Mirrors/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-01-23 17:16:40 +01:00
Code Issues Projects Releases Packages Wiki Activity

basicauth: htpasswd path now relative to site root

Browse source
This commit is contained in:
Matthew Holt 2015-09-05 16:04:30 -06:00
parent 159b68aab4
commit 4e1717db4c
4 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config/setup/basicauth.go
View file

@ -9,6 +9,8 @@ import (
// BasicAuth configures a new BasicAuth middleware instance. // BasicAuth configures a new BasicAuth middleware instance.
func BasicAuth(c *Controller) (middleware.Middleware, error) { func BasicAuth(c *Controller) (middleware.Middleware, error) {
root := c.Root
rules, err := basicAuthParse(c) rules, err := basicAuthParse(c)
if err != nil { if err != nil {
return nil, err return nil, err
@ -18,6 +20,7 @@ func BasicAuth(c *Controller) (middleware.Middleware, error) {
return func(next middleware.Handler) middleware.Handler { return func(next middleware.Handler) middleware.Handler {
basic.Next = next basic.Next = next
basic.SiteRoot = root
return basic return basic
}, nil }, nil
} }
@ -34,7 +37,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
switch len(args) { switch len(args) {
case 2: case 2:
rule.Username = args[0] rule.Username = args[0]
if rule.Password, err = passwordMatcher(rule.Username, args[1]); err != nil { if rule.Password, err = passwordMatcher(rule.Username, args[1], c.Root); err != nil {
return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err) return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
} }
@ -47,7 +50,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
case 3: case 3:
rule.Resources = append(rule.Resources, args[0]) rule.Resources = append(rule.Resources, args[0])
rule.Username = args[1] rule.Username = args[1]
if rule.Password, err = passwordMatcher(rule.Username, args[2]); err != nil { if rule.Password, err = passwordMatcher(rule.Username, args[2], c.Root); err != nil {
return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err) return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
} }
default: default:
@ -60,10 +63,10 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
return rules, nil return rules, nil
} }
func passwordMatcher(username, passw string) (basicauth.PasswordMatcher, error) { func passwordMatcher(username, passw, siteRoot string) (basicauth.PasswordMatcher, error) {
if !strings.HasPrefix(passw, "htpasswd=") { if !strings.HasPrefix(passw, "htpasswd=") {
return basicauth.PlainMatcher(passw), nil return basicauth.PlainMatcher(passw), nil
} }
return basicauth.GetHtpasswdMatcher(passw[9:], username) return basicauth.GetHtpasswdMatcher(passw[9:], username, siteRoot)
} }

5
dist/CHANGES.txt vendored
View file

@ -1,5 +1,10 @@
CHANGES CHANGES
<master>
- basicauth: Support for legacy htpasswd files
- browse: JSON response with file listing given Accept header
0.7.5 (August 5, 2015) 0.7.5 (August 5, 2015)
- core: All listeners bind to 0.0.0.0 unless 'bind' directive is used - core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
- fastcgi: Set HTTPS env variable if connection is secure - fastcgi: Set HTTPS env variable if connection is secure

12
middleware/basicauth/basicauth.go
View file

@ -22,8 +22,9 @@ import (
// security of HTTP Basic Auth is disputed. Use discretion when deciding // security of HTTP Basic Auth is disputed. Use discretion when deciding
// what to protect with BasicAuth. // what to protect with BasicAuth.
type BasicAuth struct { type BasicAuth struct {
Next middleware.Handler Next middleware.Handler
Rules []Rule SiteRoot string
Rules []Rule
} }
// ServeHTTP implements the middleware.Handler interface. // ServeHTTP implements the middleware.Handler interface.
@ -84,11 +85,8 @@ var (
htpasswordsMu sync.Mutex htpasswordsMu sync.Mutex
) )
func GetHtpasswdMatcher(filename, username string) (PasswordMatcher, error) { func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error) {
filename, err := filepath.Abs(filename) filename = filepath.Join(siteRoot, filename)
if err != nil {
return nil, err
}
htpasswordsMu.Lock() htpasswordsMu.Lock()
if htpasswords == nil { if htpasswords == nil {
htpasswords = make(map[string]map[string]PasswordMatcher) htpasswords = make(map[string]map[string]PasswordMatcher)

2
middleware/basicauth/basicauth_test.go
View file

@ -132,7 +132,7 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
for i, username := range []string{"sha1", "md5"} { for i, username := range []string{"sha1", "md5"} {
rule := Rule{Username: username, Resources: []string{"/testing"}} rule := Rule{Username: username, Resources: []string{"/testing"}}
if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username); err != nil { if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username, "/"); err != nil {
t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err) t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err)
} }
t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password) t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password)