bool CredentialHttpPrivate::checkPassword(const AuthenticationUser &user, const CStringHash &authinfo)
{
QString password = authinfo.value(passwordField);
const QString &storedPassword = user.value(passwordField);
if (passwordType == CredentialHttp::None) {
qCDebug(C_CREDENTIALHTTP) << "CredentialPassword is set to ignore password check";
return true;
} else if (passwordType == CredentialHttp::Clear) {
return storedPassword == password;
} else if (passwordType == CredentialHttp::Hashed) {
if (!passwordPreSalt.isNull()) {
password.prepend(password);
}
if (!passwordPostSalt.isNull()) {
password.append(password);
}
return CredentialPassword::validatePassword(password.toUtf8(), storedPassword.toUtf8());
} else if (passwordType == CredentialHttp::SelfCheck) {
return user.checkPassword(password);
}
return false;
}
AuthenticationUser CredentialHttp::authenticate(Cutelyst::Context *c, AuthenticationRealm *realm, const CStringHash &authinfo)
{
Q_D(CredentialHttp);
AuthenticationUser ret;
if (d->requireSsl && !c->request()->secure()) {
return d->authenticationFailed(c, realm, authinfo);
}
if (d->isAuthTypeDigest()) {
ret = d->authenticateDigest(c, realm, authinfo);
if (!ret.isNull()) {
return ret;
}
}
if (d->isAuthTypeBasic()) {
ret = d->authenticateBasic(c, realm, authinfo);
if (!ret.isNull()) {
return ret;
}
}
return d->authenticationFailed(c, realm, authinfo);
}
AuthenticationUser AuthenticationRealm::findUser(Context *c, const CStringHash &userinfo)
{
AuthenticationUser ret = m_store->findUser(c, userinfo);
if (ret.isNull()) {
if (m_store->canAutoCreateUser()) {
ret = m_store->autoCreateUser(c, userinfo);
}
} else if (m_store->canAutoUpdateUser()) {
ret = m_store->autoUpdateUser(c, userinfo);
}
return ret;
}
AuthenticationUser AuthenticationRealm::restoreUser(Context *c, const QVariant &frozenUser)
{
QVariant _frozenUser = frozenUser;
if (_frozenUser.isNull()) {
_frozenUser = userIsRestorable(c);
}
if (_frozenUser.isNull()) {
return AuthenticationUser();
}
AuthenticationUser user = m_store->fromSession(c, _frozenUser);
if (!user.isNull()) {
// Sets the realm the user originated in
user.setAuthRealm(this);
} else {
qCWarning(C_AUTH_REALM) << "Store claimed to have a restorable user, but restoration failed. Did you change the user's id_field?";
}
return user;
}
AuthenticationUser StoreHtpasswd::findUser(Context *c, const CStringHash &userInfo)
{
QString username = userInfo.value("username");
QString fileName = property("_file").toString();
QFile file(fileName);
if (file.open(QFile::ReadOnly | QFile::Text)) {
while (!file.atEnd()) {
QByteArray line = file.readLine();
QList<QByteArray> parts = line.trimmed().split(':');
if (parts.size() >= 2 && !parts.first().startsWith('#') && parts.first() == username) {
AuthenticationUser ret;
ret.insert("username", username);
ret.setId(username);
QByteArray password = parts.at(1);
ret.insert("password", password.replace(',', ':'));
return ret;
// TODO maybe support additional fields
}
}
}
return AuthenticationUser();
}
AuthenticationUser CredentialHttpPrivate::authenticateBasic(Context *c, AuthenticationRealm *realm, const CStringHash &authinfo)
{
Q_UNUSED(authinfo)
qCDebug(C_CREDENTIALHTTP) << "Checking http basic authentication.";
QPair<QString, QString> userPass = c->req()->headers().authorizationBasicPair();
if (userPass.first.isEmpty()) {
return AuthenticationUser();
}
CStringHash auth;
auth.insert(usernameField, userPass.first);
AuthenticationUser user = realm->findUser(c, auth);
if (!user.isNull()) {
auth.insert(passwordField, userPass.second);
if (checkPassword(user, auth)) {
return user;
}
qCDebug(C_CREDENTIALHTTP) << "Password didn't match";
} else {
qCDebug(C_CREDENTIALHTTP) << "Unable to locate a user matching user info provided in realm";
}
return AuthenticationUser();
}
QVariant StoreHtpasswd::forSession(Context *c, const AuthenticationUser &user)
{
return user.id();
}
QVariant StoreMinimal::forSession(Context *c, const AuthenticationUser &user)
{
return user.id();
}
