From b4c10a3f59392080f54a206ad40f779628cdad96 Mon Sep 17 00:00:00 2001 From: sdogruyol Date: Sat, 26 Nov 2016 21:50:50 +0300 Subject: [PATCH] Remove basic auth middleware --- spec/helpers_spec.cr | 7 ----- spec/middleware/http_basic_auth_spec.cr | 28 ------------------ src/kemal/helpers/helpers.cr | 6 ---- src/kemal/middleware/http_basic_auth.cr | 38 ------------------------- 4 files changed, 79 deletions(-) delete mode 100644 spec/middleware/http_basic_auth_spec.cr delete mode 100644 src/kemal/middleware/http_basic_auth.cr diff --git a/spec/helpers_spec.cr b/spec/helpers_spec.cr index a1c277e..4d0d533 100644 --- a/spec/helpers_spec.cr +++ b/spec/helpers_spec.cr @@ -1,13 +1,6 @@ require "./spec_helper" describe "Macros" do - describe "#basic_auth" do - it "adds HTTPBasicAuthHandler" do - basic_auth "serdar", "123" - Kemal.config.handlers.size.should eq 6 - end - end - describe "#public_folder" do it "sets public folder" do public_folder "/some/path/to/folder" diff --git a/spec/middleware/http_basic_auth_spec.cr b/spec/middleware/http_basic_auth_spec.cr deleted file mode 100644 index 4fe1213..0000000 --- a/spec/middleware/http_basic_auth_spec.cr +++ /dev/null @@ -1,28 +0,0 @@ -require "../spec_helper" - -describe "Kemal::Middleware::HTTPBasicAuth" do - it "goes to next handler with correct credentials" do - auth_handler = Kemal::Middleware::HTTPBasicAuth.new("serdar", "123") - request = HTTP::Request.new( - "GET", - "/", - headers: HTTP::Headers{"Authorization" => "Basic c2VyZGFyOjEyMw=="}, - ) - - io_with_context = create_request_and_return_io(auth_handler, request) - client_response = HTTP::Client::Response.from_io(io_with_context, decompress: false) - client_response.status_code.should eq 404 - end - - it "returns 401 with incorrect credentials" do - auth_handler = Kemal::Middleware::HTTPBasicAuth.new("serdar", "123") - request = HTTP::Request.new( - "GET", - "/", - headers: HTTP::Headers{"Authorization" => "NotBasic"}, - ) - io_with_context = create_request_and_return_io(auth_handler, request) - client_response = HTTP::Client::Response.from_io(io_with_context, decompress: false) - client_response.status_code.should eq 401 - end -end diff --git a/src/kemal/helpers/helpers.cr b/src/kemal/helpers/helpers.cr index 38409be..e7c00a6 100644 --- a/src/kemal/helpers/helpers.cr +++ b/src/kemal/helpers/helpers.cr @@ -3,12 +3,6 @@ def add_handler(handler) Kemal.config.add_handler handler end -# Uses Kemal::Middleware::HTTPBasicAuth to easily add HTTP Basic Auth support. -def basic_auth(username, password) - auth_handler = Kemal::Middleware::HTTPBasicAuth.new(username, password) - add_handler auth_handler -end - # Sets public folder from which the static assets will be served. # By default this is `/public` not `src/public`. def public_folder(path) diff --git a/src/kemal/middleware/http_basic_auth.cr b/src/kemal/middleware/http_basic_auth.cr deleted file mode 100644 index 92ec849..0000000 --- a/src/kemal/middleware/http_basic_auth.cr +++ /dev/null @@ -1,38 +0,0 @@ -require "base64" - -module Kemal::Middleware - # This middleware adds HTTP Basic Auth support to your application. - # Returns 401 "Unauthorized" with wrong credentials. - # - # auth_handler = Kemal::Middleware::HTTPBasicAuth.new("username", "password") - # Kemal.config.add_handler auth_handler - # - class HTTPBasicAuth < HTTP::Handler - BASIC = "Basic" - AUTH = "Authorization" - AUTH_MESSAGE = "Could not verify your access level for that URL.\nYou have to login with proper credentials" - HEADER_LOGIN_REQUIRED = "Basic realm=\"Login Required\"" - - def initialize(@username : String?, @password : String?) - end - - def call(context) - if context.request.headers[AUTH]? - if value = context.request.headers[AUTH] - if value.size > 0 && value.starts_with?(BASIC) - return call_next(context) if authorized?(value) - end - end - end - headers = HTTP::Headers.new - context.response.status_code = 401 - context.response.headers["WWW-Authenticate"] = HEADER_LOGIN_REQUIRED - context.response.print AUTH_MESSAGE - end - - def authorized?(value) - username, password = Base64.decode_string(value[BASIC.size + 1..-1]).split(":") - @username == username && @password == password - end - end -end