Browse Source

fixed auth waterfall (cookie -> webid-rsa -> webid-tls)

deiu 5 years ago
parent
commit
0bdd8d34c3
3 changed files with 17 additions and 10 deletions
  1. 12 7
      auth.go
  2. 4 2
      server.go
  3. 1 1
      webid.go

+ 12 - 7
auth.go

@@ -31,6 +31,7 @@ func (req *httpRequest) authn(w http.ResponseWriter) string {
 		return user
 	}
 
+	// try WebID-RSA
 	if len(req.Header.Get("Authorization")) > 0 {
 		user, err = WebIDDigestAuth(req)
 		if err != nil {
@@ -38,20 +39,24 @@ func (req *httpRequest) authn(w http.ResponseWriter) string {
 		}
 		if len(user) > 0 {
 			req.Server.debug.Println("WebID-RSA auth OK for User: " + user)
-			return user
 		}
 	}
-
-	user, err = WebIDTLSAuth(req)
-	if err != nil {
-		req.Server.debug.Println("WebID-TLS error:", err)
+	// fall back to WebID-TLS
+	if len(user) == 0 {
+		user, err = WebIDTLSAuth(req)
+		if err != nil {
+			req.Server.debug.Println("WebID-TLS error:", err)
+		}
+		if len(user) > 0 {
+			req.Server.debug.Println("WebID-TLS auth OK for User: " + user)
+		}
 	}
+
 	if len(user) > 0 {
-		req.Server.debug.Println("WebID-TLS auth OK for User: " + user)
 		if len(req.Header.Get("On-Behalf-Of")) > 0 {
 			delegator := debrack(req.Header.Get("On-Behalf-Of"))
 			if verifyDelegator(delegator, user) {
-				req.Server.debug.Println("Request User ID (delegation):", user)
+				req.Server.debug.Println("Setting delegation user to:", delegator)
 				user = delegator
 			}
 		}

+ 4 - 2
server.go

@@ -804,14 +804,16 @@ func (s *Server) handle(w http.ResponseWriter, req *httpRequest) (r *response) {
 		}
 
 		if dataHasParser {
-			s.debug.Println("Preparing to PATCH resource", resource.URI, " with file", resource.File)
+			s.debug.Println("Preparing to PATCH resource", resource.URI, "with file", resource.File)
 			buf, _ := ioutil.ReadAll(req.Body)
 			body := ioutil.NopCloser(bytes.NewBuffer(buf))
 
 			req.Body.Close()
 
 			if req.Header.Get("Content-Length") == "0" || len(buf) == 0 {
-				return r.respond(400, "Empty PATCH body. No SPARQL statements found in the request.")
+				errmsg := "Could not patch resource. No SPARQL statements found in the request."
+				s.debug.Println(errmsg)
+				return r.respond(400, errmsg)
 			}
 
 			g := NewGraph(resource.URI)

+ 1 - 1
webid.go

@@ -92,7 +92,7 @@ func WebIDDigestAuth(req *httpRequest) (string, error) {
 	}
 
 	if len(authH.Username) == 0 || len(claim) == 0 || len(signature) == 0 {
-		return "", errors.New("No WebID and/or claim found in the Authorization header")
+		return "", errors.New("No WebID and/or claim found in the Authorization header.\n" + req.Header.Get("Authorization"))
 	}
 
 	// fetch WebID to get pubKey