Skip to content
Snippets Groups Projects
Select Git revision
21 results Searching

Authentication.pmod

Blame
    • Authentication.pmod 14.42 KiB 
    #pike __REAL_VERSION__

//! This module contains various HTTP Authentication implementations for
//! both server and client use. A Client implementation would
//! typically call the @[make_authenticator] method with the incoming
//! WWW-Authenticate header to get a @[Client] object. For each HTTP
//! request the auth() method of the object can be called to get an
//! appropriate Authorization header.
//!
//! Server code should create an authentication class and inherit the
//! concrete authentication scheme implementation. To add an actual
//! user lookup, overload @[get_password] or
//! @[get_hashed_password]. Hashed passwords must be hashed with the
//! scheme appropriate digest.
//!
//! @example
//! class Auth {
//!   inherit Protocols.HTTP.Authentication.DigestMD5Server;
//!   Concurrent.Future get_password(string user) {
//!     Promise p = Concurrent.Promise();
//!     if( user == "bob" )
//!       return p->success("builder");
//!     return p->failure(sprintf("No user %O", user));
//!   }
//! }
//!
//! Auth auth = Auth("apps@@pike.org");
//! Concurrent.Future authenticate(Protocols.HTTP.Server.Request req) {
//!   Concurrent.Future authenticated = Concurrent.Promise();
//!   auth->auth(req->request_headers->authorization,
//!              req->request_method, request->not_query)
//!     ->then(lambda(string user) {
//!         authenticated->success(user);
//!       },
//!       lambda(string reason) {
//!         authenticated->failure(reason);
//!         string c = auth->challenge();
//!         request->response_and_finish( ([ "error":401,
//!                                          "extra_heads" : ([
//!                                            "WWW-Authenticate":c,
//!                                        ]) ]) );
//!       });
//!   return authenticated;
//! }

//! Split client generated Authorization header into its parts.
mapping(string:string) split_header(string hdr) {
  mapping parts = ([]);
  while( sizeof(hdr) ) {
    hdr = String.trim_all_whites(hdr);

    string name;
    if( sscanf(hdr, "%s=%s", name, hdr)!=2 ) {

      // Ignore unknown tokens. (RFC 2617 3.2.1 auth-param)
      if( sscanf(hdr, "%s,%s", name, hdr)==2 )
        continue;

      return parts;
    }
    hdr = String.trim_all_whites(hdr);

    string value;
    if( !sizeof(hdr) ) return parts;
    if( hdr[0]=='\"' ) {
      if( sscanf(hdr, "\"%s\"%s", value, hdr)!=2 )
        return parts;
      hdr = String.trim_all_whites(hdr);
      if( sizeof(hdr) && hdr[0]==',' )
        hdr = hdr[1..];