Skip to content
Snippets Groups Projects
Commit e32dbfc9 authored by lain's avatar lain
Browse files

Add basic auth.

parent a93f3421
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
config/test.exs
+ 4
0
View file @ e32dbfc9
......@@ -17,3 +17,7 @@
database: "pleroma_test",
hostname: "localhost",
pool: Ecto.Adapters.SQL.Sandbox
# Reduce hash rounds for testing
config :comeonin, :pbkdf2_rounds, 1
lib/pleroma/plugs/authentication_plug.ex 0 → 100644
+ 51
0
View file @ e32dbfc9
defmodule Pleroma.Plugs.AuthenticationPlug do
import Plug.Conn
def init(options) do
options
end
def call(conn, opts) do
with {:ok, username, password} <- decode_header(conn),
{:ok, user} <- opts[:fetcher].(username),
{:ok, verified_user} <- verify(user, password)
do
conn |> assign(:user, verified_user)
else
_ -> conn |> halt_or_continue(opts)
end
end
defp verify(nil, _password) do
Comeonin.Pbkdf2.dummy_checkpw
:error
end
defp verify(user, password) do
if Comeonin.Pbkdf2.checkpw(password, user[:password_hash]) do
{:ok, user}
else
:error
end
end
defp decode_header(conn) do
with ["Basic " <> header] <- get_req_header(conn, "authorization"),
{:ok, userinfo} <- Base.decode64(header),
[username, password] <- String.split(userinfo, ":")
do
{ :ok, username, password }
end
end
defp halt_or_continue(conn, %{optional: true}) do
conn |> assign(:user, nil)
end
defp halt_or_continue(conn, _) do
conn
|> put_resp_content_type("application/json")
|> send_resp(403, Poison.encode!(%{error: "Invalid credentials."}))
|> halt
end
end
mix.exs
+ 4
2
View file @ e32dbfc9
......@@ -17,7 +17,7 @@ def project do
# Type `mix help compile.app` for more information.
def application do
[mod: {Pleroma.Application, []},
extra_applications: [:logger, :runtime_tools]]
extra_applications: [:logger, :runtime_tools, :comeonin]]
end
# Specifies which paths to compile per environment.
......@@ -33,7 +33,9 @@ defp deps do
{:phoenix_ecto, "~> 3.2"},
{:postgrex, ">= 0.0.0"},
{:gettext, "~> 0.11"},
{:cowboy, "~> 1.0"}]
{:cowboy, "~> 1.0"},
{:comeonin, "~> 3.0"},
{:mix_test_watch, "~> 0.2", only: :dev}]
end
# Aliases are shortcuts or tasks specific to the current project.
......
mix.lock
+ 5
1
View file @ e32dbfc9
%{"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], []},
%{"comeonin": {:hex, :comeonin, "3.0.2", "8b213268a6634bd2e31a8035a963e974681d13ccc1f73f2ae664b6ac4e993c96", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, optional: false]}]},
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], []},
"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, optional: false]}]},
"cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], []},
"db_connection": {:hex, :db_connection, "1.1.2", "2865c2a4bae0714e2213a0ce60a1b12d76a6efba0c51fbda59c9ab8d1accc7a8", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, optional: false]}, {:poolboy, "~> 1.5", [hex: :poolboy, optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, optional: true]}]},
"decimal": {:hex, :decimal, "1.3.1", "157b3cedb2bfcb5359372a7766dd7a41091ad34578296e951f58a946fcab49c6", [:mix], []},
"ecto": {:hex, :ecto, "2.1.4", "d1ba932813ec0e0d9db481ef2c17777f1cefb11fc90fa7c142ff354972dfba7e", [:mix], [{:db_connection, "~> 1.1", [hex: :db_connection, optional: true]}, {:decimal, "~> 1.2", [hex: :decimal, optional: false]}, {:mariaex, "~> 0.8.0", [hex: :mariaex, optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, optional: true]}, {:poolboy, "~> 1.5", [hex: :poolboy, optional: false]}, {:postgrex, "~> 0.13.0", [hex: :postgrex, optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, optional: true]}]},
"elixir_make": {:hex, :elixir_make, "0.4.0", "992f38fabe705bb45821a728f20914c554b276838433349d4f2341f7a687cddf", [:mix], []},
"fs": {:hex, :fs, "2.12.0", "ad631efacc9a5683c8eaa1b274e24fa64a1b8eb30747e9595b93bec7e492e25e", [:rebar3], []},
"gettext": {:hex, :gettext, "0.13.1", "5e0daf4e7636d771c4c71ad5f3f53ba09a9ae5c250e1ab9c42ba9edccc476263", [:mix], []},
"mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [:mix], []},
"mix_test_watch": {:hex, :mix_test_watch, "0.3.3", "70859889a8d1d43d1b75d69d87258a301f43209a17787cdb2bd9cab42adf271d", [:mix], [{:fs, "~> 2.12", [hex: :fs, optional: false]}]},
"phoenix": {:hex, :phoenix, "1.3.0-rc.1", "0d04948a4bd24823f101024c07b6a4d35e58f1fd92a465c1bc75dd37acd1041a", [:mix], [{:cowboy, "~> 1.0", [hex: :cowboy, optional: true]}, {:phoenix_pubsub, "~> 1.0", [hex: :phoenix_pubsub, optional: false]}, {:plug, "~> 1.3.2 or ~> 1.4", [hex: :plug, optional: false]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, optional: false]}]},
"phoenix_ecto": {:hex, :phoenix_ecto, "3.2.3", "450c749876ff1de4a78fdb305a142a76817c77a1cd79aeca29e5fc9a6c630b26", [:mix], [{:ecto, "~> 2.1", [hex: :ecto, optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, optional: true]}, {:plug, "~> 1.0", [hex: :plug, optional: false]}]},
"phoenix_pubsub": {:hex, :phoenix_pubsub, "1.0.1", "c10ddf6237007c804bf2b8f3c4d5b99009b42eca3a0dfac04ea2d8001186056a", [:mix], []},
......
test/plugs/authentication_plug_test.exs 0 → 100644
+ 110
0
View file @ e32dbfc9
defmodule Pleroma.Plugs.AuthenticationPlugTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Plugs.AuthenticationPlug
defp fetch_nil(_name) do
{:ok, nil}
end
@user %{
id: 1,
name: "dude",
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
}
defp fetch_user(_name) do
{:ok, @user}
end
defp basic_auth_enc(username, password) do
"Basic " <> Base.encode64("#{username}:#{password}")
end
describe "without an authorization header" do
test "it halts the application" do
conn = build_conn() |> AuthenticationPlug.call(%{})
assert conn.status == 403
assert conn.halted == true
end
test "it assigns a nil user if the 'optional' option is used" do
conn = build_conn() |> AuthenticationPlug.call(%{optional: true})
assert %{ user: nil } == conn.assigns
end
end
describe "with an authorization header for a nonexisting user" do
test "it halts the application" do
conn =
build_conn()
|> AuthenticationPlug.call(%{fetcher: &fetch_nil/1})
assert conn.status == 403
assert conn.halted == true
end
test "it assigns a nil user if the 'optional' option is used" do
conn =
build_conn()
|> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1 })
assert %{ user: nil } == conn.assigns
end
end
describe "with an incorrect authorization header for a enxisting user" do
test "it halts the application" do
opts = %{
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "man")
conn =
build_conn()
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert conn.status == 403
assert conn.halted == true
end
test "it assigns a nil user if the 'optional' option is used" do
opts = %{
optional: true,
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "man")
conn =
build_conn()
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert %{ user: nil } == conn.assigns
end
end
describe "with a correct authorization header for an existing user" do
test "it assigns the user" do
opts = %{
optional: true,
fetcher: &fetch_user/1
}
header = basic_auth_enc("dude", "guy")
conn =
build_conn()
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert %{ user: @user } == conn.assigns
assert conn.halted == false
end
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment