Commit 4e1717db authored by Matthew Holt's avatar Matthew Holt

basicauth: htpasswd path now relative to site root

parent 159b68aa
......@@ -9,6 +9,8 @@ import (
// BasicAuth configures a new BasicAuth middleware instance.
func BasicAuth(c *Controller) (middleware.Middleware, error) {
root := c.Root
rules, err := basicAuthParse(c)
if err != nil {
return nil, err
......@@ -18,6 +20,7 @@ func BasicAuth(c *Controller) (middleware.Middleware, error) {
return func(next middleware.Handler) middleware.Handler {
basic.Next = next
basic.SiteRoot = root
return basic
}, nil
}
......@@ -34,7 +37,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
switch len(args) {
case 2:
rule.Username = args[0]
if rule.Password, err = passwordMatcher(rule.Username, args[1]); err != nil {
if rule.Password, err = passwordMatcher(rule.Username, args[1], c.Root); err != nil {
return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
}
......@@ -47,7 +50,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
case 3:
rule.Resources = append(rule.Resources, args[0])
rule.Username = args[1]
if rule.Password, err = passwordMatcher(rule.Username, args[2]); err != nil {
if rule.Password, err = passwordMatcher(rule.Username, args[2], c.Root); err != nil {
return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
}
default:
......@@ -60,10 +63,10 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
return rules, nil
}
func passwordMatcher(username, passw string) (basicauth.PasswordMatcher, error) {
func passwordMatcher(username, passw, siteRoot string) (basicauth.PasswordMatcher, error) {
if !strings.HasPrefix(passw, "htpasswd=") {
return basicauth.PlainMatcher(passw), nil
}
return basicauth.GetHtpasswdMatcher(passw[9:], username)
return basicauth.GetHtpasswdMatcher(passw[9:], username, siteRoot)
}
CHANGES
<master>
- basicauth: Support for legacy htpasswd files
- browse: JSON response with file listing given Accept header
0.7.5 (August 5, 2015)
- core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
- fastcgi: Set HTTPS env variable if connection is secure
......
......@@ -22,8 +22,9 @@ import (
// security of HTTP Basic Auth is disputed. Use discretion when deciding
// what to protect with BasicAuth.
type BasicAuth struct {
Next middleware.Handler
Rules []Rule
Next middleware.Handler
SiteRoot string
Rules []Rule
}
// ServeHTTP implements the middleware.Handler interface.
......@@ -84,11 +85,8 @@ var (
htpasswordsMu sync.Mutex
)
func GetHtpasswdMatcher(filename, username string) (PasswordMatcher, error) {
filename, err := filepath.Abs(filename)
if err != nil {
return nil, err
}
func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error) {
filename = filepath.Join(siteRoot, filename)
htpasswordsMu.Lock()
if htpasswords == nil {
htpasswords = make(map[string]map[string]PasswordMatcher)
......
......@@ -132,7 +132,7 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
for i, username := range []string{"sha1", "md5"} {
rule := Rule{Username: username, Resources: []string{"/testing"}}
if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username); err != nil {
if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username, "/"); err != nil {
t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err)
}
t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment