From c6069804ab26c29dfefa9b7125ddf24c22cbb366 Mon Sep 17 00:00:00 2001
From: helge <helge@e4a50df8-12e2-0310-a44c-efbce7f8a7e3>
Date: Tue, 19 Oct 2004 13:46:37 +0000
Subject: [PATCH] minor fix in authenticator

git-svn-id: http://svn.opengroupware.org/SOPE/trunk@277 e4a50df8-12e2-0310-a44c-efbce7f8a7e3
---
 sope-appserver/NGObjWeb/ChangeLog             |  6 ++
 .../NGObjWeb/SoObjects/SoHTTPAuthenticator.m  | 59 +++++++++----------
 sope-appserver/NGObjWeb/Version               |  2 +-
 3 files changed, 36 insertions(+), 31 deletions(-)

diff --git a/sope-appserver/NGObjWeb/ChangeLog b/sope-appserver/NGObjWeb/ChangeLog
index 542ae2a2..6e981dbd 100644
--- a/sope-appserver/NGObjWeb/ChangeLog
+++ b/sope-appserver/NGObjWeb/ChangeLog
@@ -1,3 +1,9 @@
+2004-10-19  Helge Hess  <helge.hess@skyrix.com>
+	
+	* SoObjects/SoHTTPAuthenticator.m: return 401 instead of 400 if the
+	  authentication method was not recognized (eg if Evo attempts an NTLM
+	  connect) (v4.3.68)
+
 2004-10-17  Helge Hess  <helge.hess@opengroupware.org>
 
 	* include config.make if available (v4.3.67)
diff --git a/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m b/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m
index 93eb7f2b..6f29469a 100644
--- a/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m
+++ b/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m
@@ -18,7 +18,6 @@
   Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
   02111-1307, USA.
 */
-// $Id$
 
 #include "SoHTTPAuthenticator.h"
 #include "SoUser.h"
@@ -165,6 +164,21 @@
   return [[[SoUser alloc] initWithLogin:login roles:uroles] autorelease];
 }
 
+- (WOResponse *)unauthorized:(NSString *)_reason inContext:(WOContext *)_ctx {
+  WOResponse *r;
+  NSString *auth;
+
+  if ([_reason length] == 0) _reason = @"Unauthorized";
+  
+  auth = [NSString stringWithFormat:@"basic realm=\"%@\"", [self authRealm]];
+  
+  r = [_ctx response];
+  [r setStatus:401 /* unauthorized */];
+  [r setHeader:auth forKey:@"www-authenticate"];
+  [r appendContentString:_reason];
+  return r;
+}
+
 - (WOResponse *)preprocessCredentialsInContext:(WOContext *)_ctx {
   WOResponse *r;
   NSString *auth;
@@ -187,37 +201,32 @@
   r = [_ctx response];
   if ([auth length] < 6) {
     [self logWithFormat:@"tried unknown authentication method: %@ (A)", auth];
-    [r setStatus:400 /* bad request */];
-    [r appendContentString:@"tried unsupported authentication"];
-    return r;
+    return [self unauthorized:@"unsupported authentication method"
+                 inContext:_ctx];
   }
   k = [[auth substringToIndex:5] lowercaseString];
   if (![k hasPrefix:@"basic"]) {
     [self logWithFormat:@"tried unknown authentication method: %@ (B)", auth];
-    [r setStatus:400 /* bad request */];
-    [r appendContentString:@"tried unsupported authentication"];
-    return r;
+    return [self unauthorized:@"unsupported authentication method"
+                 inContext:_ctx];
   }
   
   k = [auth substringFromIndex:6];
   if ((k = [k stringByDecodingBase64]) == nil) {
     [self logWithFormat:@"tried unknown authentication method: %@ (C)", auth];
-    [r setStatus:400 /* bad request */];
-    [r appendContentString:@"could not decode base64 credentials"];
-    return r;
+    return [self unauthorized:@"unsupported authentication method"
+                 inContext:_ctx];
   }
 
   rng = [k rangeOfString:@":"];
   if (rng.length <= 0) {
-    [self logWithFormat:@"got malformed basic credentials!"];
-    [r setStatus:400 /* bad request */];
-    [r appendContentString:@"did not find colon separator in credentials"];
-    return r;
+    [self logWithFormat:@"got malformed basic credentials (missing colon)!"];
+    return [self unauthorized:@"malformed basic credentials!" inContext:_ctx];
   }
-
+  
   user = [k substringToIndex:rng.location];
   pwd  = [k substringFromIndex:(rng.location + rng.length)];
-
+  
   rng = [user rangeOfString:@"\\"];
   if (rng.length > 0) {
     [self debugWithFormat:@"splitting of domain in user: '%@'", user];
@@ -226,28 +235,18 @@
   
   if ([user length] == 0) {
     [self logWithFormat:@"got malformed basic credentials!"];
-    [r setStatus:400 /* bad request */];
-    [r appendContentString:@"invalid login in credentials"];
-    return r;
+    return [self unauthorized:@"empty login in credentials?" inContext:_ctx];
   }
   if ([pwd length] == 0) {
     [self logWithFormat:@"got empty password for user '%@'!", user];
-    
-    auth = [NSString stringWithFormat:@"basic realm=\"%@\"",[self authRealm]];
-    [r setStatus:401 /* unauthorized */];
-    [r setHeader:auth forKey:@"www-authenticate"];
-    [r appendContentString:@"empty password in credentials"];
-    return r;
+    return [self unauthorized:@"empty passwords unsupported!" inContext:_ctx];
   }
   
   /* authenticate valid credentials */
-
+  
   if (![self checkLogin:user password:pwd]) {
     [self logWithFormat:@"tried wrong password for user '%@'!", user];
-    auth = [NSString stringWithFormat:@"basic realm=\"%@\"",[self authRealm]];
-    [r setStatus:401 /* unauthorized */];
-    [r setHeader:auth forKey:@"www-authenticate"];
-    return r;
+    return [self unauthorized:nil inContext:_ctx];
   }
   
   //[self debugWithFormat:@"authenticated user '%@'", user];
diff --git a/sope-appserver/NGObjWeb/Version b/sope-appserver/NGObjWeb/Version
index a147ab14..5bd9547b 100644
--- a/sope-appserver/NGObjWeb/Version
+++ b/sope-appserver/NGObjWeb/Version
@@ -1,6 +1,6 @@
 # version file
 
-SUBMINOR_VERSION:=67
+SUBMINOR_VERSION:=68
 
 # v4.3.42  requires libNGExtensions v4.3.116
 # v4.3.40  requires libNGExtensions v4.3.115
-- 
2.39.5