Merge pull request #2558 from kelseyhightower/add-basic-auth

netutil: add BasicAuth function
2015-03-20 22:34:06 -07:00 · 2015-03-20 22:34:06 -07:00 · 454b66edde
parent a552722f03 4611c3b2d7
commit 454b66edde
2 changed files with 39 additions and 2 deletions
--- a/etcdserver/etcdhttp/client_security.go
+++ b/etcdserver/etcdhttp/client_security.go
@ -24,6 +24,7 @@ import (
 	"github.com/coreos/etcd/etcdserver"
 	"github.com/coreos/etcd/etcdserver/etcdhttp/httptypes"
 	"github.com/coreos/etcd/etcdserver/security"
+	"github.com/coreos/etcd/pkg/netutil"
 )

 type securityHandler struct {
@ -46,7 +47,7 @@ func hasRootAccess(sec *security.Store, r *http.Request) bool {
 	if !sec.SecurityEnabled() {
 		return true
 	}
-	username, password, ok := r.BasicAuth()
+	username, password, ok := netutil.BasicAuth(r)
 	if !ok {
 		return false
 	}
@ -73,7 +74,7 @@ func hasKeyPrefixAccess(sec *security.Store, r *http.Request, key string) bool {
 	if !sec.SecurityEnabled() {
 		return true
 	}
-	username, password, ok := r.BasicAuth()
+	username, password, ok := netutil.BasicAuth(r)
 	if !ok {
 		return false
 	}
--- a/pkg/netutil/netutil.go
+++ b/pkg/netutil/netutil.go
@ -15,10 +15,13 @@
 package netutil

 import (
+	"encoding/base64"
 	"log"
 	"net"
+	"net/http"
 	"net/url"
 	"reflect"
+	"strings"
 )

 var (
@ -99,3 +102,36 @@ func URLStringsEqual(a []string, b []string) bool {

 	return URLsEqual(urlsA, urlsB)
 }
+
+// BasicAuth returns the username and password provided in the request's
+// Authorization header, if the request uses HTTP Basic Authentication.
+// See RFC 2617, Section 2.
+// Based on the BasicAuth method from the Golang standard lib.
+// TODO: use the standard lib BasicAuth method when we move to Go 1.4.
+func BasicAuth(r *http.Request) (username, password string, ok bool) {
+	auth := r.Header.Get("Authorization")
+	if auth == "" {
+		return
+	}
+	return parseBasicAuth(auth)
+}
+
+// parseBasicAuth parses an HTTP Basic Authentication string.
+// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true).
+// Taken from the Golang standard lib.
+// TODO: use the standard lib BasicAuth method when we move to Go 1.4.
+func parseBasicAuth(auth string) (username, password string, ok bool) {
+	if !strings.HasPrefix(auth, "Basic ") {
+		return
+	}
+	c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic "))
+	if err != nil {
+		return
+	}
+	cs := string(c)
+	s := strings.IndexByte(cs, ':')
+	if s < 0 {
+		return
+	}
+	return cs[:s], cs[s+1:], true
+}