bool HTTPBasicAuth::handleRequest(HTTPRequestPtr& request, TCPConnectionPtr& tcp_conn)
{
if (!needAuthentication(request)) {
return true; // this request does not require authentication
}
PionDateTime time_now(boost::posix_time::second_clock::universal_time());
if (time_now > m_cache_cleanup_time + boost::posix_time::seconds(CACHE_EXPIRATION)) {
// expire cache
boost::mutex::scoped_lock cache_lock(m_cache_mutex);
PionUserCache::iterator i;
PionUserCache::iterator next=m_user_cache.begin();
while (next!=m_user_cache.end()) {
i=next;
++next;
if (time_now > i->second.first + boost::posix_time::seconds(CACHE_EXPIRATION)) {
// ok - this is an old record.. expire it now
m_user_cache.erase(i);
}
}
m_cache_cleanup_time = time_now;
}
// if we are here, we need to check if access authorized...
std::string authorization = request->getHeader(HTTPTypes::HEADER_AUTHORIZATION);
if (!authorization.empty()) {
std::string credentials;
if (parseAuthorization(authorization, credentials)) {
// to do - use fast cache to match with active credentials
boost::mutex::scoped_lock cache_lock(m_cache_mutex);
PionUserCache::iterator user_cache_ptr=m_user_cache.find(credentials);
if (user_cache_ptr!=m_user_cache.end()) {
// we found the credentials in our cache...
// we can approve authorization now!
request->setUser(user_cache_ptr->second.second);
user_cache_ptr->second.first = time_now;
return true;
}
std::string username;
std::string password;
if (parseCredentials(credentials, username, password)) {
// match username/password
PionUserPtr user=m_user_manager->getUser(username, password);
if (user) {
// add user to the cache
m_user_cache.insert(std::make_pair(credentials, std::make_pair(time_now, user)));
// add user credentials to the request object
request->setUser(user);
return true;
}
}
}
}
// user not found
handleUnauthorized(request, tcp_conn);
return false;
}
bool HTTPCookieAuth::handleRequest(HTTPRequestPtr& request, TCPConnectionPtr& tcp_conn)
{
if (processLogin(request,tcp_conn)) {
return false; // we processed login/logout request, no future processing for this request permitted
}
if (!needAuthentication(request)) {
return true; // this request does not require authentication
}
// check if it is redirection page.. If yes, then do not test its credentials ( as used for login)
if (!m_redirect.empty() && m_redirect==request->getResource()) {
return true; // this request does not require authentication
}
// check cache for expiration
PionDateTime time_now(boost::posix_time::second_clock::universal_time());
expireCache(time_now);
// if we are here, we need to check if access authorized...
const std::string auth_cookie(request->getCookie(AUTH_COOKIE_NAME));
if (! auth_cookie.empty()) {
// check if this cookie is in user cache
boost::mutex::scoped_lock cache_lock(m_cache_mutex);
PionUserCache::iterator user_cache_itr=m_user_cache.find(auth_cookie);
if (user_cache_itr != m_user_cache.end()) {
// we find those credential in our cache...
// we can approve authorization now!
request->setUser(user_cache_itr->second.second);
// and update cache timeout
user_cache_itr->second.first = time_now;
return true;
}
}
// user not found
handleUnauthorized(request,tcp_conn);
return false;
}
