diff options
| author | Ed Tanous <ed.tanous@intel.com> | 2018-03-27 17:45:20 -0700 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2018-04-22 18:16:47 +0000 |
| commit | 1ea9f063b6472271336bf225665aea4dc17c7d77 (patch) | |
| tree | 38f8559e9681729f7437259f94cee7bbf7d89fab /include | |
| parent | bae064e493fcf02c233b0ec37666c31b9158cb09 (diff) | |
| download | bmcweb-1ea9f063b6472271336bf225665aea4dc17c7d77.tar.gz bmcweb-1ea9f063b6472271336bf225665aea4dc17c7d77.zip | |
Make middleware try other auth types on auth failure
This commit makes the authentication middleware attempt other auth
mechanisms if available from the user.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Tested By: Phosphor webui launches and logs in. Redfish endpoints now
work with a cookie present.
Change-Id: I7c11d4b5eb3c32c8e2b9ba348b70a55bfb72bd4e
Diffstat (limited to 'include')
| -rw-r--r-- | include/token_authorization_middleware.hpp | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp index c89dcdd..59e9cca 100644 --- a/include/token_authorization_middleware.hpp +++ b/include/token_authorization_middleware.hpp @@ -26,20 +26,20 @@ class Middleware { return; } - if (req.headers.count("X-Auth-Token") == 1) { - ctx.session = perform_xtoken_auth(req); - } else if (req.headers.count("Cookie") == 1) { + ctx.session = perform_xtoken_auth(req); + + if (ctx.session == nullptr) { ctx.session = perform_cookie_auth(req); - } else { - std::string auth_header = req.get_header_value("Authorization"); - if (auth_header != "") { - // Reject any kind of auth other than basic or token - if (boost::starts_with(auth_header, "Token ")) { - ctx.session = perform_token_auth(auth_header); - } else if (boost::starts_with(auth_header, "Basic ")) { - ctx.session = perform_basic_auth(auth_header); - } - } + } + + const std::string& auth_header = req.get_header_value("Authorization"); + // Reject any kind of auth other than basic or token + if (ctx.session == nullptr && boost::starts_with(auth_header, "Token ")) { + ctx.session = perform_token_auth(auth_header); + } + + if (ctx.session == nullptr && boost::starts_with(auth_header, "Basic ")) { + ctx.session = perform_basic_auth(auth_header); } if (ctx.session == nullptr) { @@ -119,7 +119,10 @@ class Middleware { const crow::request& req) const { CROW_LOG_DEBUG << "[AuthMiddleware] X-Auth-Token authentication"; - auto& token = req.get_header_value("X-Auth-Token"); + const std::string& token = req.get_header_value("X-Auth-Token"); + if (token.empty()) { + return nullptr; + } auto session = PersistentData::session_store->login_session_by_token(token); return session; } @@ -129,6 +132,9 @@ class Middleware { CROW_LOG_DEBUG << "[AuthMiddleware] Cookie authentication"; auto& cookie_value = req.get_header_value("Cookie"); + if (cookie_value.empty()) { + return nullptr; + } auto start_index = cookie_value.find("SESSION="); if (start_index == std::string::npos) { |
