-  mode=LOGIN;
+   {scope=$scope;
-  offerer=$offerer;
+    mode=LOGIN;
-  auth=$auth
+    offerer=$offerer;
-  expires=$expires;
+    auth=$auth
-  date=$date;
+    expires=$expires;
-  hash=$hash;
+    date=$date;
-  session=$session;
+    hash=$hash;
-  }
+    session=$session;
+   }
- $scope:: A uri pattern string. Example: ` {**/*} `
- $mode:: `ONETIME`, `SESSION`, or `LOGIN`
+where
- $offerer:: A valid username
- $auth:: A valid username
+* ``$scope`` :: A uri pattern string. Example: ``{ **/* }``
- $expires:: A `YYYY-MM-DD HH:mm:ss[.nnnn]` date string
+* ``$mode`` :: ``ONETIME``, ``SESSION``, or ``LOGIN``
- $date:: A `YYYY-MM-DD HH:mm:ss[.nnnn]` date string
+* ``$offerer`` :: A valid username
- $hash:: A string
+* ``$auth`` :: A valid username
- $session:: A string
+* ``$expires`` :: A ``YYYY-MM-DD HH:mm:ss[.nnnn]`` date string
+* ``$date`` :: A ``YYYY-MM-DD HH:mm:ss[.nnnn]`` date string
-The challenge is solved by concatenating the `$hash` string and 
+* ``$hash`` :: A string
-the user's `$password` string and calculating the sha512 hash of both. 
+* ``$session`` :: A string
+The challenge is solved by concatenating the ``$hash`` string and
+the user's ``$password`` string and calculating the sha512 hash of both.
 Pseudo code:
+.. code-block::
- $solution = sha512($hash + sha512($password))
+   $solution = sha512($hash + sha512($password))
 Send Solution
 ^^^^^^^^^^^^^
-The old $hash string in the cookie has to be replaces by $solution and
+The old ``$hash`` string in the cookie has to be replaces by ``$solution`` and
 the cookie is to be send with the next request:
 ``PUT http://host:port/mpidsserver/login``
 The server will return the user's entity in the HTTP body, e.g.
-  <Response ...>
+.. code-block::
+   <Response ...>
     <User name="$username" ...>
      ...
-       </User>
+     </User>
-       </Response>
+   </Response>
-and a new AuthToken with `$mode=SESSION` and a new expiration date and so on. This AuthToken cookie is to be send with every request.
+and a new AuthToken with ``$mode=SESSION`` and a new expiration date and so
+on. This AuthToken cookie is to be send with every request.
 Logout
 ^^^^^^
-Send 
+Send
 ``PUT http://host:port/mpidsserver/logout``
-with a valid AuthToken cookie. No new AuthToken will be returned and no AuthToken with that `$session` will be accepted anymore.
+with a valid AuthToken cookie. No new AuthToken will be returned and no
+AuthToken with that ``$session`` will be accepted anymore.
+Commandline solution with ``curl``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Commandline solution with `curl`
+To use curl for talking with the server, first save your password into a
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+variable: ``PW=$(cat)``
-To use curl for talking with the server, first save your password into a variable:
+The create a cookie in ``cookie.txt`` like this (note that this makes your
-``PW=$(cat)``
+password visible for a short time to everyone on your system:
-The create a cookie in `cookie.txt` like this (note that this makes your password visible for a short time to everyone on your system:
+.. code-block:: sh
-``curl -X POST -c cookie.txt -D head.txt -H "Content-Type: application/x-www-form-urlencoded" -d username=<USERNAME> -d 
-password="$PW" --insecure "https://<SERVER>/login``
+   curl -X POST -c cookie.txt -D head.txt -H "Content-Type: application/x-www-form-urlencoded" -d username=<USERNAME> -d password="$PW" --insecure "https://<SERVER>/login
 To use the cookie, pass it on with later requests:
-``curl -X GET -b cookie.txt --insecure "https://<SERVER>/Entity/12345"``
+.. code-block:: sh
+   curl -X GET -b cookie.txt --insecure "https://<SERVER>/Entity/12345"