namespace isc {
namespace http {
-HttpResponseJsonPtr checkBasicHttpAuth(const HttpResponseCreator& creator,
- const ConstHttpRequestPtr& request,
- const BasicHttpAuthMap& credentials,
- const std::string& realm) {
- try {
+HttpResponseJsonPtr checkAuth(const HttpResponseCreator& creator,
+ const ConstHttpRequestPtr& request,
+ const BasicHttpAuthMap& credentials,
+ const std::string& realm) {
+ bool authentic = false;
+ if (credentials.empty()) {
+ authentic = true;
+ } else try {
string value = request->getHeaderValue("Authorization");
// Trim space characters.
value = str::trim(value);
LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_BASIC,
HTTP_CLIENT_REQUEST_AUTHORIZED)
.arg(it->second);
- return (HttpResponseJsonPtr());
+ authentic = true;
+ } else {
+ LOG_INFO(http_logger, HTTP_CLIENT_REQUEST_NOT_AUTHORIZED);
+ authentic = false;
}
- LOG_INFO(http_logger, HTTP_CLIENT_REQUEST_NOT_AUTHORIZED);
} catch (const HttpMessageNonExistingHeader&) {
LOG_INFO(http_logger, HTTP_CLIENT_REQUEST_NO_AUTH_HEADER);
} catch (const BadValue& ex) {
LOG_INFO(http_logger, HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER)
.arg(ex.what());
}
+ if (authentic) {
+ return (HttpResponseJsonPtr());
+ }
+ string scheme = "Basic";
HttpResponsePtr response =
creator.createStockHttpResponse(request, HttpStatusCode::UNAUTHORIZED);
response->reset();
response->context()->headers_.push_back(
HttpHeaderContext("WWW-Authenticate",
- "Basic realm=\"" + realm + "\""));
+ scheme + " realm=\"" + realm + "\""));
response->finalize();
return (boost::dynamic_pointer_cast<HttpResponseJson>(response));
}
// This test verifies that response is generated successfully from the
// finalized/parsed request.
TEST(HttpResponseCreatorTest, goodRequest) {
+ // There is no credentials so it checks also what happens when
+ // authentication is not required.
+
HttpResponsePtr response;
// Create request and finalize it.
HttpRequestPtr request(new HttpRequest());
// This test verifies that missing required authentication header gives
// unauthorized error.
TEST_F(HttpResponseCreatorAuthTest, noAuth) {
+ // Create credentials.
+ BasicHttpAuthPtr basic_auth;
+ EXPECT_NO_THROW(basic_auth.reset(new BasicHttpAuth("test", "123\xa3")));
+ EXPECT_EQ("dGVzdDoxMjPCow==", basic_auth->getCredential());
+ BasicHttpAuthMap credentials;
+ credentials[basic_auth->getCredential()] = "test";
+ string realm = "ISC.ORG";
+
// Create request and finalize it.
HttpRequestPtr request(new HttpRequest());
request->context()->http_version_major_ = 1;
HttpResponsePtr response;
TestHttpResponseCreatorPtr creator(new TestHttpResponseCreator());;
- BasicHttpAuthMap credentials;
- string realm = "ISC.ORG";
-
- ASSERT_NO_THROW(response =
- checkBasicHttpAuth(*creator, request, credentials, realm));
+ ASSERT_NO_THROW(response = checkAuth(*creator, request, credentials, realm));
ASSERT_TRUE(response);
EXPECT_EQ("HTTP/1.0 401 Unauthorized\r\n"
// This test verifies that too short authentication header is rejected.
TEST_F(HttpResponseCreatorAuthTest, authTooShort) {
+ // Create credentials.
+ BasicHttpAuthPtr basic_auth;
+ EXPECT_NO_THROW(basic_auth.reset(new BasicHttpAuth("test", "123\xa3")));
+ EXPECT_EQ("dGVzdDoxMjPCow==", basic_auth->getCredential());
+ BasicHttpAuthMap credentials;
+ credentials[basic_auth->getCredential()] = "test";
+ string realm = "ISC.ORG";
+
// Create request and finalize it.
HttpRequestPtr request(new HttpRequest());
request->context()->http_version_major_ = 1;
HttpResponsePtr response;
TestHttpResponseCreatorPtr creator(new TestHttpResponseCreator());;
- BasicHttpAuthMap credentials;
- string realm = "ISC.ORG";
-
- ASSERT_NO_THROW(response =
- checkBasicHttpAuth(*creator, request, credentials, realm));
+ ASSERT_NO_THROW(response = checkAuth(*creator, request, credentials, realm));
ASSERT_TRUE(response);
EXPECT_EQ("HTTP/1.0 401 Unauthorized\r\n"
// This test verifies that another authentication schema is rejected.
TEST_F(HttpResponseCreatorAuthTest, badScheme) {
+ // Create credentials.
+ BasicHttpAuthPtr basic_auth;
+ EXPECT_NO_THROW(basic_auth.reset(new BasicHttpAuth("test", "123\xa3")));
+ EXPECT_EQ("dGVzdDoxMjPCow==", basic_auth->getCredential());
+ BasicHttpAuthMap credentials;
+ credentials[basic_auth->getCredential()] = "test";
+ string realm = "ISC.ORG";
+
// Create request and finalize it.
HttpRequestPtr request(new HttpRequest());
request->context()->http_version_major_ = 1;
HttpResponsePtr response;
TestHttpResponseCreatorPtr creator(new TestHttpResponseCreator());;
- BasicHttpAuthMap credentials;
- string realm = "ISC.ORG";
-
- ASSERT_NO_THROW(response =
- checkBasicHttpAuth(*creator, request, credentials, realm));
+ ASSERT_NO_THROW(response = checkAuth(*creator, request, credentials, realm));
ASSERT_TRUE(response);
EXPECT_EQ("HTTP/1.0 401 Unauthorized\r\n"
// This test verifies that not matching credential is rejected.
TEST_F(HttpResponseCreatorAuthTest, notMatching) {
+ // Create credentials.
+ BasicHttpAuthPtr basic_auth;
+ EXPECT_NO_THROW(basic_auth.reset(new BasicHttpAuth("test", "123\xa3")));
+ EXPECT_EQ("dGVzdDoxMjPCow==", basic_auth->getCredential());
+ BasicHttpAuthMap credentials;
+ credentials[basic_auth->getCredential()] = "test";
+ string realm = "ISC.ORG";
+
// Create request and finalize it.
HttpRequestPtr request(new HttpRequest());
request->context()->http_version_major_ = 1;
request->context()->http_version_minor_ = 0;
request->context()->method_ = "GET";
request->context()->uri_ = "/foo";
- HttpHeaderContext auth("Authorization", "Basic dGVzdDoxMjPCow==");
+ // Slightly different credential...
+ HttpHeaderContext auth("Authorization", "Basic dGvZdDoxMjPcOw==");
request->context()->headers_.push_back(auth);
ASSERT_NO_THROW(request->finalize());
HttpResponsePtr response;
TestHttpResponseCreatorPtr creator(new TestHttpResponseCreator());;
- BasicHttpAuthMap credentials;
- string realm = "ISC.ORG";
-
- ASSERT_NO_THROW(response =
- checkBasicHttpAuth(*creator, request, credentials, realm));
+ ASSERT_NO_THROW(response = checkAuth(*creator, request, credentials, realm));
ASSERT_TRUE(response);
EXPECT_EQ("HTTP/1.0 401 Unauthorized\r\n"
// This test verifies that matching credential is accepted.
TEST_F(HttpResponseCreatorAuthTest, matching) {
+ // Create credentials.
+ BasicHttpAuthPtr basic_auth;
+ EXPECT_NO_THROW(basic_auth.reset(new BasicHttpAuth("test", "123\xa3")));
+ EXPECT_EQ("dGVzdDoxMjPCow==", basic_auth->getCredential());
+ BasicHttpAuthMap credentials;
+ credentials[basic_auth->getCredential()] = "test";
+ string realm = "ISC.ORG";
+
// Create request and finalize it.
HttpRequestPtr request(new HttpRequest());
request->context()->http_version_major_ = 1;
request->context()->http_version_minor_ = 0;
request->context()->method_ = "GET";
request->context()->uri_ = "/foo";
- BasicHttpAuthPtr basic_auth;
- EXPECT_NO_THROW(basic_auth.reset(new BasicHttpAuth("test", "123\xa3")));
- EXPECT_EQ("dGVzdDoxMjPCow==", basic_auth->getCredential());
BasicAuthHttpHeaderContext auth(*basic_auth);
request->context()->headers_.push_back(auth);
ASSERT_NO_THROW(request->finalize());
HttpResponsePtr response;
TestHttpResponseCreatorPtr creator(new TestHttpResponseCreator());;
- BasicHttpAuthMap credentials;
- credentials[basic_auth->getCredential()] = "test";
- string realm = "ISC.ORG";
-
- ASSERT_NO_THROW(response =
- checkBasicHttpAuth(*creator, request, credentials, realm));
+ ASSERT_NO_THROW(response = checkAuth(*creator, request, credentials, realm));
EXPECT_FALSE(response);
addString("HTTP_CLIENT_REQUEST_AUTHORIZED received HTTP request "
projects / thirdparty / kea.git / commitdiff
