Core/grin
0
0
Fork 0
mirror of https://github.com/mimblewimble/grin.git synced 2025-02-08 12:21:09 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Conform auth check to rfc2616 (#1607)

Browse source 
According to rfc2616[1], the response from a server to a request with
bad credentials should be a 401 instead of a 403. Grin does not have
the concept of identities so it does not actually recognize a user
request with bad credentials.

[1] https://tools.ietf.org/html/rfc2616#section-10.4.2
This commit is contained in:
Michalis Kargakis 2018-09-29 09:28:25 +02:00 committed by hashmap
parent 2cad812b29
commit 9e6ef6f237
1 changed files with 4 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
api/src/auth.rs
View file

@ -38,13 +38,10 @@ impl Handler for BasicAuthMiddleware {
req: Request<Body>, req: Request<Body>,
mut handlers: Box<Iterator<Item = HandlerObj>>, mut handlers: Box<Iterator<Item = HandlerObj>>,
) -> ResponseFuture { ) -> ResponseFuture {
if req.headers().contains_key(AUTHORIZATION) { if req.headers().contains_key(AUTHORIZATION)
if req.headers()[AUTHORIZATION] == self.api_basic_auth { && req.headers()[AUTHORIZATION] == self.api_basic_auth
{
handlers.next().unwrap().call(req, handlers) handlers.next().unwrap().call(req, handlers)
} else {
// Forbidden 403
forbidden_response()
}
} else { } else {
// Unauthorized 401 // Unauthorized 401
unauthorized_response(&self.basic_realm) unauthorized_response(&self.basic_realm)
@ -62,11 +59,3 @@ fn unauthorized_response(basic_realm: &str) -> ResponseFuture {
.unwrap(); .unwrap();
Box::new(ok(response)) Box::new(ok(response))
} }
fn forbidden_response() -> ResponseFuture {
let response = Response::builder()
.status(StatusCode::FORBIDDEN)
.body(Body::empty())
.unwrap();
Box::new(ok(response))
}