mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Move handling of login through HTTP headers to is_logged_in helper
This commit is contained in:
Alexandre Aubin
parent
b2b9b9c8e3
commit
abc38bbffe
2 changed files with 24 additions and 27 deletions
27
access.lua
27
access.lua
|
|
@ -265,39 +265,12 @@ if conf["redirected_regex"] then
|
|||
end
|
||||
|
||||
--
|
||||
-- 4. Basic HTTP Authentication
|
||||
--
|
||||
-- If the `Authorization` header is set before reaching the SSO, we want to
|
||||
-- match user and password against the user database.
|
||||
--
|
||||
-- It allows you to bypass the cookie-based procedure with a per-request
|
||||
-- authentication. Very usefull when you are trying to reach a specific URL
|
||||
-- via cURL for example.
|
||||
--
|
||||
|
||||
if not is_logged_in then
|
||||
local auth_header = ngx.req.get_headers()["Authorization"]
|
||||
|
||||
if auth_header then
|
||||
_, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
|
||||
_, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
|
||||
user = hlp.authenticate(user, password)
|
||||
if user then
|
||||
logger.debug("User got authenticated through basic auth")
|
||||
|
||||
-- If user has no access to this URL, redirect him to the portal
|
||||
if not permission or not hlp.has_access(permission, user) then
|
||||
return hlp.redirect(conf.portal_url)
|
||||
end
|
||||
|
||||
if permission["auth_header"] then
|
||||
logger.debug("Set Headers")
|
||||
hlp.set_headers(user)
|
||||
end
|
||||
return hlp.pass()
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
--
|
||||
--
|
||||
|
|
|
|||
24
helpers.lua
24
helpers.lua
|
|
@ -260,6 +260,30 @@ function refresh_logged_in()
|
|||
end
|
||||
end
|
||||
|
||||
-- If client set the `Authorization` header before reaching the SSO,
|
||||
-- we want to match user and password against the user database.
|
||||
--
|
||||
-- It allows to bypass the cookie-based procedure with a per-request
|
||||
-- authentication. This is useful to authenticate on the SSO during
|
||||
-- curl requests for example.
|
||||
|
||||
local auth_header = ngx.req.get_headers()["Authorization"]
|
||||
|
||||
if auth_header then
|
||||
_, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
|
||||
_, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
|
||||
user = authenticate(user, password)
|
||||
if user then
|
||||
logger.debug("User got authenticated through basic auth")
|
||||
authUser = user
|
||||
is_logged_in = true
|
||||
else
|
||||
is_logged_in = false
|
||||
end
|
||||
return is_logged_in
|
||||
end
|
||||
|
||||
is_logged_in = false
|
||||
return false
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue