Option to skip authentication if no credentials provided

[ivalentinee]

Kind of specific to my development experience case but sometimes it's useful to just skip authentication if no credentials are provided instead of raising an error. Not sure if someone else needs this :/

If just one of credentials is set I intend to raise an error, because, well, it's strange to skip authentication with just missing password or username.

As i'm not experienced in elixir/plug/phoenix any suggestions are more than welcome =)

(didn't bump version in mix.exs)

[nashby]

@vemperor hey, isn't it easier to just have something like

if System.get_env('BASIC_AUTH_USERNAME') do
  plug BasicAuth, ...
end

[ivalentinee]

@nashby probably, but

1. You have to duplicate ENV variable names in case of plain System.get_env.
2. Оr use trickery if application config uses {:system, "BASIC_AUTH_USERNAME"}.

[paulanthonywilson]

Sorry, we haven't commented on this yet. Thanks for the PR @vemperor.

I'm interested to know what you circumstances are that you want this? (My guess is that it is something along the lines of you want to secure a staging deployment but not the production deployment.)

@nashby I think the main issue with conditionally including the plug is that it gets compiled in so reflects the compilation environment rather than the deployment environment.

[ivalentinee]

@paulanthonywilson 2 cases:

1. We (me and my colleagues at work) are used to configure application via ENV as much as possible (including basic auth), because we don't even know who and where will setup the application (exploitating guys don't know a thing about elixir - they are not programmers).
2. Every opensource project should be easy to configure to use basic auth via non-programming-language specific means (like in the first case), e.g. ENV variables or plain config. I prefer ENV variables =)