more debug

This commit is contained in:
shoopea 2024-01-20 11:43:26 +01:00
parent d59e787694
commit 331e1f8e16

30
auth.go
View File

@ -4,6 +4,7 @@ import (
"bytes" "bytes"
"errors" "errors"
"io" "io"
"log"
"net/http" "net/http"
"strings" "strings"
"sync" "sync"
@ -107,6 +108,7 @@ type noAuth struct{}
// and the remotely offered authentication methods. // and the remotely offered authentication methods.
// First In, First Out. // First In, First Out.
func NewAutoAuth(login string, secret string) Authorizer { func NewAutoAuth(login string, secret string) Authorizer {
log.Printf("NewAutoAuth(%s, %s)", login, secret)
fmap := make([]authfactory, 0) fmap := make([]authfactory, 0)
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}} az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
@ -130,6 +132,7 @@ func NewAutoAuth(login string, secret string) Authorizer {
// First In, First Out. // First In, First Out.
// It offers the `NewAutoAuth` features. // It offers the `NewAutoAuth` features.
func NewEmptyAuth() Authorizer { func NewEmptyAuth() Authorizer {
log.Printf("NewEmptyAuth()")
fmap := make([]authfactory, 0) fmap := make([]authfactory, 0)
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}} az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
return az return az
@ -146,11 +149,13 @@ func NewEmptyAuth() Authorizer {
// without any synchronisation!! // without any synchronisation!!
// Still applicable with `BasicAuth` within go routines. // Still applicable with `BasicAuth` within go routines.
func NewPreemptiveAuth(auth Authenticator) Authorizer { func NewPreemptiveAuth(auth Authenticator) Authorizer {
log.Printf("NewPreemptiveAuth()")
return &preemptiveAuthorizer{auth: auth} return &preemptiveAuthorizer{auth: auth}
} }
// NewAuthenticator creates an Authenticator (Shim) per request // NewAuthenticator creates an Authenticator (Shim) per request
func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) { func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
log.Printf("authorizer.NewAuthenticator()")
var retryBuf io.Reader = body var retryBuf io.Reader = body
if body != nil { if body != nil {
// If the authorization fails, we will need to restart reading // If the authorization fails, we will need to restart reading
@ -177,6 +182,7 @@ func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader)
// AddAuthenticator appends the AuthFactory to our factories. // AddAuthenticator appends the AuthFactory to our factories.
// It converts the key to lower case and preserves the order. // It converts the key to lower case and preserves the order.
func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) { func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
log.Printf("authorizer.AddAuthenticator(%s)", key)
key = strings.ToLower(key) key = strings.ToLower(key)
for _, f := range a.factories { for _, f := range a.factories {
if f.key == key { if f.key == key {
@ -188,6 +194,7 @@ func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
// factory picks all valid Authenticators based on Www-Authenticate headers // factory picks all valid Authenticators based on Www-Authenticate headers
func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) { func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
log.Printf("authorizer.factory()")
headers := rs.Header.Values("Www-Authenticate") headers := rs.Header.Values("Www-Authenticate")
if len(headers) > 0 { if len(headers) > 0 {
auths := make([]Authenticator, 0) auths := make([]Authenticator, 0)
@ -223,6 +230,7 @@ func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (au
// setDefaultAuthenticator sets the default Authenticator // setDefaultAuthenticator sets the default Authenticator
func (a *authorizer) setDefaultAuthenticator(auth Authenticator) { func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
log.Printf("authorizer.setDefaultAuthenticator()")
a.defAuthMux.Lock() a.defAuthMux.Lock()
a.defAuth.Close() a.defAuth.Close()
a.defAuth = auth a.defAuth = auth
@ -231,6 +239,7 @@ func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
// Authorize the current request // Authorize the current request
func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) error { func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) error {
log.Printf("authShim.Authorize()")
if err := s.auth.Authorize(c, rq, path); err != nil { if err := s.auth.Authorize(c, rq, path); err != nil {
return err return err
} }
@ -252,6 +261,7 @@ func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) erro
// Verify checks for authentication issues and may trigger a re-authentication. // Verify checks for authentication issues and may trigger a re-authentication.
// Catches AlgoChangedErr to update the current Authenticator // Catches AlgoChangedErr to update the current Authenticator
func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) { func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
log.Printf("authShim.Verify()")
redo, err = s.auth.Verify(c, rs, path) redo, err = s.auth.Verify(c, rs, path)
if err != nil && errors.Is(err, ErrAuthChanged) { if err != nil && errors.Is(err, ErrAuthChanged) {
if auth, aerr := s.factory(c, rs, path); aerr == nil { if auth, aerr := s.factory(c, rs, path); aerr == nil {
@ -267,6 +277,7 @@ func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo
// Close closes all resources // Close closes all resources
func (s *authShim) Close() error { func (s *authShim) Close() error {
log.Printf("authShim.Close()")
s.auth.Close() s.auth.Close()
s.auth, s.factory = nil, nil s.auth, s.factory = nil, nil
if s.body != nil { if s.body != nil {
@ -280,16 +291,19 @@ func (s *authShim) Close() error {
// It's not intend to Clone the shim // It's not intend to Clone the shim
// therefore it returns a noAuth instance // therefore it returns a noAuth instance
func (s *authShim) Clone() Authenticator { func (s *authShim) Clone() Authenticator {
log.Printf("authShim.Clone()")
return &noAuth{} return &noAuth{}
} }
// String toString // String toString
func (s *authShim) String() string { func (s *authShim) String() string {
log.Printf("authShim.String()")
return "AuthShim" return "AuthShim"
} }
// Authorize authorizes the current request with the top most Authorizer // Authorize authorizes the current request with the top most Authorizer
func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) error { func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
log.Printf("negoAuth.Authorize()")
if len(n.auths) == 0 { if len(n.auths) == 0 {
return NewPathError("NoAuthenticator", path, 400) return NewPathError("NoAuthenticator", path, 400)
} }
@ -298,6 +312,7 @@ func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) erro
// Verify verifies the authentication and selects the next one based on the result // Verify verifies the authentication and selects the next one based on the result
func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) { func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
log.Printf("negoAuth.Verify()")
if len(n.auths) == 0 { if len(n.auths) == 0 {
return false, NewPathError("NoAuthenticator", path, 400) return false, NewPathError("NoAuthenticator", path, 400)
} }
@ -322,6 +337,7 @@ func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo
// Close will close the underlying authenticators. // Close will close the underlying authenticators.
func (n *negoAuth) Close() error { func (n *negoAuth) Close() error {
log.Printf("negoAuth.Close()")
for _, a := range n.auths { for _, a := range n.auths {
a.Close() a.Close()
} }
@ -331,6 +347,7 @@ func (n *negoAuth) Close() error {
// Clone clones the underlying authenticators. // Clone clones the underlying authenticators.
func (n *negoAuth) Clone() Authenticator { func (n *negoAuth) Clone() Authenticator {
log.Printf("negoAuth.Clone()")
auths := make([]Authenticator, len(n.auths)) auths := make([]Authenticator, len(n.auths))
for i, e := range n.auths { for i, e := range n.auths {
auths[i] = e.Clone() auths[i] = e.Clone()
@ -339,16 +356,19 @@ func (n *negoAuth) Clone() Authenticator {
} }
func (n *negoAuth) String() string { func (n *negoAuth) String() string {
log.Printf("negoAuth.String()")
return "NegoAuth" return "NegoAuth"
} }
// Authorize the current request // Authorize the current request
func (n *noAuth) Authorize(c *http.Client, rq *http.Request, path string) error { func (n *noAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
log.Printf("noAuth.Authorize()")
return nil return nil
} }
// Verify checks for authentication issues and may trigger a re-authentication // Verify checks for authentication issues and may trigger a re-authentication
func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) { func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
log.Printf("noAuth.Verify()")
if "" != rs.Header.Get("Www-Authenticate") { if "" != rs.Header.Get("Www-Authenticate") {
err = ErrAuthChanged err = ErrAuthChanged
} }
@ -357,53 +377,63 @@ func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bo
// Close closes all resources // Close closes all resources
func (n *noAuth) Close() error { func (n *noAuth) Close() error {
log.Printf("noAuth.Close()")
return nil return nil
} }
// Clone creates a copy of itself // Clone creates a copy of itself
func (n *noAuth) Clone() Authenticator { func (n *noAuth) Clone() Authenticator {
log.Printf("noAuth.Clone()")
// no copy due to read only access // no copy due to read only access
return n return n
} }
// String toString // String toString
func (n *noAuth) String() string { func (n *noAuth) String() string {
log.Printf("noAuth.String()")
return "NoAuth" return "NoAuth"
} }
// Authorize the current request // Authorize the current request
func (n *nullAuth) Authorize(c *http.Client, rq *http.Request, path string) error { func (n *nullAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
log.Printf("nullAuth.Authorize()")
rq.Header.Set(XInhibitRedirect, "1") rq.Header.Set(XInhibitRedirect, "1")
return nil return nil
} }
// Verify checks for authentication issues and may trigger a re-authentication // Verify checks for authentication issues and may trigger a re-authentication
func (n *nullAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) { func (n *nullAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
log.Printf("nullAuth.Verify()")
return true, ErrAuthChanged return true, ErrAuthChanged
} }
// Close closes all resources // Close closes all resources
func (n *nullAuth) Close() error { func (n *nullAuth) Close() error {
log.Printf("nullAuth.Close()")
return nil return nil
} }
// Clone creates a copy of itself // Clone creates a copy of itself
func (n *nullAuth) Clone() Authenticator { func (n *nullAuth) Clone() Authenticator {
log.Printf("nullAuth.Clone()")
// no copy due to read only access // no copy due to read only access
return n return n
} }
// String toString // String toString
func (n *nullAuth) String() string { func (n *nullAuth) String() string {
log.Printf("nullAuth.String()")
return "NullAuth" return "NullAuth"
} }
// NewAuthenticator creates an Authenticator (Shim) per request // NewAuthenticator creates an Authenticator (Shim) per request
func (b *preemptiveAuthorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) { func (b *preemptiveAuthorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
log.Printf("preemptiveAuthorizer.NewAuthenticator()")
return b.auth.Clone(), body return b.auth.Clone(), body
} }
// AddAuthenticator Will PANIC because it may only have a single authentication method // AddAuthenticator Will PANIC because it may only have a single authentication method
func (b *preemptiveAuthorizer) AddAuthenticator(key string, fn AuthFactory) { func (b *preemptiveAuthorizer) AddAuthenticator(key string, fn AuthFactory) {
log.Printf("preemptiveAuthorizer.AddAuthenticator()")
panic("You're funny! A preemptive authorizer may only have a single authentication method") panic("You're funny! A preemptive authorizer may only have a single authentication method")
} }