bool Login::handleRequest(Session::ref session, Request::ref request, Reply::ref reply) { if (!request->hasHeader("Authorization")) { createAuthorizationRequest(reply); } else { std::string auth = request->getHeader("Authorization"); std::map<std::string, std::string> fields; digest_md5_parse(fields, auth.substr(7).c_str()); #define HAS(NAME) (fields.find(NAME) != fields.end()) if (!HAS("username") || !HAS("realm") || !HAS("nonce") || !HAS("uri") || !HAS("qop") || !HAS("response") || !HAS("opaque")) { createAuthorizationRequest(reply); return true; } #undef HAS m_getUser.where("name", fields["username"]); std::list<std::list<std::string> > user; m_getUser.into(&user); StorageBackend::getInstance()->select(m_getUser); if (user.empty()) { session->setAuthenticated(false, 0, ""); createAuthorizationRequest(reply); return true; } std::string ha1 = user.front().front(); std::string ha2 = MD5::getHashHEX("GET:/login"); std::string a3 = ha1 + ":" + "dcd98b7102dd2f0e8b11d0f600bfb0c093" + ":" + ha2; std::string response = MD5::getHashHEX(a3); // TODO: check nonce and opaque if (response == fields["response"]) { unsigned long id = boost::lexical_cast<unsigned long>(user.front().back()); session->setAuthenticated(true, id, fields["username"]); reply->setContent("Authorized"); reply->setContentType("text/html"); LOG_INFO(logger, session << ": User '" << fields["username"] << "' authorized"); } else { session->setAuthenticated(false, 0, ""); createAuthorizationRequest(reply); LOG_INFO(logger, session << ": User '" << fields["username"] << "' not authorized. Bad password or username"); } } return true; }
String AcquireTokenInteractiveHandler::createAuthorizationUri(bool includeFormsAuthParam) { Logger::info(Tag(), "createAuthorizationUri"); String loginHint; if (!userId_->isAnyUser() && (userId_->type() == UserIdentifierType::OptionalDisplayableId || userId_->type() == UserIdentifierType::RequiredDisplayableId)) { loginHint = userId_->id(); } RequestParameters requestParameters = createAuthorizationRequest(loginHint, includeFormsAuthParam); String urlString = authenticator_->authorizationUri() + "?" + requestParameters.toString(); // auto authorizationUri = std::make_shared<Url>(urlString); // authorizationUri = new Uri(HttpHelper.CheckForExtraQueryParameter(authorizationUri.AbsoluteUri)); return urlString; }