serv/dufs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: login successed but popup Forbidden (#437)

Browse source
This commit is contained in:
sigoden 2024-08-22 08:52:50 +08:00 committed by GitHub
parent 1db263efae
commit 7d17d9c415
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
assets/index.js
View file

@ -746,7 +746,7 @@ async function saveChange() {
async function checkAuth() { async function checkAuth() {
if (!DATA.auth) return; if (!DATA.auth) return;
const res = await fetch(baseUrl(), { const res = await fetch(baseUrl(), {
method: "WRITEABLE", method: "AUTH",
}); });
await assertResOK(res); await assertResOK(res);
document.querySelector(".login-btn").classList.add("hidden"); document.querySelector(".login-btn").classList.add("hidden");

1
src/auth.rs
View file

@ -429,6 +429,7 @@ fn is_readonly_method(method: &Method) -> bool {
|| method == Method::OPTIONS || method == Method::OPTIONS
|| method == Method::HEAD || method == Method::HEAD
|| method.as_str() == "PROPFIND" || method.as_str() == "PROPFIND"
|| method.as_str() == "AUTH"
} }
fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> { fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {

5
src/server.rs
View file

@ -200,7 +200,10 @@ impl Server {
.map(|(k, v)| (k.to_string(), v.to_string())) .map(|(k, v)| (k.to_string(), v.to_string()))
.collect(); .collect();
if method.as_str() == "WRITEABLE" { if method.as_str() == "AUTH" {
if user.is_none() {
self.auth_reject(&mut res)?;
}
return Ok(res); return Ok(res);
} }

16
tests/auth.rs
View file

@ -119,11 +119,11 @@ fn auth_check(
#[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer, #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
) -> Result<(), Error> { ) -> Result<(), Error> {
let url = format!("{}index.html", server.url()); let url = format!("{}index.html", server.url());
let resp = fetch!(b"WRITEABLE", &url).send()?; let resp = fetch!(b"AUTH", &url).send()?;
assert_eq!(resp.status(), 401); assert_eq!(resp.status(), 401);
let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user2", "pass2")?; let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user", "pass")?;
assert_eq!(resp.status(), 403); assert_eq!(resp.status(), 200);
let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user", "pass")?; let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user2", "pass2")?;
assert_eq!(resp.status(), 200); assert_eq!(resp.status(), 200);
Ok(()) Ok(())
} }
@ -133,11 +133,11 @@ fn auth_compact_rules(
#[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer, #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
) -> Result<(), Error> { ) -> Result<(), Error> {
let url = format!("{}index.html", server.url()); let url = format!("{}index.html", server.url());
let resp = fetch!(b"WRITEABLE", &url).send()?; let resp = fetch!(b"AUTH", &url).send()?;
assert_eq!(resp.status(), 401); assert_eq!(resp.status(), 401);
let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user2", "pass2")?; let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user", "pass")?;
assert_eq!(resp.status(), 403); assert_eq!(resp.status(), 200);
let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user", "pass")?; let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user2", "pass2")?;
assert_eq!(resp.status(), 200); assert_eq!(resp.status(), 200);
Ok(()) Ok(())
} }