mirror of
https://github.com/pocoproject/poco.git
synced 2025-10-23 00:07:59 +02:00
fixed GH #478: HTTPCredentials and HTTPAuthenticationParams support multiple WWW-Authenticate headers
This commit is contained in:
Guenter Obiltschnig
@@ -68,6 +68,8 @@ namespace Net {
|
||||
|
||||
|
||||
const std::string HTTPAuthenticationParams::REALM("realm");
|
||||
const std::string HTTPAuthenticationParams::WWW_AUTHENTICATE("WWW-Authenticate");
|
||||
const std::string HTTPAuthenticationParams::PROXY_AUTHENTICATE("Proxy-Authenticate");
|
||||
|
||||
|
||||
HTTPAuthenticationParams::HTTPAuthenticationParams()
|
||||
@@ -87,9 +89,9 @@ HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPRequest& request)
|
||||
}
|
||||
|
||||
|
||||
HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPResponse& response)
|
||||
HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPResponse& response, const std::string& header)
|
||||
{
|
||||
fromResponse(response);
|
||||
fromResponse(response, header);
|
||||
}
|
||||
|
||||
|
||||
@@ -126,22 +128,29 @@ void HTTPAuthenticationParams::fromRequest(const HTTPRequest& request)
|
||||
}
|
||||
|
||||
|
||||
void HTTPAuthenticationParams::fromResponse(const HTTPResponse& response)
|
||||
void HTTPAuthenticationParams::fromResponse(const HTTPResponse& response, const std::string& header)
|
||||
{
|
||||
if (!response.has("WWW-Authenticate"))
|
||||
NameValueCollection::ConstIterator it = response.find(header);
|
||||
if (it == response.end())
|
||||
throw NotAuthenticatedException("HTTP response has no authentication header");
|
||||
|
||||
const std::string& header = response.get("WWW-Authenticate");
|
||||
|
||||
if (icompare(header, 0, 6, "Basic ") == 0)
|
||||
bool found = false;
|
||||
while (!found && it != response.end() && icompare(it->first, header) == 0)
|
||||
{
|
||||
parse(header.begin() + 6, header.end());
|
||||
}
|
||||
else if (icompare(header, 0, 7, "Digest ") == 0)
|
||||
{
|
||||
parse(header.begin() + 7, header.end());
|
||||
}
|
||||
else throw InvalidArgumentException("Invalid authentication scheme", header);
|
||||
const std::string& header = it->second;
|
||||
if (icompare(header, 0, 6, "Basic ") == 0)
|
||||
{
|
||||
parse(header.begin() + 6, header.end());
|
||||
found = true;
|
||||
}
|
||||
else if (icompare(header, 0, 7, "Digest ") == 0)
|
||||
{
|
||||
parse(header.begin() + 7, header.end());
|
||||
found = true;
|
||||
}
|
||||
++it;
|
||||
}
|
||||
if (!found) throw NotAuthenticatedException("No Basic or Digest authentication header found");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -57,7 +57,7 @@ void HTTPCredentials::fromUserInfo(const std::string& userInfo)
|
||||
extractCredentials(userInfo, username, password);
|
||||
setUsername(username);
|
||||
setPassword(password);
|
||||
// TODO: Reset digest state?
|
||||
_digest.reset();
|
||||
}
|
||||
|
||||
|
||||
@@ -69,13 +69,13 @@ void HTTPCredentials::fromURI(const URI& uri)
|
||||
extractCredentials(uri, username, password);
|
||||
setUsername(username);
|
||||
setPassword(password);
|
||||
// TODO: Reset digest state?
|
||||
_digest.reset();
|
||||
}
|
||||
|
||||
|
||||
void HTTPCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
|
||||
{
|
||||
for (HTTPResponse::ConstIterator iter = response.find("WWW-Authenticate"); iter != response.end(); ++iter)
|
||||
for (HTTPResponse::ConstIterator iter = response.find(HTTPAuthenticationParams::WWW_AUTHENTICATE); iter != response.end(); ++iter)
|
||||
{
|
||||
if (isBasicCredentials(iter->second))
|
||||
{
|
||||
@@ -111,7 +111,7 @@ void HTTPCredentials::updateAuthInfo(HTTPRequest& request)
|
||||
|
||||
void HTTPCredentials::proxyAuthenticate(HTTPRequest& request, const HTTPResponse& response)
|
||||
{
|
||||
for (HTTPResponse::ConstIterator iter = response.find("Proxy-Authenticate"); iter != response.end(); ++iter)
|
||||
for (HTTPResponse::ConstIterator iter = response.find(HTTPAuthenticationParams::PROXY_AUTHENTICATE); iter != response.end(); ++iter)
|
||||
{
|
||||
if (isBasicCredentials(iter->second))
|
||||
{
|
||||
|
||||
@@ -104,6 +104,13 @@ HTTPDigestCredentials::~HTTPDigestCredentials()
|
||||
}
|
||||
|
||||
|
||||
void HTTPDigestCredentials::reset()
|
||||
{
|
||||
_requestAuthParams.clear();
|
||||
_nc.clear();
|
||||
}
|
||||
|
||||
|
||||
void HTTPDigestCredentials::setUsername(const std::string& username)
|
||||
{
|
||||
_username = username;
|
||||
@@ -138,7 +145,7 @@ void HTTPDigestCredentials::updateAuthInfo(HTTPRequest& request)
|
||||
|
||||
void HTTPDigestCredentials::proxyAuthenticate(HTTPRequest& request, const HTTPResponse& response)
|
||||
{
|
||||
proxyAuthenticate(request, HTTPAuthenticationParams(response));
|
||||
proxyAuthenticate(request, HTTPAuthenticationParams(response, HTTPAuthenticationParams::PROXY_AUTHENTICATE));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -259,5 +259,4 @@ void HTTPRequest::setCredentials(const std::string& header, const std::string& s
|
||||
}
|
||||
|
||||
|
||||
|
||||
} } // namespace Poco::Net
|
||||
|
||||
Reference in New Issue
Block a user