[libeufin] branch master updated: define authenticator helper

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libeufin] branch master updated: define authenticator helper

From:	gnunet
Subject:	[libeufin] branch master updated: define authenticator helper
Date:	Tue, 07 Apr 2020 21:30:46 +0200

This is an automated email from the git hooks/post-receive script.

marcello pushed a commit to branch master
in repository libeufin.

The following commit(s) were added to refs/heads/master by this push:
     new 9187644  define authenticator helper
9187644 is described below

commit 9187644df5b541b4991a48fa6268aa9ad6c9597b
Author: Marcello Stanisci <address@hidden>
AuthorDate: Tue Apr 7 21:30:23 2020 +0200

    define authenticator helper
---
 .../src/main/kotlin/tech/libeufin/nexus/Helpers.kt |  2 --
 nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt  | 10 -------
 nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt | 31 ++++++++++++++++++----
 3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
index e39f521..372d414 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
@@ -1,8 +1,6 @@
 package tech.libeufin.nexus
 
 import io.ktor.http.HttpStatusCode
-import org.apache.commons.compress.archivers.zip.ZipFile
-import org.apache.commons.compress.utils.SeekableInMemoryByteChannel
 
 /**
  * Inserts spaces every 2 characters, and a newline after 8 pairs.
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
index 963d5ce..7daca4d 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -325,16 +325,6 @@ fun main() {
             this.level = Level.DEBUG
             this.logger = tech.libeufin.nexus.logger
         }
-        /*
-        install(Authentication) {
-            basic("taler") {
-                validate {credentials ->
-
-
-                }
-            }
-        }*/
-
         install(ContentNegotiation) {
             gson {
                 setDateFormat(DateFormat.LONG)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
index 3437b73..9c8ef51 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
@@ -5,12 +5,14 @@ import io.ktor.http.ContentType
 import io.ktor.http.HttpStatusCode
 import io.ktor.response.respondText
 import io.ktor.routing.Route
+import io.ktor.routing.get
 import io.ktor.routing.post
 import org.jetbrains.exposed.sql.and
 import org.jetbrains.exposed.sql.transactions.transaction
 import tech.libeufin.util.CryptoUtil
 import tech.libeufin.util.base64ToBytes
 import java.lang.Exception
+import javax.sql.rowset.serial.SerialBlob
 
 /**
  * This helper function parses a Authorization:-header line, decode the 
credentials
@@ -42,11 +44,8 @@ class Taler(app: Route) {
          * (!= public key) subject. */
         refund(app)
 
-        /**
-         * NOTE: Taler exchanges do authenticate via the HTTP Basic auth 
mechanism,
-         * which is currently _missing_ in the nexus.  Therefore, a mapping 
from auth
-         * header lines to ebics_subscriber needs to be implemented!
-         */
+        /** Tester for HTTP basic auth. */
+        testAuth(app)
     }
 
     /**
@@ -117,6 +116,28 @@ class Taler(app: Route) {
         val row_id: Long
     )
 
+    // throws error if password is wrong
+    private fun authenticateRequest(authorization: String?) {
+        val headerLine = authorization ?: throw NexusError(
+            HttpStatusCode.BadRequest, "Authentication:-header line not found"
+        )
+        logger.debug("Checking for authorization: $headerLine")
+        transaction {
+            val (user, pass) = extractUserAndHashedPassword(headerLine)
+            EbicsSubscriberEntity.find {
+                EbicsSubscribersTable.id eq user and 
(EbicsSubscribersTable.password eq SerialBlob(pass))
+            }.firstOrNull()
+        } ?: throw NexusError(HttpStatusCode.Forbidden, "Wrong password")
+    }
+
+    fun testAuth(app: Route) {
+        app.get("/taler/test-auth") {
+            authenticateRequest(call.request.headers["Authorization"])
+            call.respondText("Authenticated!", ContentType.Text.Plain, 
HttpStatusCode.OK)
+            return@get
+        }
+    }
+
     fun digest(app: Route) {
         app.post("/ebics/taler/{id}/digest-incoming-transactions") {
             val id = expectId(call.parameters["id"])

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[libeufin] branch master updated: define authenticator helper, gnunet <=

Prev by Date: [libeufin] branch master updated: debug password-less registrations
Next by Date: [taler-anastasis] 01/02: fixed policy-store-2 test
Previous by thread: [libeufin] branch master updated: debug password-less registrations
Next by thread: [taler-anastasis] branch master updated (ca6fa36 -> 529a3db)
Index(es):
- Date
- Thread