t/lib-httpd/nph-custom-auth.sh

   1 #!/bin/sh
   2
   3 VALID_CREDS_FILE=custom-auth.valid
   4 CHALLENGE_FILE=custom-auth.challenge
   5
   6 #
   7 # If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid
   8 # credential for the current request. Each line in the file is considered a
   9 # valid HTTP Authorization header value. For example:
  10 #
  11 # Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
  12 #
  13 # If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers
  14 # in a 401 response if no valid authentication credentials were included in the
  15 # request. For example:
  16 #
  17 # WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
  18 # WWW-Authenticate: Basic realm="example.com"
  19 #
  20
  21 if test -n "$HTTP_AUTHORIZATION" && \
  22         grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"
  23 then
  24         # Note that although git-http-backend returns a status line, it
  25         # does so using a CGI 'Status' header. Because this script is an
  26         # No Parsed Headers (NPH) script, we must return a real HTTP
  27         # status line.
  28         # This is only a test script, so we don't bother to check for
  29         # the actual status from git-http-backend and always return 200.
  30         echo 'HTTP/1.1 200 OK'
  31         exec "$GIT_EXEC_PATH"/git-http-backend
  32 fi
  33
  34 echo 'HTTP/1.1 401 Authorization Required'
  35 if test -f "$CHALLENGE_FILE"
  36 then
  37         cat "$CHALLENGE_FILE"
  38 fi
  39 echo