Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor HTTP Server Authentication code #169

Open
wants to merge 2 commits into
base: v1.x/staging
Choose a base branch
from

Conversation

lchudinov
Copy link
Contributor

@lchudinov lchudinov commented Sep 7, 2020

This is a follow up for #162.

  1. This PR makes request->authenticated field always actual.
  2. In the case when SERVICE_AUTH_FLAG_OPTIONAL is set. The intent is to distinguish
    1. the case when SAF authentication was attempted because some auth data was provided on the request(in HTTP headers,
      cookies). In this case:
      • if SAF authentication was successful the HTTP server calls the service handler
      • otherwise, the HTTP server responds with HTTP 401 immediately
    2. the case when no auth data was provided on the request. In this case
      • the HTTP server calls the service handle

@lchudinov lchudinov changed the base branch from master to staging September 7, 2020 05:44
@lchudinov lchudinov force-pushed the feature/refactor-auth-code branch 5 times, most recently from d036319 to d14649d Compare September 9, 2020 10:28
@lchudinov lchudinov self-assigned this Sep 9, 2020
@lchudinov lchudinov marked this pull request as ready for review September 9, 2020 11:40
@lchudinov lchudinov marked this pull request as draft September 9, 2020 15:07
@lchudinov lchudinov marked this pull request as ready for review September 9, 2020 15:26
@lchudinov lchudinov force-pushed the feature/refactor-auth-code branch from d14649d to c9cd1b1 Compare September 10, 2020 04:01
@lchudinov lchudinov force-pushed the feature/refactor-auth-code branch from c9cd1b1 to e24fd2c Compare September 10, 2020 04:22
Copy link
Contributor

@ifakhrutdinov ifakhrutdinov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, the changes look good to me. I would still other people to take a look, especially since this is related to security. @rocketjared, @1000TurquoisePogs, what do you think?

c/httpserver.c Outdated Show resolved Hide resolved
Signed-off-by: Leonty Chudinov <[email protected]>
Copy link
Member

@1000TurquoisePogs 1000TurquoisePogs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked at it and it seems good to me as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants