Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA.
*/
-// $Id$
#include "SoHTTPAuthenticator.h"
#include "SoUser.h"
return [[[SoUser alloc] initWithLogin:login roles:uroles] autorelease];
}
+- (WOResponse *)unauthorized:(NSString *)_reason inContext:(WOContext *)_ctx {
+ WOResponse *r;
+ NSString *auth;
+
+ if ([_reason length] == 0) _reason = @"Unauthorized";
+
+ auth = [NSString stringWithFormat:@"basic realm=\"%@\"", [self authRealm]];
+
+ r = [_ctx response];
+ [r setStatus:401 /* unauthorized */];
+ [r setHeader:auth forKey:@"www-authenticate"];
+ [r appendContentString:_reason];
+ return r;
+}
+
- (WOResponse *)preprocessCredentialsInContext:(WOContext *)_ctx {
WOResponse *r;
NSString *auth;
r = [_ctx response];
if ([auth length] < 6) {
[self logWithFormat:@"tried unknown authentication method: %@ (A)", auth];
- [r setStatus:400 /* bad request */];
- [r appendContentString:@"tried unsupported authentication"];
- return r;
+ return [self unauthorized:@"unsupported authentication method"
+ inContext:_ctx];
}
k = [[auth substringToIndex:5] lowercaseString];
if (![k hasPrefix:@"basic"]) {
[self logWithFormat:@"tried unknown authentication method: %@ (B)", auth];
- [r setStatus:400 /* bad request */];
- [r appendContentString:@"tried unsupported authentication"];
- return r;
+ return [self unauthorized:@"unsupported authentication method"
+ inContext:_ctx];
}
k = [auth substringFromIndex:6];
if ((k = [k stringByDecodingBase64]) == nil) {
[self logWithFormat:@"tried unknown authentication method: %@ (C)", auth];
- [r setStatus:400 /* bad request */];
- [r appendContentString:@"could not decode base64 credentials"];
- return r;
+ return [self unauthorized:@"unsupported authentication method"
+ inContext:_ctx];
}
rng = [k rangeOfString:@":"];
if (rng.length <= 0) {
- [self logWithFormat:@"got malformed basic credentials!"];
- [r setStatus:400 /* bad request */];
- [r appendContentString:@"did not find colon separator in credentials"];
- return r;
+ [self logWithFormat:@"got malformed basic credentials (missing colon)!"];
+ return [self unauthorized:@"malformed basic credentials!" inContext:_ctx];
}
-
+
user = [k substringToIndex:rng.location];
pwd = [k substringFromIndex:(rng.location + rng.length)];
-
+
rng = [user rangeOfString:@"\\"];
if (rng.length > 0) {
[self debugWithFormat:@"splitting of domain in user: '%@'", user];
if ([user length] == 0) {
[self logWithFormat:@"got malformed basic credentials!"];
- [r setStatus:400 /* bad request */];
- [r appendContentString:@"invalid login in credentials"];
- return r;
+ return [self unauthorized:@"empty login in credentials?" inContext:_ctx];
}
if ([pwd length] == 0) {
[self logWithFormat:@"got empty password for user '%@'!", user];
-
- auth = [NSString stringWithFormat:@"basic realm=\"%@\"",[self authRealm]];
- [r setStatus:401 /* unauthorized */];
- [r setHeader:auth forKey:@"www-authenticate"];
- [r appendContentString:@"empty password in credentials"];
- return r;
+ return [self unauthorized:@"empty passwords unsupported!" inContext:_ctx];
}
/* authenticate valid credentials */
-
+
if (![self checkLogin:user password:pwd]) {
[self logWithFormat:@"tried wrong password for user '%@'!", user];
- auth = [NSString stringWithFormat:@"basic realm=\"%@\"",[self authRealm]];
- [r setStatus:401 /* unauthorized */];
- [r setHeader:auth forKey:@"www-authenticate"];
- return r;
+ return [self unauthorized:nil inContext:_ctx];
}
//[self debugWithFormat:@"authenticated user '%@'", user];
projects / sope / commitdiff