Skip to content

Commit

Permalink
add realm flag
Browse files Browse the repository at this point in the history
  • Loading branch information
agrafix committed Apr 9, 2021
1 parent d06b65c commit 2d3b40d
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 10 deletions.
2 changes: 1 addition & 1 deletion servant-client/test/Servant/ClientTestUtils.hs
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ basicAuthHandler =
if username == "servant" && password == "server"
then return (Authorized ())
else return Unauthorized
in BasicAuthCheck check
in BasicAuthCheck True check

basicServerContext :: Context '[ BasicAuthCheck () ]
basicServerContext = basicAuthHandler :. EmptyContext
Expand Down
2 changes: 1 addition & 1 deletion servant-http-streams/test/Servant/ClientSpec.hs
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ basicAuthHandler =
if username == "servant" && password == "server"
then return (Authorized ())
else return Unauthorized
in BasicAuthCheck check
in BasicAuthCheck True check

basicServerContext :: Context '[ BasicAuthCheck () ]
basicServerContext = basicAuthHandler :. EmptyContext
Expand Down
2 changes: 1 addition & 1 deletion servant-server/src/Servant/Server.hs
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ module Servant.Server
, descendIntoNamedContext

-- * Basic Authentication
, BasicAuthCheck(BasicAuthCheck, unBasicAuthCheck)
, BasicAuthCheck(BasicAuthCheck, basicAuthRunCheck, basicAuthPresentChallenge)
, BasicAuthResult(..)

-- * General Authentication
Expand Down
15 changes: 10 additions & 5 deletions servant-server/src/Servant/Server/Internal/BasicAuth.hs
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,12 @@ data BasicAuthResult usr
deriving (Eq, Show, Read, Generic, Typeable, Functor)

-- | Datatype wrapping a function used to check authentication.
newtype BasicAuthCheck usr = BasicAuthCheck
{ unBasicAuthCheck :: BasicAuthData
-> IO (BasicAuthResult usr)
data BasicAuthCheck usr
= BasicAuthCheck
{ basicAuthPresentChallenge :: Bool
-- ^ Decides if we'll send a @WWW-Authenticate@ HTTP header. Sending the header causes browser to
-- surface a prompt for user name and password, which may be undesirable for APIs.
, basicAuthRunCheck :: BasicAuthData -> IO (BasicAuthResult usr)
}
deriving (Generic, Typeable, Functor)

Expand All @@ -68,12 +71,14 @@ decodeBAHdr req = do
-- | Run and check basic authentication, returning the appropriate http error per
-- the spec.
runBasicAuth :: Request -> BS.ByteString -> BasicAuthCheck usr -> DelayedIO usr
runBasicAuth req realm (BasicAuthCheck ba) =
runBasicAuth req realm (BasicAuthCheck presentChallenge ba) =
case decodeBAHdr req of
Nothing -> plzAuthenticate
Just e -> liftIO (ba e) >>= \res -> case res of
BadPassword -> plzAuthenticate
NoSuchUser -> plzAuthenticate
Unauthorized -> delayedFailFatal err403
Authorized usr -> return usr
where plzAuthenticate = delayedFailFatal err401 { errHeaders = [mkBAChallengerHdr realm] }
where
plzAuthenticate =
delayedFailFatal err401 { errHeaders = [mkBAChallengerHdr realm | presentChallenge] }
2 changes: 1 addition & 1 deletion servant-server/test/Servant/Server/ErrorSpec.hs
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ errorOrderAuthCheck =
if username == "servant" && password == "server"
then return (Authorized ())
else return Unauthorized
in BasicAuthCheck check
in BasicAuthCheck True check

------------------------------------------------------------------------------
-- * Error Order {{{
Expand Down
2 changes: 1 addition & 1 deletion servant-server/test/Servant/ServerSpec.hs
Original file line number Diff line number Diff line change
Expand Up @@ -744,7 +744,7 @@ basicAuthServer =

basicAuthContext :: Context '[ BasicAuthCheck () ]
basicAuthContext =
let basicHandler = BasicAuthCheck $ \(BasicAuthData usr pass) ->
let basicHandler = BasicAuthCheck True $ \(BasicAuthData usr pass) ->
if usr == "servant" && pass == "server"
then return (Authorized ())
else return Unauthorized
Expand Down

0 comments on commit 2d3b40d

Please sign in to comment.