14559 static int authCondition(HttpConn *conn, HttpRoute *route, HttpRouteOp *op) 14560 { 14561 HttpAuth *auth; 14562 cchar *username, *password; 14563 14564 assert(conn); 14565 assert(route); 14566 14567 auth = route->auth; 14568 if (!auth || !auth->type) { 14569 /* Authentication not required */ 14570 return HTTP_ROUTE_OK; 14571 } 14572 if (!httpIsAuthenticated(conn)) { 14573 httpGetCredentials(conn, &username, &password); 14574 if (!httpLogin(conn, username, password)) { 14575 if (!conn->tx->finalized) { 14576 if (auth && auth->type) { 14577 (auth->type->askLogin)(conn); 14578 } else { 14579 httpError(conn, HTTP_CODE_UNAUTHORIZED, "Access Denied, login required"); 14580 } 14581 /* Request has been denied and a response generated. So OK to accept this route. */ 14582 } 14583 return HTTP_ROUTE_OK; 14584 } 14585 } 14586 if (!httpCanUser(conn, NULL)) { 14587 httpTrace(conn, "auth.check", "error", "msg:'Access denied, user is not authorized for access'"); 14588 if (!conn->tx->finalized) { 14589 httpError(conn, HTTP_CODE_FORBIDDEN, "Access denied. User is not authorized for access."); 14590 /* Request has been denied and a response generated. So OK to accept this route. */ 14591 } 14592 } 14593 /* OK to accept route. This does not mean the request was authenticated - an error may have been already generated */ 14594 return HTTP_ROUTE_OK; 14595 }
1641 Get the username and password credentials. If using an in-protocol auth scheme like basic|digest, the 1642 rx->authDetails will contain the credentials and the parseAuth callback will be invoked to parse. 1643 Otherwise, it is expected that "username" and "password" fields are present in the request parameters. 1644 1645 This is called by authCondition which thereafter calls httpLogin 1646 */ 1647 PUBLIC bool httpGetCredentials(HttpConn *conn, cchar **username, cchar **password) 1648 { 1649 HttpAuth *auth; 1650 1651 assert(username); 1652 assert(password); 1653 *username = *password = NULL; 1654 1655 auth = conn->rx->route->auth; 1656 if (!auth || !auth->type) { 1657 return 0; 1658 } 1659 if (auth->type) { 1660 if (conn->authType && !smatch(conn->authType, auth->type->name)) { 1661 if (!(smatch(auth->type->name, "form") && conn->rx->flags & HTTP_POST)) { 1662 /* If a posted form authentication, ignore any basic|digest details in request */ 1663 return 0; 1664 } 1665 } 1666 if (auth->type->parseAuth && (auth->type->parseAuth)(conn, username, password) < 0) { 1667 return 0; 1668 } 1669 } else { 1670 *username = httpGetParam(conn, "username", 0); 1671 *password = httpGetParam(conn, "password", 0); 1672 } 1673 return 1; 1674 }