Feat: Authentication API
The changes simplify the `req` method by moving the authentication-related code into the API. This makes it easy to add additional authentication methods. The API introduces an `Authorizer` that acts as an authenticator factory. The authentication flow itself is divided down into `Authorize` and `Verify` steps in order to encapsulate and control complex authentication challenges. The default `NewAutoAuth` negotiates the algorithms. Under the hood, it creates an authenticator shim per request, which delegates the authentication flow to our authenticators. The `NewEmptyAuth` and `NewPreemptiveAuth` authorizers allow you to have more control over algorithms and resources. The API also allows interception of the redirect mechanism by setting the `XInhibitRedirect` header. This closes: #15 #24 #38
This commit is contained in:
Christoph Polcin
committed by
Christoph Polcin
Christoph Polcin
parent
3282f94193
commit
ca40e2802e
@@ -17,32 +17,46 @@ type DigestAuth struct {
|
||||
digestParts map[string]string
|
||||
}
|
||||
|
||||
// Type identifies the DigestAuthenticator
|
||||
func (d *DigestAuth) Type() string {
|
||||
return "DigestAuth"
|
||||
}
|
||||
|
||||
// User holds the DigestAuth username
|
||||
func (d *DigestAuth) User() string {
|
||||
return d.user
|
||||
}
|
||||
|
||||
// Pass holds the DigestAuth password
|
||||
func (d *DigestAuth) Pass() string {
|
||||
return d.pw
|
||||
// NewDigestAuth creates a new instance of our Digest Authenticator
|
||||
func NewDigestAuth(login, secret string, rs *http.Response) (Authenticator, error) {
|
||||
return &DigestAuth{login, secret, digestParts(rs)}, nil
|
||||
}
|
||||
|
||||
// Authorize the current request
|
||||
func (d *DigestAuth) Authorize(req *http.Request, method string, path string) {
|
||||
parts := make(map[string]string, len(d.digestParts)+4)
|
||||
func (d *DigestAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
|
||||
d.digestParts["uri"] = path
|
||||
d.digestParts["method"] = rq.Method
|
||||
d.digestParts["username"] = d.user
|
||||
d.digestParts["password"] = d.pw
|
||||
rq.Header.Set("Authorization", getDigestAuthorization(d.digestParts))
|
||||
return nil
|
||||
}
|
||||
|
||||
// Verify checks for authentication issues and may trigger a re-authentication
|
||||
func (d *DigestAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
|
||||
if rs.StatusCode == 401 {
|
||||
err = NewPathError("Authorize", path, rs.StatusCode)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Close cleans up all resources
|
||||
func (d *DigestAuth) Close() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Clone creates a copy of itself
|
||||
func (d *DigestAuth) Clone() Authenticator {
|
||||
parts := make(map[string]string, len(d.digestParts))
|
||||
for k, v := range d.digestParts {
|
||||
parts[k] = v
|
||||
}
|
||||
parts["uri"] = path
|
||||
parts["method"] = method
|
||||
parts["username"] = d.user
|
||||
parts["password"] = d.pw
|
||||
req.Header.Set("Authorization", getDigestAuthorization(parts))
|
||||
return &DigestAuth{d.user, d.pw, parts}
|
||||
}
|
||||
|
||||
// String toString
|
||||
func (d *DigestAuth) String() string {
|
||||
return fmt.Sprintf("DigestAuth login: %s", d.user)
|
||||
}
|
||||
|
||||
func digestParts(resp *http.Response) map[string]string {
|
||||
|
||||
Reference in New Issue
Block a user