more debug
This commit is contained in:
parent
d59e787694
commit
331e1f8e16
30
auth.go
30
auth.go
@ -4,6 +4,7 @@ import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
@ -107,6 +108,7 @@ type noAuth struct{}
|
||||
// and the remotely offered authentication methods.
|
||||
// First In, First Out.
|
||||
func NewAutoAuth(login string, secret string) Authorizer {
|
||||
log.Printf("NewAutoAuth(%s, %s)", login, secret)
|
||||
fmap := make([]authfactory, 0)
|
||||
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
|
||||
|
||||
@ -130,6 +132,7 @@ func NewAutoAuth(login string, secret string) Authorizer {
|
||||
// First In, First Out.
|
||||
// It offers the `NewAutoAuth` features.
|
||||
func NewEmptyAuth() Authorizer {
|
||||
log.Printf("NewEmptyAuth()")
|
||||
fmap := make([]authfactory, 0)
|
||||
az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
|
||||
return az
|
||||
@ -146,11 +149,13 @@ func NewEmptyAuth() Authorizer {
|
||||
// without any synchronisation!!
|
||||
// Still applicable with `BasicAuth` within go routines.
|
||||
func NewPreemptiveAuth(auth Authenticator) Authorizer {
|
||||
log.Printf("NewPreemptiveAuth()")
|
||||
return &preemptiveAuthorizer{auth: auth}
|
||||
}
|
||||
|
||||
// NewAuthenticator creates an Authenticator (Shim) per request
|
||||
func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
|
||||
log.Printf("authorizer.NewAuthenticator()")
|
||||
var retryBuf io.Reader = body
|
||||
if body != nil {
|
||||
// If the authorization fails, we will need to restart reading
|
||||
@ -177,6 +182,7 @@ func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader)
|
||||
// AddAuthenticator appends the AuthFactory to our factories.
|
||||
// It converts the key to lower case and preserves the order.
|
||||
func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
|
||||
log.Printf("authorizer.AddAuthenticator(%s)", key)
|
||||
key = strings.ToLower(key)
|
||||
for _, f := range a.factories {
|
||||
if f.key == key {
|
||||
@ -188,6 +194,7 @@ func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
|
||||
|
||||
// factory picks all valid Authenticators based on Www-Authenticate headers
|
||||
func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
|
||||
log.Printf("authorizer.factory()")
|
||||
headers := rs.Header.Values("Www-Authenticate")
|
||||
if len(headers) > 0 {
|
||||
auths := make([]Authenticator, 0)
|
||||
@ -223,6 +230,7 @@ func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (au
|
||||
|
||||
// setDefaultAuthenticator sets the default Authenticator
|
||||
func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
|
||||
log.Printf("authorizer.setDefaultAuthenticator()")
|
||||
a.defAuthMux.Lock()
|
||||
a.defAuth.Close()
|
||||
a.defAuth = auth
|
||||
@ -231,6 +239,7 @@ func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
|
||||
|
||||
// Authorize the current request
|
||||
func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||
log.Printf("authShim.Authorize()")
|
||||
if err := s.auth.Authorize(c, rq, path); err != nil {
|
||||
return err
|
||||
}
|
||||
@ -252,6 +261,7 @@ func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) erro
|
||||
// Verify checks for authentication issues and may trigger a re-authentication.
|
||||
// Catches AlgoChangedErr to update the current Authenticator
|
||||
func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||
log.Printf("authShim.Verify()")
|
||||
redo, err = s.auth.Verify(c, rs, path)
|
||||
if err != nil && errors.Is(err, ErrAuthChanged) {
|
||||
if auth, aerr := s.factory(c, rs, path); aerr == nil {
|
||||
@ -267,6 +277,7 @@ func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo
|
||||
|
||||
// Close closes all resources
|
||||
func (s *authShim) Close() error {
|
||||
log.Printf("authShim.Close()")
|
||||
s.auth.Close()
|
||||
s.auth, s.factory = nil, nil
|
||||
if s.body != nil {
|
||||
@ -280,16 +291,19 @@ func (s *authShim) Close() error {
|
||||
// It's not intend to Clone the shim
|
||||
// therefore it returns a noAuth instance
|
||||
func (s *authShim) Clone() Authenticator {
|
||||
log.Printf("authShim.Clone()")
|
||||
return &noAuth{}
|
||||
}
|
||||
|
||||
// String toString
|
||||
func (s *authShim) String() string {
|
||||
log.Printf("authShim.String()")
|
||||
return "AuthShim"
|
||||
}
|
||||
|
||||
// Authorize authorizes the current request with the top most Authorizer
|
||||
func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||
log.Printf("negoAuth.Authorize()")
|
||||
if len(n.auths) == 0 {
|
||||
return NewPathError("NoAuthenticator", path, 400)
|
||||
}
|
||||
@ -298,6 +312,7 @@ func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) erro
|
||||
|
||||
// Verify verifies the authentication and selects the next one based on the result
|
||||
func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||
log.Printf("negoAuth.Verify()")
|
||||
if len(n.auths) == 0 {
|
||||
return false, NewPathError("NoAuthenticator", path, 400)
|
||||
}
|
||||
@ -322,6 +337,7 @@ func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo
|
||||
|
||||
// Close will close the underlying authenticators.
|
||||
func (n *negoAuth) Close() error {
|
||||
log.Printf("negoAuth.Close()")
|
||||
for _, a := range n.auths {
|
||||
a.Close()
|
||||
}
|
||||
@ -331,6 +347,7 @@ func (n *negoAuth) Close() error {
|
||||
|
||||
// Clone clones the underlying authenticators.
|
||||
func (n *negoAuth) Clone() Authenticator {
|
||||
log.Printf("negoAuth.Clone()")
|
||||
auths := make([]Authenticator, len(n.auths))
|
||||
for i, e := range n.auths {
|
||||
auths[i] = e.Clone()
|
||||
@ -339,16 +356,19 @@ func (n *negoAuth) Clone() Authenticator {
|
||||
}
|
||||
|
||||
func (n *negoAuth) String() string {
|
||||
log.Printf("negoAuth.String()")
|
||||
return "NegoAuth"
|
||||
}
|
||||
|
||||
// Authorize the current request
|
||||
func (n *noAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||
log.Printf("noAuth.Authorize()")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Verify checks for authentication issues and may trigger a re-authentication
|
||||
func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||
log.Printf("noAuth.Verify()")
|
||||
if "" != rs.Header.Get("Www-Authenticate") {
|
||||
err = ErrAuthChanged
|
||||
}
|
||||
@ -357,53 +377,63 @@ func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bo
|
||||
|
||||
// Close closes all resources
|
||||
func (n *noAuth) Close() error {
|
||||
log.Printf("noAuth.Close()")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Clone creates a copy of itself
|
||||
func (n *noAuth) Clone() Authenticator {
|
||||
log.Printf("noAuth.Clone()")
|
||||
// no copy due to read only access
|
||||
return n
|
||||
}
|
||||
|
||||
// String toString
|
||||
func (n *noAuth) String() string {
|
||||
log.Printf("noAuth.String()")
|
||||
return "NoAuth"
|
||||
}
|
||||
|
||||
// Authorize the current request
|
||||
func (n *nullAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||
log.Printf("nullAuth.Authorize()")
|
||||
rq.Header.Set(XInhibitRedirect, "1")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Verify checks for authentication issues and may trigger a re-authentication
|
||||
func (n *nullAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||
log.Printf("nullAuth.Verify()")
|
||||
return true, ErrAuthChanged
|
||||
}
|
||||
|
||||
// Close closes all resources
|
||||
func (n *nullAuth) Close() error {
|
||||
log.Printf("nullAuth.Close()")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Clone creates a copy of itself
|
||||
func (n *nullAuth) Clone() Authenticator {
|
||||
log.Printf("nullAuth.Clone()")
|
||||
// no copy due to read only access
|
||||
return n
|
||||
}
|
||||
|
||||
// String toString
|
||||
func (n *nullAuth) String() string {
|
||||
log.Printf("nullAuth.String()")
|
||||
return "NullAuth"
|
||||
}
|
||||
|
||||
// NewAuthenticator creates an Authenticator (Shim) per request
|
||||
func (b *preemptiveAuthorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
|
||||
log.Printf("preemptiveAuthorizer.NewAuthenticator()")
|
||||
return b.auth.Clone(), body
|
||||
}
|
||||
|
||||
// AddAuthenticator Will PANIC because it may only have a single authentication method
|
||||
func (b *preemptiveAuthorizer) AddAuthenticator(key string, fn AuthFactory) {
|
||||
log.Printf("preemptiveAuthorizer.AddAuthenticator()")
|
||||
panic("You're funny! A preemptive authorizer may only have a single authentication method")
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user