libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit 9187644df5b541b4991a48fa6268aa9ad6c9597b
parent 3abbcaeae1b1c085d308f0558ce28b86535d6588
Author: Marcello Stanisci <stanisci.m@gmail.com>
Date:   Tue,  7 Apr 2020 21:30:23 +0200

define authenticator helper

Diffstat:

Mnexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt | 2--


Mnexus/src/main/kotlin/tech/libeufin/nexus/Main.kt | 10----------


Mnexus/src/main/kotlin/tech/libeufin/nexus/taler.kt | 31++++++++++++++++++++++++++-----


3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
@@ -1,8 +1,6 @@
 package tech.libeufin.nexus
 
 import io.ktor.http.HttpStatusCode
-import org.apache.commons.compress.archivers.zip.ZipFile
-import org.apache.commons.compress.utils.SeekableInMemoryByteChannel
 
 /**
  * Inserts spaces every 2 characters, and a newline after 8 pairs.
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -325,16 +325,6 @@ fun main() {
             this.level = Level.DEBUG
             this.logger = tech.libeufin.nexus.logger
         }
-        /*
-        install(Authentication) {
-            basic("taler") {
-                validate {credentials ->
-
-
-                }
-            }
-        }*/
-
         install(ContentNegotiation) {
             gson {
                 setDateFormat(DateFormat.LONG)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
@@ -5,12 +5,14 @@ import io.ktor.http.ContentType
 import io.ktor.http.HttpStatusCode
 import io.ktor.response.respondText
 import io.ktor.routing.Route
+import io.ktor.routing.get
 import io.ktor.routing.post
 import org.jetbrains.exposed.sql.and
 import org.jetbrains.exposed.sql.transactions.transaction
 import tech.libeufin.util.CryptoUtil
 import tech.libeufin.util.base64ToBytes
 import java.lang.Exception
+import javax.sql.rowset.serial.SerialBlob
 
 /**
  * This helper function parses a Authorization:-header line, decode the credentials
@@ -42,11 +44,8 @@ class Taler(app: Route) {
          * (!= public key) subject. */
         refund(app)
 
-        /**
-         * NOTE: Taler exchanges do authenticate via the HTTP Basic auth mechanism,
-         * which is currently _missing_ in the nexus.  Therefore, a mapping from auth
-         * header lines to ebics_subscriber needs to be implemented!
-         */
+        /** Tester for HTTP basic auth. */
+        testAuth(app)
     }
 
     /**
@@ -117,6 +116,28 @@ class Taler(app: Route) {
         val row_id: Long
     )
 
+    // throws error if password is wrong
+    private fun authenticateRequest(authorization: String?) {
+        val headerLine = authorization ?: throw NexusError(
+            HttpStatusCode.BadRequest, "Authentication:-header line not found"
+        )
+        logger.debug("Checking for authorization: $headerLine")
+        transaction {
+            val (user, pass) = extractUserAndHashedPassword(headerLine)
+            EbicsSubscriberEntity.find {
+                EbicsSubscribersTable.id eq user and (EbicsSubscribersTable.password eq SerialBlob(pass))
+            }.firstOrNull()
+        } ?: throw NexusError(HttpStatusCode.Forbidden, "Wrong password")
+    }
+
+    fun testAuth(app: Route) {
+        app.get("/taler/test-auth") {
+            authenticateRequest(call.request.headers["Authorization"])
+            call.respondText("Authenticated!", ContentType.Text.Plain, HttpStatusCode.OK)
+            return@get
+        }
+    }
+
     fun digest(app: Route) {
         app.post("/ebics/taler/{id}/digest-incoming-transactions") {
             val id = expectId(call.parameters["id"])