Module Protocols.HTTP.Authentication

Description

This module contains various HTTP Authentication implementations for both server and client use. A Client implementation would typically call the make_authenticator method with the incoming WWW-Authenticate header to get a Client object. For each HTTP request the auth() method of the object can be called to get an appropriate Authorization header.

Server code should create an authentication class and inherit the concrete authentication scheme implementation. To add an actual user lookup, overload get_password or get_hashed_password. Hashed passwords must be hashed with the scheme appropriate digest.

Example

class Auth {
   inherit Protocols.HTTP.Authentication.DigestMD5Server;
   Concurrent.Future get_password(string user) {
     Promise p = Concurrent.Promise();
     if( user == "bob" )
       return p->success("builder");
     return p->failure(sprintf("No user %O", user));
   }
 }
 Auth auth = Auth("apps@pike.org");
 Concurrent.Future authenticate(Protocols.HTTP.Server.Request req) {
   Concurrent.Future authenticated = Concurrent.Promise();
   auth->auth(req->request_headers->authorization,
              req->request_method, request->not_query)
     ->then(lambda(string user) {
         authenticated->success(user);
       },
       lambda(string reason) {
         authenticated->failure(reason);
         string c = auth->challenge();
         request->response_and_finish( ([ "error":401,
                                          "extra_heads" : ([
                                            "WWW-Authenticate":c,
                                        ]) ]) );
       });
   return authenticated;
 }