Commit 4e1717db authored by Matthew Holt's avatar Matthew Holt

basicauth: htpasswd path now relative to site root

parent 159b68aa
...@@ -9,6 +9,8 @@ import ( ...@@ -9,6 +9,8 @@ import (
// BasicAuth configures a new BasicAuth middleware instance. // BasicAuth configures a new BasicAuth middleware instance.
func BasicAuth(c *Controller) (middleware.Middleware, error) { func BasicAuth(c *Controller) (middleware.Middleware, error) {
root := c.Root
rules, err := basicAuthParse(c) rules, err := basicAuthParse(c)
if err != nil { if err != nil {
return nil, err return nil, err
...@@ -18,6 +20,7 @@ func BasicAuth(c *Controller) (middleware.Middleware, error) { ...@@ -18,6 +20,7 @@ func BasicAuth(c *Controller) (middleware.Middleware, error) {
return func(next middleware.Handler) middleware.Handler { return func(next middleware.Handler) middleware.Handler {
basic.Next = next basic.Next = next
basic.SiteRoot = root
return basic return basic
}, nil }, nil
} }
...@@ -34,7 +37,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) { ...@@ -34,7 +37,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
switch len(args) { switch len(args) {
case 2: case 2:
rule.Username = args[0] rule.Username = args[0]
if rule.Password, err = passwordMatcher(rule.Username, args[1]); err != nil { if rule.Password, err = passwordMatcher(rule.Username, args[1], c.Root); err != nil {
return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err) return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
} }
...@@ -47,7 +50,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) { ...@@ -47,7 +50,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
case 3: case 3:
rule.Resources = append(rule.Resources, args[0]) rule.Resources = append(rule.Resources, args[0])
rule.Username = args[1] rule.Username = args[1]
if rule.Password, err = passwordMatcher(rule.Username, args[2]); err != nil { if rule.Password, err = passwordMatcher(rule.Username, args[2], c.Root); err != nil {
return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err) return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
} }
default: default:
...@@ -60,10 +63,10 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) { ...@@ -60,10 +63,10 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
return rules, nil return rules, nil
} }
func passwordMatcher(username, passw string) (basicauth.PasswordMatcher, error) { func passwordMatcher(username, passw, siteRoot string) (basicauth.PasswordMatcher, error) {
if !strings.HasPrefix(passw, "htpasswd=") { if !strings.HasPrefix(passw, "htpasswd=") {
return basicauth.PlainMatcher(passw), nil return basicauth.PlainMatcher(passw), nil
} }
return basicauth.GetHtpasswdMatcher(passw[9:], username) return basicauth.GetHtpasswdMatcher(passw[9:], username, siteRoot)
} }
CHANGES CHANGES
<master>
- basicauth: Support for legacy htpasswd files
- browse: JSON response with file listing given Accept header
0.7.5 (August 5, 2015) 0.7.5 (August 5, 2015)
- core: All listeners bind to 0.0.0.0 unless 'bind' directive is used - core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
- fastcgi: Set HTTPS env variable if connection is secure - fastcgi: Set HTTPS env variable if connection is secure
......
...@@ -23,6 +23,7 @@ import ( ...@@ -23,6 +23,7 @@ import (
// what to protect with BasicAuth. // what to protect with BasicAuth.
type BasicAuth struct { type BasicAuth struct {
Next middleware.Handler Next middleware.Handler
SiteRoot string
Rules []Rule Rules []Rule
} }
...@@ -84,11 +85,8 @@ var ( ...@@ -84,11 +85,8 @@ var (
htpasswordsMu sync.Mutex htpasswordsMu sync.Mutex
) )
func GetHtpasswdMatcher(filename, username string) (PasswordMatcher, error) { func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error) {
filename, err := filepath.Abs(filename) filename = filepath.Join(siteRoot, filename)
if err != nil {
return nil, err
}
htpasswordsMu.Lock() htpasswordsMu.Lock()
if htpasswords == nil { if htpasswords == nil {
htpasswords = make(map[string]map[string]PasswordMatcher) htpasswords = make(map[string]map[string]PasswordMatcher)
......
...@@ -132,7 +132,7 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61` ...@@ -132,7 +132,7 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
for i, username := range []string{"sha1", "md5"} { for i, username := range []string{"sha1", "md5"} {
rule := Rule{Username: username, Resources: []string{"/testing"}} rule := Rule{Username: username, Resources: []string{"/testing"}}
if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username); err != nil { if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username, "/"); err != nil {
t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err) t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err)
} }
t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password) t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment