cutelyst 4.4.0
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.
Public Types | Public Member Functions | List of all members
Cutelyst::CredentialHttp Class Reference
Plugins » Authentication

Use HTTP basic authentication to authenticate a user. More...

#include <Cutelyst/Plugins/Authentication/credentialhttp.h>

Inheritance diagram for Cutelyst::CredentialHttp:
Inheritance graph
[legend]

Public Types

enum  AuthType { Any , Basic }
 
enum  PasswordType { None , Clear , Hashed }
 

Public Member Functions

 CredentialHttp (QObject *parent=nullptr)
 
virtual ~CredentialHttp ()
 
AuthenticationUser authenticate (Context *c, AuthenticationRealm *realm, const ParamsMultiMap &authinfo) final
 
QString passwordField () const
 
QString passwordPostSalt () const
 
QString passwordPreSalt () const
 
PasswordType passwordType () const
 
void setAuthorizationRequiredMessage (const QString &message)
 
void setPasswordField (const QString &fieldName)
 
void setPasswordPostSalt (const QString &passwordPostSalt)
 
void setPasswordPreSalt (const QString &passwordPreSalt)
 
void setPasswordType (PasswordType type)
 
void setRequireSsl (bool require)
 
void setType (CredentialHttp::AuthType type)
 
void setUsernameField (const QString &fieldName)
 
QString usernameField () const
 
- Public Member Functions inherited from Cutelyst::AuthenticationCredential
 AuthenticationCredential (QObject *parent=nullptr)
 
virtual ~AuthenticationCredential ()
 
virtual AuthenticationUser authenticate (Context *c, AuthenticationRealm *realm, const ParamsMultiMap &authinfo)=0
 

Detailed Description

This credential provider authenticates a user using HTTP basic authentication as described in RFC 76147. It tries to read the user name and the password from the Authorization header send by the user agent. If the authorization fails or if no Authorization header is available, it will respond with a 401 Unauthorized status code and will set the WWW-Authenticate header requesting basic authentication with the used realm.

For an example implementation see Authentication overview.

Logging category
cutelyst.plugin.credentialhttp
Logging with Cutelyst

Definition at line 32 of file credentialhttp.h.

Member Enumeration Documentation

◆ AuthType

enum Cutelyst::CredentialHttp::AuthType

The authentication type.

Definition at line 51 of file credentialhttp.h.

◆ PasswordType

enum Cutelyst::CredentialHttp::PasswordType

The used password type.

Enumerator
None 

Ignore password check.

Clear 

Clear text password.

Hashed 

Derived password hash using PBKDF2 method.

Definition at line 40 of file credentialhttp.h.

Constructor & Destructor Documentation

◆ CredentialHttp()

CredentialHttp::CredentialHttp ( QObject *  parent = nullptr)
explicit

Constructs a new CredentialHttp object with the given parent.

Definition at line 19 of file credentialhttp.cpp.

◆ ~CredentialHttp()

CredentialHttp::~CredentialHttp ( )
virtual

Destroys the CredentialHttp object.

Definition at line 25 of file credentialhttp.cpp.

Member Function Documentation

◆ authenticate()

AuthenticationUser CredentialHttp::authenticate ( Cutelyst::Context c,
AuthenticationRealm realm,
const ParamsMultiMap authinfo 
)
finalvirtual

Gets the user data from the Authorization HTTP header field and tries to find it in the realm. On success, this returns a not null AuthenticationUser object. If authentication fails, the HTTP response status code will be set to 401 Unauthorized and the WWW-Authenticate header will be set with the required authentication method and realm name while a null AuthenticationUser object is returned.

Implements Cutelyst::AuthenticationCredential.

Definition at line 108 of file credentialhttp.cpp.

References Cutelyst::AuthenticationUser::isNull(), and Cutelyst::Context::request.

◆ passwordField()

QString CredentialHttp::passwordField ( ) const

Returns the field to look for when authenticating the user.

See also
authenticate().

Definition at line 42 of file credentialhttp.cpp.

◆ passwordPostSalt()

QString CredentialHttp::passwordPostSalt ( ) const

Returns the salt string to be appended to the password

Definition at line 78 of file credentialhttp.cpp.

Referenced by setPasswordPostSalt().

◆ passwordPreSalt()

QString CredentialHttp::passwordPreSalt ( ) const

Returns the salt string to be prepended to the password

Definition at line 66 of file credentialhttp.cpp.

Referenced by setPasswordPreSalt().

◆ passwordType()

CredentialHttp::PasswordType CredentialHttp::passwordType ( ) const

Returns the type of password this class will be dealing with.

Definition at line 54 of file credentialhttp.cpp.

◆ setAuthorizationRequiredMessage()

void CredentialHttp::setAuthorizationRequiredMessage ( const QString &  message)

Set this to a string to override the default body content "Authorization required.", or set to undef to suppress body content being generated.

Definition at line 36 of file credentialhttp.cpp.

◆ setPasswordField()

void CredentialHttp::setPasswordField ( const QString &  fieldName)

Sets the field to look for when authenticating the user.

See also
authenticate().

Definition at line 48 of file credentialhttp.cpp.

◆ setPasswordPostSalt()

void CredentialHttp::setPasswordPostSalt ( const QString &  passwordPostSalt)

Sets the salt string to be appended to the password

Definition at line 84 of file credentialhttp.cpp.

References passwordPostSalt().

◆ setPasswordPreSalt()

void CredentialHttp::setPasswordPreSalt ( const QString &  passwordPreSalt)

Sets the salt string to be prepended to the password

Definition at line 72 of file credentialhttp.cpp.

References passwordPreSalt().

◆ setPasswordType()

void CredentialHttp::setPasswordType ( CredentialHttp::PasswordType  type)

Sets the type of password this class will be dealing with.

Definition at line 60 of file credentialhttp.cpp.

◆ setRequireSsl()

void CredentialHttp::setRequireSsl ( bool  require)

If this configuration is true then authentication will be denied (and a 401 issued in normal circumstances) unless the request is via https.

Definition at line 102 of file credentialhttp.cpp.

◆ setType()

void CredentialHttp::setType ( CredentialHttp::AuthType  type)

Can be either any (the default), basic.

This controls authorization_required_response and authenticate, but not the "manual" methods.

Definition at line 30 of file credentialhttp.cpp.

◆ setUsernameField()

void CredentialHttp::setUsernameField ( const QString &  fieldName)

Sets the field to look for when authenticating the user.

See also
authenticate().

Definition at line 96 of file credentialhttp.cpp.

◆ usernameField()

QString CredentialHttp::usernameField ( ) const

Returns the field to look for when authenticating the user.

See also
authenticate().

Definition at line 90 of file credentialhttp.cpp.