eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-05-03 04:52:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

ugly working draft

Browse Source
This commit is contained in:
A.Unger
2020-12-02 15:31:17 +01:00
parent 752cd4f626
commit 2910e88ba5
9 changed files with 81 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
proxy/pkg/middleware/basic_auth.go
View File

@@ -37,21 +37,47 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
if !h.isPublicLink(req) {
for i := 0; i < len(ProxyWwwAuthenticate); i++ {
if strings.Contains(req.RequestURI, fmt.Sprintf("/%v/", ProxyWwwAuthenticate[i])) {
for k, v := range options.CredentialsByUserAgent {
if strings.Contains(k, req.UserAgent()) {
w.Header().Del("Www-Authenticate")
w.Header().Add("Www-Authenticate", fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", strings.Title(v), req.Host))
goto OUT
}
}
w.Header().Add("Www-Authenticate", fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", "Basic", req.Host))
}
}
}
OUT:
next.ServeHTTP(w, req)
return
}
w.Header().Del("Www-Authenticate")
account, ok := h.getAccount(req)
// touch is a user agent locking guard, when touched changes to true it indicates the User-Agent on the
// request is configured to support only one challenge, it it remains untouched, there are no considera-
// tions and we should write all available authentication challenges to the response.
touch := false
if !ok {
for i := 0; i < len(ProxyWwwAuthenticate); i++ {
if strings.Contains(req.RequestURI, fmt.Sprintf("/%v/", ProxyWwwAuthenticate[i])) {
w.Header().Add("Www-Authenticate", fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", "Basic", req.Host))
// if the request is bound to a user agent the locked write Www-Authenticate for such user
for k, v := range options.CredentialsByUserAgent {
if strings.Contains(k, req.UserAgent()) {
w.Header().Del("Www-Authenticate")
w.Header().Add("Www-Authenticate", fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", strings.Title(v), req.Host))
touch = true
break
}
}
// if the request is not bound to any user agent, write all available challenges
if !touch {
writeSupportedAuthenticateHeader(w, req)
}
w.WriteHeader(http.StatusUnauthorized)
return
}