more debug
This commit is contained in:
parent
d59e787694
commit
331e1f8e16
30
auth.go
30
auth.go
@ -4,6 +4,7 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"errors"
|
"errors"
|
||||||
"io"
|
"io"
|
||||||
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
@ -107,6 +108,7 @@ type noAuth struct{}
|
|||||||
// and the remotely offered authentication methods.
|
// and the remotely offered authentication methods.
|
||||||
// First In, First Out.
|
// First In, First Out.
|
||||||
func NewAutoAuth(login string, secret string) Authorizer {
|
func NewAutoAuth(login string, secret string) Authorizer {
|
||||||
|
log.Printf("NewAutoAuth(%s, %s)", login, secret)
|
||||||
fmap := make([]authfactory, 0)
|
fmap := make([]authfactory, 0)
|
||||||
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
|
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
|
||||||
|
|
||||||
@ -130,6 +132,7 @@ func NewAutoAuth(login string, secret string) Authorizer {
|
|||||||
// First In, First Out.
|
// First In, First Out.
|
||||||
// It offers the `NewAutoAuth` features.
|
// It offers the `NewAutoAuth` features.
|
||||||
func NewEmptyAuth() Authorizer {
|
func NewEmptyAuth() Authorizer {
|
||||||
|
log.Printf("NewEmptyAuth()")
|
||||||
fmap := make([]authfactory, 0)
|
fmap := make([]authfactory, 0)
|
||||||
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
|
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
|
||||||
return az
|
return az
|
||||||
@ -146,11 +149,13 @@ func NewEmptyAuth() Authorizer {
|
|||||||
// without any synchronisation!!
|
// without any synchronisation!!
|
||||||
// Still applicable with `BasicAuth` within go routines.
|
// Still applicable with `BasicAuth` within go routines.
|
||||||
func NewPreemptiveAuth(auth Authenticator) Authorizer {
|
func NewPreemptiveAuth(auth Authenticator) Authorizer {
|
||||||
|
log.Printf("NewPreemptiveAuth()")
|
||||||
return &preemptiveAuthorizer{auth: auth}
|
return &preemptiveAuthorizer{auth: auth}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewAuthenticator creates an Authenticator (Shim) per request
|
// NewAuthenticator creates an Authenticator (Shim) per request
|
||||||
func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
|
func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
|
||||||
|
log.Printf("authorizer.NewAuthenticator()")
|
||||||
var retryBuf io.Reader = body
|
var retryBuf io.Reader = body
|
||||||
if body != nil {
|
if body != nil {
|
||||||
// If the authorization fails, we will need to restart reading
|
// If the authorization fails, we will need to restart reading
|
||||||
@ -177,6 +182,7 @@ func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader)
|
|||||||
// AddAuthenticator appends the AuthFactory to our factories.
|
// AddAuthenticator appends the AuthFactory to our factories.
|
||||||
// It converts the key to lower case and preserves the order.
|
// It converts the key to lower case and preserves the order.
|
||||||
func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
|
func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
|
||||||
|
log.Printf("authorizer.AddAuthenticator(%s)", key)
|
||||||
key = strings.ToLower(key)
|
key = strings.ToLower(key)
|
||||||
for _, f := range a.factories {
|
for _, f := range a.factories {
|
||||||
if f.key == key {
|
if f.key == key {
|
||||||
@ -188,6 +194,7 @@ func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
|
|||||||
|
|
||||||
// factory picks all valid Authenticators based on Www-Authenticate headers
|
// factory picks all valid Authenticators based on Www-Authenticate headers
|
||||||
func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
|
func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
|
||||||
|
log.Printf("authorizer.factory()")
|
||||||
headers := rs.Header.Values("Www-Authenticate")
|
headers := rs.Header.Values("Www-Authenticate")
|
||||||
if len(headers) > 0 {
|
if len(headers) > 0 {
|
||||||
auths := make([]Authenticator, 0)
|
auths := make([]Authenticator, 0)
|
||||||
@ -223,6 +230,7 @@ func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (au
|
|||||||
|
|
||||||
// setDefaultAuthenticator sets the default Authenticator
|
// setDefaultAuthenticator sets the default Authenticator
|
||||||
func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
|
func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
|
||||||
|
log.Printf("authorizer.setDefaultAuthenticator()")
|
||||||
a.defAuthMux.Lock()
|
a.defAuthMux.Lock()
|
||||||
a.defAuth.Close()
|
a.defAuth.Close()
|
||||||
a.defAuth = auth
|
a.defAuth = auth
|
||||||
@ -231,6 +239,7 @@ func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
|
|||||||
|
|
||||||
// Authorize the current request
|
// Authorize the current request
|
||||||
func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) error {
|
func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||||
|
log.Printf("authShim.Authorize()")
|
||||||
if err := s.auth.Authorize(c, rq, path); err != nil {
|
if err := s.auth.Authorize(c, rq, path); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -252,6 +261,7 @@ func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) erro
|
|||||||
// Verify checks for authentication issues and may trigger a re-authentication.
|
// Verify checks for authentication issues and may trigger a re-authentication.
|
||||||
// Catches AlgoChangedErr to update the current Authenticator
|
// Catches AlgoChangedErr to update the current Authenticator
|
||||||
func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||||
|
log.Printf("authShim.Verify()")
|
||||||
redo, err = s.auth.Verify(c, rs, path)
|
redo, err = s.auth.Verify(c, rs, path)
|
||||||
if err != nil && errors.Is(err, ErrAuthChanged) {
|
if err != nil && errors.Is(err, ErrAuthChanged) {
|
||||||
if auth, aerr := s.factory(c, rs, path); aerr == nil {
|
if auth, aerr := s.factory(c, rs, path); aerr == nil {
|
||||||
@ -267,6 +277,7 @@ func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo
|
|||||||
|
|
||||||
// Close closes all resources
|
// Close closes all resources
|
||||||
func (s *authShim) Close() error {
|
func (s *authShim) Close() error {
|
||||||
|
log.Printf("authShim.Close()")
|
||||||
s.auth.Close()
|
s.auth.Close()
|
||||||
s.auth, s.factory = nil, nil
|
s.auth, s.factory = nil, nil
|
||||||
if s.body != nil {
|
if s.body != nil {
|
||||||
@ -280,16 +291,19 @@ func (s *authShim) Close() error {
|
|||||||
// It's not intend to Clone the shim
|
// It's not intend to Clone the shim
|
||||||
// therefore it returns a noAuth instance
|
// therefore it returns a noAuth instance
|
||||||
func (s *authShim) Clone() Authenticator {
|
func (s *authShim) Clone() Authenticator {
|
||||||
|
log.Printf("authShim.Clone()")
|
||||||
return &noAuth{}
|
return &noAuth{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// String toString
|
// String toString
|
||||||
func (s *authShim) String() string {
|
func (s *authShim) String() string {
|
||||||
|
log.Printf("authShim.String()")
|
||||||
return "AuthShim"
|
return "AuthShim"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authorize authorizes the current request with the top most Authorizer
|
// Authorize authorizes the current request with the top most Authorizer
|
||||||
func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||||
|
log.Printf("negoAuth.Authorize()")
|
||||||
if len(n.auths) == 0 {
|
if len(n.auths) == 0 {
|
||||||
return NewPathError("NoAuthenticator", path, 400)
|
return NewPathError("NoAuthenticator", path, 400)
|
||||||
}
|
}
|
||||||
@ -298,6 +312,7 @@ func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) erro
|
|||||||
|
|
||||||
// Verify verifies the authentication and selects the next one based on the result
|
// Verify verifies the authentication and selects the next one based on the result
|
||||||
func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||||
|
log.Printf("negoAuth.Verify()")
|
||||||
if len(n.auths) == 0 {
|
if len(n.auths) == 0 {
|
||||||
return false, NewPathError("NoAuthenticator", path, 400)
|
return false, NewPathError("NoAuthenticator", path, 400)
|
||||||
}
|
}
|
||||||
@ -322,6 +337,7 @@ func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo
|
|||||||
|
|
||||||
// Close will close the underlying authenticators.
|
// Close will close the underlying authenticators.
|
||||||
func (n *negoAuth) Close() error {
|
func (n *negoAuth) Close() error {
|
||||||
|
log.Printf("negoAuth.Close()")
|
||||||
for _, a := range n.auths {
|
for _, a := range n.auths {
|
||||||
a.Close()
|
a.Close()
|
||||||
}
|
}
|
||||||
@ -331,6 +347,7 @@ func (n *negoAuth) Close() error {
|
|||||||
|
|
||||||
// Clone clones the underlying authenticators.
|
// Clone clones the underlying authenticators.
|
||||||
func (n *negoAuth) Clone() Authenticator {
|
func (n *negoAuth) Clone() Authenticator {
|
||||||
|
log.Printf("negoAuth.Clone()")
|
||||||
auths := make([]Authenticator, len(n.auths))
|
auths := make([]Authenticator, len(n.auths))
|
||||||
for i, e := range n.auths {
|
for i, e := range n.auths {
|
||||||
auths[i] = e.Clone()
|
auths[i] = e.Clone()
|
||||||
@ -339,16 +356,19 @@ func (n *negoAuth) Clone() Authenticator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (n *negoAuth) String() string {
|
func (n *negoAuth) String() string {
|
||||||
|
log.Printf("negoAuth.String()")
|
||||||
return "NegoAuth"
|
return "NegoAuth"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authorize the current request
|
// Authorize the current request
|
||||||
func (n *noAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
func (n *noAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||||
|
log.Printf("noAuth.Authorize()")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify checks for authentication issues and may trigger a re-authentication
|
// Verify checks for authentication issues and may trigger a re-authentication
|
||||||
func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||||
|
log.Printf("noAuth.Verify()")
|
||||||
if "" != rs.Header.Get("Www-Authenticate") {
|
if "" != rs.Header.Get("Www-Authenticate") {
|
||||||
err = ErrAuthChanged
|
err = ErrAuthChanged
|
||||||
}
|
}
|
||||||
@ -357,53 +377,63 @@ func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bo
|
|||||||
|
|
||||||
// Close closes all resources
|
// Close closes all resources
|
||||||
func (n *noAuth) Close() error {
|
func (n *noAuth) Close() error {
|
||||||
|
log.Printf("noAuth.Close()")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clone creates a copy of itself
|
// Clone creates a copy of itself
|
||||||
func (n *noAuth) Clone() Authenticator {
|
func (n *noAuth) Clone() Authenticator {
|
||||||
|
log.Printf("noAuth.Clone()")
|
||||||
// no copy due to read only access
|
// no copy due to read only access
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
// String toString
|
// String toString
|
||||||
func (n *noAuth) String() string {
|
func (n *noAuth) String() string {
|
||||||
|
log.Printf("noAuth.String()")
|
||||||
return "NoAuth"
|
return "NoAuth"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authorize the current request
|
// Authorize the current request
|
||||||
func (n *nullAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
func (n *nullAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||||
|
log.Printf("nullAuth.Authorize()")
|
||||||
rq.Header.Set(XInhibitRedirect, "1")
|
rq.Header.Set(XInhibitRedirect, "1")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify checks for authentication issues and may trigger a re-authentication
|
// Verify checks for authentication issues and may trigger a re-authentication
|
||||||
func (n *nullAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
func (n *nullAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||||
|
log.Printf("nullAuth.Verify()")
|
||||||
return true, ErrAuthChanged
|
return true, ErrAuthChanged
|
||||||
}
|
}
|
||||||
|
|
||||||
// Close closes all resources
|
// Close closes all resources
|
||||||
func (n *nullAuth) Close() error {
|
func (n *nullAuth) Close() error {
|
||||||
|
log.Printf("nullAuth.Close()")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clone creates a copy of itself
|
// Clone creates a copy of itself
|
||||||
func (n *nullAuth) Clone() Authenticator {
|
func (n *nullAuth) Clone() Authenticator {
|
||||||
|
log.Printf("nullAuth.Clone()")
|
||||||
// no copy due to read only access
|
// no copy due to read only access
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
// String toString
|
// String toString
|
||||||
func (n *nullAuth) String() string {
|
func (n *nullAuth) String() string {
|
||||||
|
log.Printf("nullAuth.String()")
|
||||||
return "NullAuth"
|
return "NullAuth"
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewAuthenticator creates an Authenticator (Shim) per request
|
// NewAuthenticator creates an Authenticator (Shim) per request
|
||||||
func (b *preemptiveAuthorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
|
func (b *preemptiveAuthorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
|
||||||
|
log.Printf("preemptiveAuthorizer.NewAuthenticator()")
|
||||||
return b.auth.Clone(), body
|
return b.auth.Clone(), body
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddAuthenticator Will PANIC because it may only have a single authentication method
|
// AddAuthenticator Will PANIC because it may only have a single authentication method
|
||||||
func (b *preemptiveAuthorizer) AddAuthenticator(key string, fn AuthFactory) {
|
func (b *preemptiveAuthorizer) AddAuthenticator(key string, fn AuthFactory) {
|
||||||
|
log.Printf("preemptiveAuthorizer.AddAuthenticator()")
|
||||||
panic("You're funny! A preemptive authorizer may only have a single authentication method")
|
panic("You're funny! A preemptive authorizer may only have a single authentication method")
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user