basicauth: patch for overlapping rules

This commit is contained in:
jordi collell 2015-05-10 08:20:58 +02:00
parent 4c11854927
commit 99fa4581aa
2 changed files with 20 additions and 6 deletions

View file

@ -19,6 +19,10 @@ type BasicAuth struct {
// ServeHTTP implements the middleware.Handler interface. // ServeHTTP implements the middleware.Handler interface.
func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) { func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
var hasAuth bool
var isAuthenticated bool
for _, rule := range a.Rules { for _, rule := range a.Rules {
for _, res := range rule.Resources { for _, res := range rule.Resources {
if !middleware.Path(r.URL.Path).Matches(res) { if !middleware.Path(r.URL.Path).Matches(res) {
@ -27,16 +31,26 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
// Path matches; parse auth header // Path matches; parse auth header
username, password, ok := r.BasicAuth() username, password, ok := r.BasicAuth()
hasAuth = true
// Check credentials // Check credentials
if !ok || username != rule.Username || password != rule.Password { if !ok || username != rule.Username || password != rule.Password {
w.Header().Set("WWW-Authenticate", "Basic") continue
return http.StatusUnauthorized, nil }
// flag set only on success authentication
isAuthenticated = true
}
} }
if hasAuth {
if !isAuthenticated {
w.Header().Set("WWW-Authenticate", "Basic")
return http.StatusUnauthorized, nil
} else {
// "It's an older code, sir, but it checks out. I was about to clear them." // "It's an older code, sir, but it checks out. I was about to clear them."
return a.Next.ServeHTTP(w, r) return a.Next.ServeHTTP(w, r)
} }
} }
// Pass-thru when no paths match // Pass-thru when no paths match

View file

@ -84,13 +84,14 @@ func TestMultipleOverlappingRules(t *testing.T) {
{"/t", http.StatusOK, "t:p1"}, {"/t", http.StatusOK, "t:p1"},
{"/t/t", http.StatusOK, "t:p1"}, {"/t/t", http.StatusOK, "t:p1"},
{"/t/t", http.StatusOK, "t1:p2"}, {"/t/t", http.StatusOK, "t1:p2"},
{"/a", http.StatusOK, "t1:p2"},
{"/t/t", http.StatusUnauthorized, "t1:p3"},
{"/t", http.StatusUnauthorized, "t1:p2"},
} }
for i, test := range tests { for i, test := range tests {
req, err := http.NewRequest("GET", test.from, nil) req, err := http.NewRequest("GET", test.from, nil)
if err != nil { if err != nil {
t.Fatalf("Test %d: Could not create HTTP request %v", i, err) t.Fatalf("Test %d: Could not create HTTP request %v", i, err)
@ -108,7 +109,6 @@ func TestMultipleOverlappingRules(t *testing.T) {
i, test.result, result) i, test.result, result)
} }
} }
} }