From 07c0d2e8fed7d6c02f6f3d762be0eaf1e42d0255 Mon Sep 17 00:00:00 2001 From: Frank Bille Date: Wed, 4 Mar 2015 23:15:03 +0100 Subject: [PATCH 1/2] Add customizable Realm for Basic authentication Depending on the use case, it might be useful to be able to have different realms for different route groups. --- auth.go | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/auth.go b/auth.go index 7602d726..9caf072e 100644 --- a/auth.go +++ b/auth.go @@ -8,6 +8,7 @@ import ( "crypto/subtle" "encoding/base64" "errors" + "fmt" "sort" ) @@ -28,9 +29,10 @@ func (a authPairs) Len() int { return len(a) } func (a authPairs) Swap(i, j int) { a[i], a[j] = a[j], a[i] } func (a authPairs) Less(i, j int) bool { return a[i].Value < a[j].Value } -// Implements a basic Basic HTTP Authorization. It takes as argument a map[string]string where -// the key is the user name and the value is the password. -func BasicAuth(accounts Accounts) HandlerFunc { +// Implements a basic Basic HTTP Authorization. It takes as arguments a map[string]string where +// the key is the user name and the value is the password, as well as the name of the Realm +// (see http://tools.ietf.org/html/rfc2617#section-1.2) +func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc { pairs, err := processAccounts(accounts) if err != nil { panic(err) @@ -40,7 +42,10 @@ func BasicAuth(accounts Accounts) HandlerFunc { user, ok := searchCredential(pairs, c.Request.Header.Get("Authorization")) if !ok { // Credentials doesn't match, we return 401 Unauthorized and abort request. - c.Writer.Header().Set("WWW-Authenticate", "Basic realm=\"Authorization Required\"") + if realm == "" { + realm = "Authorization Required" + } + c.Writer.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", realm)) c.Fail(401, errors.New("Unauthorized")) } else { // user is allowed, set UserId to key "user" in this context, the userId can be read later using @@ -50,6 +55,12 @@ func BasicAuth(accounts Accounts) HandlerFunc { } } +// Implements a basic Basic HTTP Authorization. It takes as argument a map[string]string where +// the key is the user name and the value is the password. +func BasicAuth(accounts Accounts) HandlerFunc { + return BasicAuthForRealm(accounts, "") +} + func processAccounts(accounts Accounts) (authPairs, error) { if len(accounts) == 0 { return nil, errors.New("Empty list of authorized credentials") From 5e3a096828af32eca7f346012d9aaa3634760f8e Mon Sep 17 00:00:00 2001 From: Frank Bille Date: Wed, 4 Mar 2015 23:38:17 +0100 Subject: [PATCH 2/2] Added test for custom realm --- auth_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/auth_test.go b/auth_test.go index d60c587b..067dfb19 100644 --- a/auth_test.go +++ b/auth_test.go @@ -59,3 +59,27 @@ func TestBasicAuth401(t *testing.T) { t.Errorf("WWW-Authenticate header is incorrect: %s", w.HeaderMap.Get("Content-Type")) } } + +func TestBasicAuth401WithCustomRealm(t *testing.T) { + req, _ := http.NewRequest("GET", "/login", nil) + w := httptest.NewRecorder() + + r := New() + accounts := Accounts{"foo": "bar"} + r.Use(BasicAuthForRealm(accounts, "My Custom Realm")) + + r.GET("/login", func(c *Context) { + c.String(200, "autorized") + }) + + req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password"))) + r.ServeHTTP(w, req) + + if w.Code != 401 { + t.Errorf("Response code should be Not autorized, was: %s", w.Code) + } + + if w.HeaderMap.Get("WWW-Authenticate") != "Basic realm=\"My Custom Realm\"" { + t.Errorf("WWW-Authenticate header is incorrect: %s", w.HeaderMap.Get("Content-Type")) + } +}