mirror of
https://github.com/octoleo/syncthing.git
synced 2025-01-22 22:58:25 +00:00
Add github.com/codegangsta/martini-contrib/auth dep
This commit is contained in:
parent
c2f0c2225a
commit
07eb4020bd
5
Godeps/Godeps.json
generated
5
Godeps/Godeps.json
generated
@ -27,6 +27,11 @@
|
||||
"Comment": "v0.1-142-g8659df7",
|
||||
"Rev": "8659df7a51aebe6c6120268cd5a8b4c34fa8441a"
|
||||
},
|
||||
{
|
||||
"ImportPath": "github.com/codegangsta/martini-contrib/auth",
|
||||
"Comment": "v0.1-159-g8ce6181",
|
||||
"Rev": "8ce6181c2609699e4c7cd30994b76a850a9cdadc"
|
||||
},
|
||||
{
|
||||
"ImportPath": "github.com/golang/groupcache/lru",
|
||||
"Rev": "d781998583680cda80cf61e0b37dd0cd8da2eb52"
|
||||
|
25
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/README.md
generated
vendored
Normal file
25
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/README.md
generated
vendored
Normal file
@ -0,0 +1,25 @@
|
||||
# auth
|
||||
Martini middleware/handler for http basic authentication.
|
||||
|
||||
[API Reference](http://godoc.org/github.com/codegangsta/martini-contrib/auth)
|
||||
|
||||
## Usage
|
||||
|
||||
~~~ go
|
||||
import (
|
||||
"github.com/codegangsta/martini"
|
||||
"github.com/codegangsta/martini-contrib/auth"
|
||||
)
|
||||
|
||||
func main() {
|
||||
m := martini.Classic()
|
||||
// authenticate every request
|
||||
m.Use(auth.Basic("username", "secretpassword"))
|
||||
m.Run()
|
||||
}
|
||||
|
||||
~~~
|
||||
|
||||
## Authors
|
||||
* [Jeremy Saenz](http://github.com/codegangsta)
|
||||
* [Brendon Murphy](http://github.com/bemurphy)
|
19
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/basic.go
generated
vendored
Normal file
19
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/basic.go
generated
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// Basic returns a Handler that authenticates via Basic Auth. Writes a http.StatusUnauthorized
|
||||
// if authentication fails
|
||||
func Basic(username string, password string) http.HandlerFunc {
|
||||
var siteAuth = base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
||||
return func(res http.ResponseWriter, req *http.Request) {
|
||||
auth := req.Header.Get("Authorization")
|
||||
if !SecureCompare(auth, "Basic "+siteAuth) {
|
||||
res.Header().Set("WWW-Authenticate", "Basic realm=\"Authorization Required\"")
|
||||
http.Error(res, "Not Authorized", http.StatusUnauthorized)
|
||||
}
|
||||
}
|
||||
}
|
45
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/basic_test.go
generated
vendored
Normal file
45
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/basic_test.go
generated
vendored
Normal file
@ -0,0 +1,45 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"github.com/codegangsta/martini"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func Test_BasicAuth(t *testing.T) {
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar"))
|
||||
|
||||
m := martini.New()
|
||||
m.Use(Basic("foo", "bar"))
|
||||
m.Use(func(res http.ResponseWriter, req *http.Request) {
|
||||
res.Write([]byte("hello"))
|
||||
})
|
||||
|
||||
r, _ := http.NewRequest("GET", "foo", nil)
|
||||
|
||||
m.ServeHTTP(recorder, r)
|
||||
|
||||
if recorder.Code != 401 {
|
||||
t.Error("Response not 401")
|
||||
}
|
||||
|
||||
if recorder.Body.String() == "hello" {
|
||||
t.Error("Auth block failed")
|
||||
}
|
||||
|
||||
recorder = httptest.NewRecorder()
|
||||
r.Header.Set("Authorization", auth)
|
||||
m.ServeHTTP(recorder, r)
|
||||
|
||||
if recorder.Code == 401 {
|
||||
t.Error("Response is 401")
|
||||
}
|
||||
|
||||
if recorder.Body.String() != "hello" {
|
||||
t.Error("Auth failed, got: ", recorder.Body.String())
|
||||
}
|
||||
}
|
15
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/util.go
generated
vendored
Normal file
15
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/util.go
generated
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
)
|
||||
|
||||
// SecureCompare performs a constant time compare of two strings to limit timing attacks.
|
||||
func SecureCompare(given string, actual string) bool {
|
||||
if subtle.ConstantTimeEq(int32(len(given)), int32(len(actual))) == 1 {
|
||||
return subtle.ConstantTimeCompare([]byte(given), []byte(actual)) == 1
|
||||
} else {
|
||||
/* Securely compare actual to itself to keep constant time, but always return false */
|
||||
return subtle.ConstantTimeCompare([]byte(actual), []byte(actual)) == 1 && false
|
||||
}
|
||||
}
|
26
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/util_test.go
generated
vendored
Normal file
26
Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/util_test.go
generated
vendored
Normal file
@ -0,0 +1,26 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
var comparetests = []struct {
|
||||
a string
|
||||
b string
|
||||
val bool
|
||||
}{
|
||||
{"foo", "foo", true},
|
||||
{"bar", "bar", true},
|
||||
{"password", "password", true},
|
||||
{"Foo", "foo", false},
|
||||
{"foo", "foobar", false},
|
||||
{"password", "pass", false},
|
||||
}
|
||||
|
||||
func Test_SecureCompare(t *testing.T) {
|
||||
for _, tt := range comparetests {
|
||||
if SecureCompare(tt.a, tt.b) != tt.val {
|
||||
t.Errorf("Expected SecureCompare(%v, %v) to return %v but did not", tt.a, tt.b, tt.val)
|
||||
}
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user