summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r--modules/caddyhttp/caddyauth/basicauth.go30
1 files changed, 15 insertions, 15 deletions
diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go
index 50fbed9..b4cf838 100644
--- a/modules/caddyhttp/caddyauth/basicauth.go
+++ b/modules/caddyhttp/caddyauth/basicauth.go
@@ -105,20 +105,8 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error {
// Authenticate validates the user credentials in req and returns the user, if valid.
func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) (User, bool, error) {
username, plaintextPasswordStr, ok := req.BasicAuth()
-
- // if basic auth is missing or invalid, prompt for credentials
if !ok {
- // browsers show a message that says something like:
- // "The website says: <realm>"
- // which is kinda dumb, but whatever.
- realm := hba.Realm
- if realm == "" {
- realm = "restricted"
- }
-
- w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, realm))
-
- return User{}, false, nil
+ return hba.promptForCredentials(w, nil)
}
plaintextPassword := []byte(plaintextPasswordStr)
@@ -129,15 +117,27 @@ func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request)
same, err := hba.Hash.Compare(account.password, plaintextPassword, account.salt)
if err != nil {
- return User{}, false, err
+ return hba.promptForCredentials(w, err)
}
if !same || !accountExists {
- return User{}, false, nil
+ return hba.promptForCredentials(w, nil)
}
return User{ID: username}, true, nil
}
+func (hba HTTPBasicAuth) promptForCredentials(w http.ResponseWriter, err error) (User, bool, error) {
+ // browsers show a message that says something like:
+ // "The website says: <realm>"
+ // which is kinda dumb, but whatever.
+ realm := hba.Realm
+ if realm == "" {
+ realm = "restricted"
+ }
+ w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, realm))
+ return User{}, false, err
+}
+
// Comparer is a type that can securely compare
// a plaintext password with a hashed password
// in constant-time. Comparers should hash the