From 0aff0f752fd4a5d342fbb1a9a9192ae239f48b1f Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 27 Feb 2015 22:27:12 +0100 Subject: Handle case when no own_key has been defined --- src/http_auth.erl | 63 ++++++++++++++++++++++++++++++++++++++----------------- src/plop.erl | 13 ++++++++---- 2 files changed, 53 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/http_auth.erl b/src/http_auth.erl index 6a076fa..5ff716c 100644 --- a/src/http_auth.erl +++ b/src/http_auth.erl @@ -35,15 +35,23 @@ read_key_table() -> KeyName ++ ".pem"), true = ets:insert(?KEY_TABLE, {KeyName, Key}) end, sets:to_list(Keys)), - {_OwnKeyName, OwnKeyFile} = application:get_env(plop, own_key, none), - OwnKey = sign:read_keyfile_ec(OwnKeyFile), - true = ets:insert(?KEY_TABLE, {own_key, OwnKey}). + case application:get_env(plop, own_key, none) of + {_OwnKeyName, OwnKeyFile} -> + OwnKey = sign:read_keyfile_ec(OwnKeyFile), + true = ets:insert(?KEY_TABLE, {own_key, OwnKey}); + none -> + none + end. own_key() -> - {KeyName, _KeyFile} = application:get_env(plop, own_key, none), - [{_, Key}] = ets:lookup(?KEY_TABLE, own_key), - {Key, KeyName}. + case application:get_env(plop, own_key, none) of + {KeyName, _KeyFile} -> + [{_, Key}] = ets:lookup(?KEY_TABLE, own_key), + {Key, KeyName}; + none -> + none + end. lookup_publickey(nokey) -> nokey; @@ -97,24 +105,37 @@ check_acl(Method, KeyName, Path) -> failure end. +get_authheader_keyname(AuthHeader) -> + case string:tokens(AuthHeader, ";") of + [AuthTokenBase64 | OptionsRaw] -> + AuthToken = base64:decode(AuthTokenBase64), + Options = [parse_option(E) || E <- OptionsRaw], + case lists:keyfind("key", 1, Options) of + {_, Value} -> + {Value, AuthToken}; + false -> + {nokey, <<>>} + end; + _ -> + {nokey, <<>>} + end. + + verify_auth(undefined, Method, Path, _Data) -> case check_acl(Method, noauth, Path) of success -> noauth; Error -> - lager:info("anonymous access not allowed for path ~p", [Path]), + case Method of + "REPLY" -> + lager:info("anonymous replies not allowed for path ~p", [Path]); + _ -> + lager:info("anonymous access not allowed for path ~p", [Path]) + end, Error end; verify_auth(AuthHeader, Method, Path, Data) -> - [AuthTokenBase64 | OptionsRaw] = string:tokens(AuthHeader, ";"), - AuthToken = base64:decode(AuthTokenBase64), - Options = [parse_option(E) || E <- OptionsRaw], - KeyName = case lists:keyfind("key", 1, Options) of - {_, Value} -> - Value; - false -> - nokey - end, + {KeyName, AuthToken} = get_authheader_keyname(AuthHeader), AuthSuccess = case lookup_publickey(KeyName) of nokey -> false; @@ -133,6 +154,10 @@ verify_auth(AuthHeader, Method, Path, Data) -> end. create_auth(Method, Path, Data) -> - {Key, KeyName} = own_key(), - AuthToken = sign(Key, Method, Path, Data), - base64:encode_to_string(AuthToken) ++ ";key=" ++ KeyName. + case own_key() of + {Key, KeyName} -> + AuthToken = sign(Key, Method, Path, Data), + base64:encode_to_string(AuthToken) ++ ";key=" ++ KeyName; + none -> + "" + end. diff --git a/src/plop.erl b/src/plop.erl index cfca343..6ff65f8 100644 --- a/src/plop.erl +++ b/src/plop.erl @@ -200,9 +200,13 @@ add_auth(Method, Path, Headers, Data) -> [{"X-Catlfish-Auth", AuthHeader} | Headers]. get_auth_header(Headers) -> - Result = binary_to_list(hackney_headers:get_value("X-Catlfish-Auth", Headers)), - lager:debug("received auth header: ~p", [Result]), - Result. + case hackney_headers:get_value("X-Catlfish-Auth", Headers) of + undefined -> + undefined; + Result when is_binary(Result) -> + lager:debug("received auth header: ~p", [Result]), + binary_to_list(Result) + end. send_http_request(TreeLeafHash, URL, Headers, RequestBody) -> ParentPid = self(), @@ -243,7 +247,8 @@ send_http_request(TreeLeafHash, URL, Headers, RequestBody) -> {StatusLine, RespHeaders, Body}}}; noauth -> lager:debug("no auth"), - drop + ParentPid ! {http, {RequestId, + {StatusLine, RespHeaders, Body}}} end end), RequestId. -- cgit v1.1