qt6/cutelyst4/credentialhttp_8cpp_source.html

/*

 * SPDX-FileCopyrightText: (C) 2013-2022 Daniel Nicoletti <dantti12@gmail.com>

 * SPDX-License-Identifier: BSD-3-Clause

 */

#include "authenticationrealm.h"

#include "credentialhttp_p.h"

#include "credentialpassword.h"


#include <Cutelyst/Context>

#include <Cutelyst/Response>


#include <QLoggingCategory>

#include <QUrl>


using namespace Cutelyst;


Q_LOGGING_CATEGORY(C_CREDENTIALHTTP, "cutelyst.plugin.credentialhttp", QtWarningMsg)


CredentialHttp::CredentialHttp(QObject *parent)

    : AuthenticationCredential(parent)

    , d_ptr(new CredentialHttpPrivate)

{

}


CredentialHttp::~CredentialHttp()

{

    delete d_ptr;

}


void CredentialHttp::setType(CredentialHttp::AuthType type)

{

    Q_D(CredentialHttp);

    d->type = type;

}


void CredentialHttp::setAuthorizationRequiredMessage(const QString &message)

{

    Q_D(CredentialHttp);

    d->authorizationRequiredMessage = message;

}


QString CredentialHttp::passwordField() const

{

    Q_D(const CredentialHttp);

    return d->passwordField;

}


void CredentialHttp::setPasswordField(const QString &fieldName)

{

    Q_D(CredentialHttp);

    d->passwordField = fieldName;

}


CredentialHttp::PasswordType CredentialHttp::passwordType() const

{

    Q_D(const CredentialHttp);

    return d->passwordType;

}


void CredentialHttp::setPasswordType(CredentialHttp::PasswordType type)

{

    Q_D(CredentialHttp);

    d->passwordType = type;

}


QString CredentialHttp::passwordPreSalt() const

{

    Q_D(const CredentialHttp);

    return d->passwordPreSalt;

}


void CredentialHttp::setPasswordPreSalt(const QString &passwordPreSalt)

{

    Q_D(CredentialHttp);

    d->passwordPreSalt = passwordPreSalt;

}


QString CredentialHttp::passwordPostSalt() const

{

    Q_D(const CredentialHttp);

    return d->passwordPostSalt;

}


void CredentialHttp::setPasswordPostSalt(const QString &passwordPostSalt)

{

    Q_D(CredentialHttp);

    d->passwordPostSalt = passwordPostSalt;

}


QString CredentialHttp::usernameField() const

{

    Q_D(const CredentialHttp);

    return d->usernameField;

}


void CredentialHttp::setUsernameField(const QString &fieldName)

{

    Q_D(CredentialHttp);

    d->usernameField = fieldName;

}


void CredentialHttp::setRequireSsl(bool require)

{

    Q_D(CredentialHttp);

    d->requireSsl = require;

}


AuthenticationUser CredentialHttp::authenticate(Cutelyst::Context *c,

                                                AuthenticationRealm *realm,

                                                const ParamsMultiMap &authinfo)

{

    Q_D(CredentialHttp);


    AuthenticationUser ret;

    if (d->requireSsl && !c->request()->secure()) {

        ret = d->authenticationFailed(c, realm, authinfo);

        return ret;

    }


    if (d->isAuthTypeBasic()) {

        ret = d->authenticateBasic(c, realm, authinfo);

        if (!ret.isNull()) {

            return ret;

        }

    }


    ret = d->authenticationFailed(c, realm, authinfo);

    return ret;

}


bool CredentialHttpPrivate::checkPassword(const AuthenticationUser &user,

                                          const ParamsMultiMap &authinfo)

{

    const QString password = passwordPreSalt + authinfo.value(passwordField) + passwordPostSalt;

    const QString storedPassword = user.value(passwordField).toString();


    if (Q_LIKELY(passwordType == CredentialHttp::Hashed)) {

        return CredentialPassword::validatePassword(password.toUtf8(), storedPassword.toUtf8());

    } else if (passwordType == CredentialHttp::Clear) {

        return storedPassword == password;

    } else if (passwordType == CredentialHttp::None) {

        qCCritical(C_CREDENTIALHTTP) << "CredentialPassword is set to ignore password check";

        return true;

    }


    return false;

}


AuthenticationUser CredentialHttpPrivate::authenticateBasic(Context *c,

                                                            AuthenticationRealm *realm,

                                                            const ParamsMultiMap &authinfo)

{

    Q_UNUSED(authinfo)

    AuthenticationUser user;

    qCDebug(C_CREDENTIALHTTP) << "Checking http basic authentication.";


    const auto userPass = c->req()->headers().authorizationBasicObject();

    if (userPass.user.isEmpty()) {

        return user;

    }


    ParamsMultiMap auth;

    auth.insert(usernameField, userPass.user);

    AuthenticationUser _user = realm->findUser(c, auth);

    if (!_user.isNull()) {

        auth.insert(passwordField, userPass.password);

        if (checkPassword(_user, auth)) {

            user = _user;

        } else {

            qCDebug(C_CREDENTIALHTTP) << "Password didn't match";

        }

    } else {

        qCDebug(C_CREDENTIALHTTP) << "Unable to locate a user matching user info provided in realm";

    }

    return user;

}


AuthenticationUser CredentialHttpPrivate::authenticationFailed(Context *c,

                                                               AuthenticationRealm *realm,

                                                               const ParamsMultiMap &authinfo)

{

    Q_UNUSED(authinfo);

    Response *res = c->response();

    res->setStatus(Response::Unauthorized); // 401

    res->setContentType("text/plain; charset=UTF-8"_qba);


    if (authorizationRequiredMessage.isEmpty()) {

        res->setBody("Authorization required."_qba);

    } else {

        res->setBody(authorizationRequiredMessage);

    }


    // Create Basic response

    if (isAuthTypeBasic()) {

        createBasicAuthResponse(c, realm);

    }


    return AuthenticationUser();

}


bool CredentialHttpPrivate::isAuthTypeBasic() const

{

    return type == CredentialHttp::Basic || type == CredentialHttp::Any;

}


void CredentialHttpPrivate::createBasicAuthResponse(Context *c, AuthenticationRealm *realm)

{

    c->res()->headers().setWwwAuthenticate(

        joinAuthHeaderParts("Basic"_qba, buildAuthHeaderCommon(realm)));

}


QByteArrayList CredentialHttpPrivate::buildAuthHeaderCommon(AuthenticationRealm *realm) const

{

    QByteArrayList ret;

    // TODO

    // return realm="realmname"

    // return domain="realmname"

    if (!realm->name().isEmpty()) {

        ret.append("realm=\"" + realm->name().toLatin1() + '"');

    }

    return ret;

}


QByteArray CredentialHttpPrivate::joinAuthHeaderParts(const QByteArray &type,

                                                      const QByteArrayList &parts) const

{

    QByteArray ret = type;

    if (!parts.isEmpty()) {

        ret.append(' ' + parts.join(", "));

    }

    return ret;

}


#include "moc_credentialhttp.cpp"

Cutelyst::AuthenticationCredential
Definition: authentication.h:19

Cutelyst::AuthenticationRealm
Definition: authenticationrealm.h:18

Cutelyst::AuthenticationRealm::findUser
virtual AuthenticationUser findUser(Context *c, const ParamsMultiMap &userinfo)
Tries to find the user with authinfo returning a non null AuthenticationUser on success.
Definition: authenticationrealm.cpp:47

Cutelyst::AuthenticationUser
Definition: authenticationuser.h:19

Cutelyst::AuthenticationUser::isNull
bool isNull() const
Returns true if the object is null.
Definition: authenticationuser.cpp:35

Cutelyst::Component::name
QString name() const noexcept
Definition: component.cpp:33

Cutelyst::Context
The Cutelyst Context.
Definition: context.h:38

Cutelyst::Context::res
Response * res() const noexcept
Definition: context.cpp:102

Cutelyst::Context::response
Response * response() const noexcept
Definition: context.cpp:96

Cutelyst::CredentialHttp
Definition: credentialhttp.h:16

Cutelyst::CredentialHttp::usernameField
QString usernameField() const
Returns the field to look for when authenticating the user.
Definition: credentialhttp.cpp:90

Cutelyst::CredentialHttp::setPasswordType
void setPasswordType(PasswordType type)
Sets the type of password this class will be dealing with.
Definition: credentialhttp.cpp:60

Cutelyst::CredentialHttp::setUsernameField
void setUsernameField(const QString &fieldName)
Sets the field to look for when authenticating the user.
Definition: credentialhttp.cpp:96

Cutelyst::CredentialHttp::passwordPreSalt
QString passwordPreSalt() const
Returns the salt string to be prepended to the password.
Definition: credentialhttp.cpp:66

Cutelyst::CredentialHttp::passwordPostSalt
QString passwordPostSalt() const
Returns the salt string to be appended to the password.
Definition: credentialhttp.cpp:78

Cutelyst::CredentialHttp::setPasswordPreSalt
void setPasswordPreSalt(const QString &passwordPreSalt)
Sets the salt string to be prepended to the password.
Definition: credentialhttp.cpp:72

Cutelyst::CredentialHttp::passwordField
QString passwordField() const
Returns the field to look for when authenticating the user.
Definition: credentialhttp.cpp:42

Cutelyst::CredentialHttp::passwordType
PasswordType passwordType() const
Returns the type of password this class will be dealing with.
Definition: credentialhttp.cpp:54

Cutelyst::CredentialHttp::setType
void setType(CredentialHttp::AuthType type)
Definition: credentialhttp.cpp:30

Cutelyst::CredentialHttp::authenticate
AuthenticationUser authenticate(Context *c, AuthenticationRealm *realm, const ParamsMultiMap &authinfo) final
Tries to authenticate the authinfo using the give realm.
Definition: credentialhttp.cpp:108

Cutelyst::CredentialHttp::setPasswordField
void setPasswordField(const QString &fieldName)
Sets the field to look for when authenticating the user.
Definition: credentialhttp.cpp:48

Cutelyst::CredentialHttp::setPasswordPostSalt
void setPasswordPostSalt(const QString &passwordPostSalt)
Sets the salt string to be appended to the password.
Definition: credentialhttp.cpp:84

Cutelyst::CredentialHttp::setRequireSsl
void setRequireSsl(bool require)
Definition: credentialhttp.cpp:102

Cutelyst::CredentialHttp::setAuthorizationRequiredMessage
void setAuthorizationRequiredMessage(const QString &message)
Definition: credentialhttp.cpp:36

Cutelyst::CredentialPassword::validatePassword
static bool validatePassword(const QByteArray &password, const QByteArray &correctHash)
Validates the given password against the correct hash.
Definition: credentialpassword.cpp:111

Cutelyst::Headers::setWwwAuthenticate
void setWwwAuthenticate(const QByteArray &value)
Definition: headers.cpp:326

Cutelyst::Headers::authorizationBasicObject
Authorization authorizationBasicObject() const
Definition: headers.cpp:358

Cutelyst::Request::headers
Headers headers() const noexcept
Definition: request.cpp:307

Cutelyst::Response
Definition: response.h:21

Cutelyst::Response::setContentType
void setContentType(const QByteArray &type)
Definition: response.h:203

Cutelyst::Response::setStatus
void setStatus(quint16 status) noexcept
Definition: response.cpp:72

Cutelyst::Response::setBody
void setBody(QIODevice *body)
Definition: response.cpp:102

Cutelyst::Response::headers
Headers & headers() noexcept

Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition: Mainpage.dox:8

Cutelyst::ParamsMultiMap
QMultiMap< QString, QString > ParamsMultiMap
Definition: paramsmultimap.h:22