Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Refactor HTTP Server Authentication code #169

Open
wants to merge 2 commits into
base: v1.x/staging
Choose a base branch
from
Open

Refactor HTTP Server Authentication code #169

wants to merge 2 commits into from

Conversation

lchudinov
Copy link
Contributor

@lchudinov lchudinov commented Sep 7, 2020
edited
Loading

This is a follow up for #162.

  1. This PR makes request->authenticated field always actual.
  2. In the case when SERVICE_AUTH_FLAG_OPTIONAL is set. The intent is to distinguish
    1. the case when SAF authentication was attempted because some auth data was provided on the request(in HTTP headers,
      cookies). In this case:
      • if SAF authentication was successful the HTTP server calls the service handler
      • otherwise, the HTTP server responds with HTTP 401 immediately
    2. the case when no auth data was provided on the request. In this case
      • the HTTP server calls the service handle

@lchudinov lchudinov changed the base branch from master to staging September 7, 2020 05:44
@lchudinov lchudinov force-pushed the feature/refactor-auth-code branch 5 times, most recently from d036319 to d14649d Compare September 9, 2020 10:28
@lchudinov lchudinov self-assigned this Sep 9, 2020
@lchudinov lchudinov marked this pull request as ready for review September 9, 2020 11:40
@lchudinov lchudinov marked this pull request as draft September 9, 2020 15:07
@lchudinov lchudinov marked this pull request as ready for review September 9, 2020 15:26
Refactor HTTP Server Authentication code
e24fd2c 
Signed-off-by: Leonty Chudinov <lchudinov@rocketsoftware.com>
ifakhrutdinov
ifakhrutdinov approved these changes Sep 11, 2020
View reviewed changes
Copy link
Contributor

@ifakhrutdinov ifakhrutdinov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, the changes look good to me. I would still other people to take a look, especially since this is related to security. @rocketjared, @1000TurquoisePogs, what do you think?

c/httpserver.c Outdated Show resolved Hide resolved
Remove casting to bool
20aeb2c 
Signed-off-by: Leonty Chudinov <lchudinov@rocketsoftware.com>
1000TurquoisePogs
1000TurquoisePogs approved these changes Sep 17, 2020
View reviewed changes
Copy link
Member

@1000TurquoisePogs 1000TurquoisePogs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked at it and it seems good to me as well.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@1000TurquoisePogs 1000TurquoisePogs 1000TurquoisePogs approved these changes

@ifakhrutdinov ifakhrutdinov ifakhrutdinov approved these changes

@rocketjared rocketjared Awaiting requested review from rocketjared

Assignees

@lchudinov lchudinov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lchudinov @1000TurquoisePogs @ifakhrutdinov