From 1905c5051d5898f4498ec851262c9afa013cdb01 Mon Sep 17 00:00:00 2001 From: gspasov Date: Fri, 5 Apr 2019 23:30:23 +0300 Subject: [PATCH 1/2] Started implementing autentication with Bearer Token --- apps/roster/src/rest/helpers/rest_auth_helper.erl | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/apps/roster/src/rest/helpers/rest_auth_helper.erl b/apps/roster/src/rest/helpers/rest_auth_helper.erl index 876be1057..b6682be3f 100644 --- a/apps/roster/src/rest/helpers/rest_auth_helper.erl +++ b/apps/roster/src/rest/helpers/rest_auth_helper.erl @@ -1,4 +1,6 @@ -module(rest_auth_helper). +-include("roster.hrl"). +-include_lib("kvs/include/metainfo.hrl"). -export([ description/0, @@ -24,4 +26,17 @@ authorized(Req) -> false end; _ -> false end; _ -> false end; + "Bearer " ++ BearerAuth -> + <> = BearerAuth, + case roster:parse_token(Token) of + {error, _} = Err -> + Err; + _ -> + case kvs:get('Auth', ClientId) of + #ok{code = #'Auth'{token = RealToken}} when RealToken == Token -> true; + _ -> {error, invalid_token} + end + end; + + _ -> false end. \ No newline at end of file -- GitLab From 27869ae13e8240fe781e5eb43d236b5317790725 Mon Sep 17 00:00:00 2001 From: gspasov Date: Mon, 8 Apr 2019 14:02:51 +0300 Subject: [PATCH 2/2] Finished implementation of temporary REST authentication --- .../src/rest/helpers/rest_auth_helper.erl | 19 ++++++++++--------- apps/roster/src/rest/rest_handler.erl | 2 ++ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/apps/roster/src/rest/helpers/rest_auth_helper.erl b/apps/roster/src/rest/helpers/rest_auth_helper.erl index b6682be3f..0ea808160 100644 --- a/apps/roster/src/rest/helpers/rest_auth_helper.erl +++ b/apps/roster/src/rest/helpers/rest_auth_helper.erl @@ -7,6 +7,7 @@ authorized/1 ]). +-define(MIN_TOKEN_SIZE, 160). -define(AUTH_USERNAME, proplists:get_value(username, application:get_env(rest, basic_auth, []))). -define(AUTH_PASSWORD, proplists:get_value(password, application:get_env(rest, basic_auth, []))). @@ -26,17 +27,17 @@ authorized(Req) -> false end; _ -> false end; _ -> false end; - "Bearer " ++ BearerAuth -> - <> = BearerAuth, - case roster:parse_token(Token) of - {error, _} = Err -> - Err; + "Bearer " ++ BearerAuth when length(BearerAuth) >= ?MIN_TOKEN_SIZE + 1 -> %% +1 is for slash byte size + [T, CId] = string:split(BearerAuth, "/"), + AuthToken = list_to_binary(T), + ClientId = list_to_binary(CId), + case roster:parse_token(AuthToken) of + {error, _} = Err -> Err; _ -> case kvs:get('Auth', ClientId) of - #ok{code = #'Auth'{token = RealToken}} when RealToken == Token -> true; + #ok{code = #'Auth'{token = DBToken}} when DBToken == AuthToken -> true; + {ok, #'Auth'{token = DBToken}} when DBToken == AuthToken -> true; _ -> {error, invalid_token} end - end; - - + end; _ -> false end. \ No newline at end of file diff --git a/apps/roster/src/rest/rest_handler.erl b/apps/roster/src/rest/rest_handler.erl index d353ded01..8f49d7f16 100644 --- a/apps/roster/src/rest/rest_handler.erl +++ b/apps/roster/src/rest/rest_handler.erl @@ -64,6 +64,8 @@ handle_request(Req) -> true -> handle_request(Req:get(method), Req:get(path), Req); _ -> case rest_auth_helper:authorized(Req) of false -> rest_response_helper:response(Req, ?HTTP_CODE_401, rest_response_helper:error_401()); + {error, invalid_token} -> rest_response_helper:error_response(Req, ?HTTP_CODE_401, "Unauthorized! Token is invalid."); + {error, token_expired} -> rest_response_helper:error_response(Req, ?HTTP_CODE_401, "Unauthorized! Token is expired."); _ -> handle_request(Req:get(method), Req:get(path), Req) end end; -- GitLab