basicauth: patch for overlapping rules

This commit is contained in:
jordi collell 2015-05-10 08:20:58 +02:00
parent 4c11854927
commit 99fa4581aa
2 changed files with 20 additions and 6 deletions

View File

@ -19,6 +19,10 @@ type BasicAuth struct {
// ServeHTTP implements the middleware.Handler interface.
func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
var hasAuth bool
var isAuthenticated bool
for _, rule := range a.Rules {
for _, res := range rule.Resources {
if !middleware.Path(r.URL.Path).Matches(res) {
@ -27,16 +31,26 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
// Path matches; parse auth header
username, password, ok := r.BasicAuth()
hasAuth = true
// Check credentials
if !ok || username != rule.Username || password != rule.Password {
w.Header().Set("WWW-Authenticate", "Basic")
return http.StatusUnauthorized, nil
continue
}
// flag set only on success authentication
isAuthenticated = true
}
}
if hasAuth {
if !isAuthenticated {
w.Header().Set("WWW-Authenticate", "Basic")
return http.StatusUnauthorized, nil
} else {
// "It's an older code, sir, but it checks out. I was about to clear them."
return a.Next.ServeHTTP(w, r)
}
}
// Pass-thru when no paths match

View File

@ -84,12 +84,13 @@ func TestMultipleOverlappingRules(t *testing.T) {
{"/t", http.StatusOK, "t:p1"},
{"/t/t", http.StatusOK, "t:p1"},
{"/t/t", http.StatusOK, "t1:p2"},
{"/a", http.StatusOK, "t1:p2"},
{"/t/t", http.StatusUnauthorized, "t1:p3"},
{"/t", http.StatusUnauthorized, "t1:p2"},
}
for i, test := range tests {
req, err := http.NewRequest("GET", test.from, nil)
if err != nil {
@ -108,7 +109,6 @@ func TestMultipleOverlappingRules(t *testing.T) {
i, test.result, result)
}
}
}