in modules/http/mod-openauth.cpp [245:336]
static int checkAuthn(request_rec* const r) {
const gc_scoped_pool sp(r->pool);
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_openauth);
if(!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
debug_httpdRequest(r, "modopenauth::checkAuthn::input");
debug(atype, "modopenauth::checkAuthn::auth_type");
if(atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
debug(atype, "modopenauth::checkAuthn::auth_type");
// Get the request args
const list<value> args = httpd::queryArgs(r);
// Get session id from the request
const maybe<string> sid = sessionID(r, "TuscanyOpenAuth");
if(hasContent(sid)) {
// Decline if the session id was not created by this module
const string stype = substr(content(sid), 0, 7);
if(stype == "OAuth2_" || stype == "OAuth1_" || stype == "OpenID_")
return DECLINED;
// Retrieve the auth realm
const char* aname = ap_auth_name(r);
if(aname == NULL)
return reportStatus(mkfailure<int>("Missing AuthName", HTTP_UNAUTHORIZED), dc.login, nilValue, r);
// Extract user info from the session id
const failable<value> userinfo = userInfoFromCookie(content(sid), aname, r);
if(hasContent(userinfo)) {
// Try to authenticate the request
const value uinfo = content(userinfo);
const failable<int> authz = checkAuthnz(cadr(assoc<value>("id", uinfo)), cadr(assoc<value>("password", uinfo)), r, dc);
if(!hasContent(authz)) {
// Authentication failed, redirect to login page
r->ap_auth_type = const_cast<char*>(atype);
return reportStatus(authz, dc.login, 1, r);
}
// Successfully authenticated, store the user info in the request
r->ap_auth_type = const_cast<char*>(atype);
return reportStatus(authenticated(uinfo, r), dc.login, nilValue, r);
}
}
// Get basic auth header from the request
const char* const header = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization");
if(header != NULL) {
// Retrieve the auth realm
const char* const aname = ap_auth_name(r);
if(aname == NULL)
return reportStatus(mkfailure<int>("Missing AuthName", HTTP_UNAUTHORIZED), dc.login, nilValue, r);
// Extract user info from the session id
const failable<value> info = userInfoFromHeader(header, aname, r);
if(hasContent(info)) {
// Try to authenticate the request
const value uinfo = content(info);
const failable<int> authz = checkAuthnz(cadr(assoc<value>("id", uinfo)), cadr(assoc<value>("password", uinfo)), r, dc);
if(!hasContent(authz)) {
// Authentication failed, redirect to login page
r->ap_auth_type = const_cast<char*>(atype);
return reportStatus(authz, dc.login, 1, r);
}
// Successfully authenticated, store the user info in the request
r->ap_auth_type = const_cast<char*>(atype);
return reportStatus(authenticated(uinfo, r), dc.login, nilValue, r);
}
}
// Decline if the request is for another authentication provider
if(!isNull(assoc<value>("openid_identifier", args)))
return DECLINED;
// Redirect to the login page, unless we have a session id from another module
if(hasContent(sessionID(r, "TuscanyOpenIDAuth")) ||
hasContent(sessionID(r, "TuscanyOAuth1")) ||
hasContent(sessionID(r, "TuscanyOAuth2")))
return DECLINED;
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, nilValue, nilValue, r));
}