Add possibility to disable token validation

Daniel Zohm · Daniel Zohm · commit 163061f2faad · 2023-06-23T16:13:02.000+02:00
diff --git a/src/Controller/Index/Index.php b/src/Controller/Index/Index.php
@@ -31,16 +31,18 @@ public function __construct(
 
     public function execute(): ResultInterface
     {
-        $token = sprintf('Bearer %s', $this->config->getToken());
-        $authorizationHeader = $this->getRequest()->getHeader('Authorization');
-
-        if ($token !== $authorizationHeader) {
-            /** @var \Magento\Framework\Controller\Result\Raw $result */
-            $result = $this->resultFactory->create(ResultFactory::TYPE_RAW);
-            $result->setHttpResponseCode(Http::STATUS_CODE_401);
-            $result->setContents('You are not allowed to see these metrics.');
-
-            return $result;
+        if ($this->config->getTokenValidationEnabled()) {
+            $token = sprintf('Bearer %s', $this->config->getToken());
+            $authorizationHeader = $this->getRequest()->getHeader('Authorization');
+
+            if ($token !== $authorizationHeader) {
+                /** @var \Magento\Framework\Controller\Result\Raw $result */
+                $result = $this->resultFactory->create(ResultFactory::TYPE_RAW);
+                $result->setHttpResponseCode(Http::STATUS_CODE_401);
+                $result->setContents('You are not allowed to see these metrics.');
+
+                return $result;
+            }
         }
 
         return $this->prometheusResultFactory->create();
diff --git a/src/Data/Config.php b/src/Data/Config.php
@@ -12,6 +12,7 @@ class Config
 {
     private const CONFIG_PATH_METRICS_ENABLED = 'metric_configuration/metric/metric_status';
     private const CONFIG_PATH_AUTH_TOKEN = 'metric_configuration/security/token';
+    private const CONFIG_PATH_TOKEN_VALIDATION_ENABLED = 'metric_configuration/security/enable_token';
 
     private $config;
     private $metricsSource;
@@ -38,6 +39,11 @@ public function getDefaultMetrics(): array
         return array_column($this->metricsSource->toOptionArray(), 'value');
     }
 
+    public function getTokenValidationEnabled(?string $scopeCode = null): bool
+    {
+        return $this->config->isSetFlag(self::CONFIG_PATH_TOKEN_VALIDATION_ENABLED, ScopeInterface::SCOPE_STORE, $scopeCode);
+    }
+
     public function getToken(?string $scopeCode = null): string
     {
         return $this->config->getValue(self::CONFIG_PATH_AUTH_TOKEN, ScopeInterface::SCOPE_STORE, $scopeCode) ?? '';
diff --git a/src/etc/adminhtml/system.xml b/src/etc/adminhtml/system.xml
@@ -25,15 +25,25 @@
                 <label>Security Settings for the Prometheus Scrape Config</label>
                 <comment>This section contains security related configurations. We recommend using the Bearer Token in your Prometheus Scrape Config.</comment>
 
+                <field id="enable_token" showInWebsite="1" showInStore="1" showInDefault="1" type="select">
+                    <label>Enable token authorization</label>
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                </field>
                 <field id="token" showInWebsite="1" showInStore="1" showInDefault="1" type="text">
                     <label>Token</label>
                     <frontend_model>RunAsRoot\PrometheusExporter\Block\Adminhtml\System\Config\DisabledText</frontend_model>
+                    <depends>
+                        <field id="metric_configuration/security/enable_token">1</field>
+                    </depends>
                 </field>
 
                 <field id="generate_auth_token" translate="button_label" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="1">
                     <button_label>Generate</button_label>
                     <comment>Click 'Generate' to generate a random auth token, that you can use for your scrape config.</comment>
                     <frontend_model>RunAsRoot\PrometheusExporter\Block\Adminhtml\System\Config\TokenGenerator</frontend_model>
+                    <depends>
+                        <field id="metric_configuration/security/enable_token">1</field>
+                    </depends>
                 </field>
             </group>
         </section>

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ class Config`
`12`	`12`	`{`
`13`	`13`	`private const CONFIG_PATH_METRICS_ENABLED = 'metric_configuration/metric/metric_status';`
`14`	`14`	`private const CONFIG_PATH_AUTH_TOKEN = 'metric_configuration/security/token';`
	`15`	`+ private const CONFIG_PATH_TOKEN_VALIDATION_ENABLED = 'metric_configuration/security/enable_token';`
`15`	`16`
`16`	`17`	`private $config;`
`17`	`18`	`private $metricsSource;`
`@@ -38,6 +39,11 @@ public function getDefaultMetrics(): array`
`38`	`39`	`return array_column($this->metricsSource->toOptionArray(), 'value');`
`39`	`40`	`}`
`40`	`41`
	`42`	`+ public function getTokenValidationEnabled(?string $scopeCode = null): bool`
	`43`	`+ {`
	`44`	`+ return $this->config->isSetFlag(self::CONFIG_PATH_TOKEN_VALIDATION_ENABLED, ScopeInterface::SCOPE_STORE, $scopeCode);`
	`45`	`+ }`
	`46`	`+`
`41`	`47`	`public function getToken(?string $scopeCode = null): string`
`42`	`48`	`{`
`43`	`49`	`return $this->config->getValue(self::CONFIG_PATH_AUTH_TOKEN, ScopeInterface::SCOPE_STORE, $scopeCode) ?? '';`