diff options
author | ms <ms@taler.net> | 2021-09-17 15:46:37 +0200 |
---|---|---|
committer | ms <ms@taler.net> | 2021-09-17 15:46:37 +0200 |
commit | 42c62f26b4fe0e5cc2fc3f29f8b79f25b2c49ee0 (patch) | |
tree | 589e94ad1c9165f95c8fb34b948da8783359ec3a /nexus | |
parent | 42f6a845dd0769deae0fb9bb43f505e369ef9fcd (diff) | |
download | libeufin-42c62f26b4fe0e5cc2fc3f29f8b79f25b2c49ee0.tar.gz libeufin-42c62f26b4fe0e5cc2fc3f29f8b79f25b2c49ee0.tar.bz2 libeufin-42c62f26b4fe0e5cc2fc3f29f8b79f25b2c49ee0.zip |
Provide authentication to Sandbox
Diffstat (limited to 'nexus')
-rw-r--r-- | nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt | 44 |
1 files changed, 9 insertions, 35 deletions
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt index 9d222e9a..639abb37 100644 --- a/nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt +++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt @@ -1,5 +1,6 @@ package tech.libeufin.nexus +import UtilError import io.ktor.application.* import io.ktor.http.* import io.ktor.request.* @@ -7,54 +8,27 @@ import org.jetbrains.exposed.sql.and import org.jetbrains.exposed.sql.transactions.transaction import tech.libeufin.nexus.server.Permission import tech.libeufin.nexus.server.PermissionQuery -import tech.libeufin.util.CryptoUtil -import tech.libeufin.util.base64ToBytes -import tech.libeufin.util.constructXml - +import tech.libeufin.util.* /** - * This helper function parses a Authorization:-header line, decode the credentials - * and returns a pair made of username and hashed (sha256) password. The hashed value - * will then be compared with the one kept into the database. - */ -private fun extractUserAndPassword(authorizationHeader: String): Pair<String, String> { - logger.debug("Authenticating: $authorizationHeader") - val (username, password) = try { - val split = authorizationHeader.split(" ") - val plainUserAndPass = String(base64ToBytes(split[1]), Charsets.UTF_8) - plainUserAndPass.split(":") - } catch (e: java.lang.Exception) { - throw NexusError( - HttpStatusCode.BadRequest, - "invalid Authorization:-header received" - ) - } - return Pair(username, password) -} - - -/** - * Test HTTP basic auth. Throws error if password is wrong, + * HTTP basic auth. Throws error if password is wrong, * and makes sure that the user exists in the system. * * @return user entity */ fun authenticateRequest(request: ApplicationRequest): NexusUserEntity { return transaction { - val authorization = request.headers["Authorization"] - val headerLine = if (authorization == null) throw NexusError( - HttpStatusCode.BadRequest, "Authorization header not found" - ) else authorization - val (username, password) = extractUserAndPassword(headerLine) + val (username, password) = getHTTPBasicAuthCredentials(request) val user = NexusUserEntity.find { NexusUsersTable.username eq username }.firstOrNull() if (user == null) { - throw NexusError(HttpStatusCode.Unauthorized, "Unknown user '$username'") - } - if (!CryptoUtil.checkpw(password, user.passwordHash)) { - throw NexusError(HttpStatusCode.Forbidden, "Wrong password") + throw UtilError(HttpStatusCode.Unauthorized, + "Unknown user '$username'", + LibeufinErrorCode.LIBEUFIN_EC_AUTHENTICATION_FAILED + ) } + CryptoUtil.checkPwOrThrow(password, username) user } } |