Skip to content

Commit

Permalink
Refactor HTTP Server Authentication code
Browse files Browse the repository at this point in the history
Signed-off-by: Leonty Chudinov <[email protected]>
  • Loading branch information
Leonty Chudinov committed Sep 9, 2020
1 parent ef72720 commit d14649d
Showing 1 changed file with 13 additions and 6 deletions.
19 changes: 13 additions & 6 deletions c/httpserver.c
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ typedef struct AuthResponse_tag {
union {
SAFAuthStatus safStatus;
} responseDetails;
bool authDataFound;
} AuthResponse;

/* FIX THIS: a temporary "low profile" way of hiding printfs. Improves
Expand Down Expand Up @@ -2485,6 +2486,7 @@ static int safAuthenticate(HttpService *service, HttpRequest *request, AuthRespo

authResponse->type = AUTH_TYPE_RACF;
authResponse->responseDetails.safStatus = status.safStatus;
authResponse->authDataFound = (bool)authDataFound;

if (pwdCheckRC != 0) {
#ifdef DEBUG_AUTH
Expand Down Expand Up @@ -2868,7 +2870,7 @@ static int serviceAuthNativeWithSessionToken(HttpService *service, HttpRequest *
response->sessionCookie = NULL;

AUTH_TRACE("AUTH: tokenCookieText: %s\n",(tokenCookieText ? tokenCookieText : "<noAuthToken>"));

authResponse->authDataFound = authDataFound || (tokenCookieText != NULL);
if (tokenCookieText){
zowelog(NULL, LOG_COMP_HTTPSERVER, ZOWE_LOG_DEBUG3,
"serviceAuthNativeWithSessionToken: tokenCookieText: %s\n",
Expand Down Expand Up @@ -2933,7 +2935,8 @@ static int serviceAuthNativeWithSessionToken(HttpService *service, HttpRequest *

static int serviceAuthWithJwt(HttpService *service,
HttpRequest *request,
HttpResponse *response) {
HttpResponse *response,
AuthResponse *authResponse) {
HttpHeader *const authorizationHeader = getHeader(request, "Authorization");
char *jwtTokenText = getCookieValue(request,JWT_COOKIE_NAME);

Expand Down Expand Up @@ -2971,6 +2974,7 @@ static int serviceAuthWithJwt(HttpService *service,
if (request->authToken == NULL) {
return FALSE;
}
authResponse->authDataFound = TRUE;

JwtContext *const jwtContext = service->server->config->jwtContext;
if (jwtContext == NULL) {
Expand Down Expand Up @@ -3232,7 +3236,7 @@ static int handleHttpService(HttpServer *server,

int clearSessionToken = FALSE;

AuthResponse authResponse;
AuthResponse authResponse = {0};

switch (service->authType){

Expand All @@ -3259,7 +3263,7 @@ static int handleHttpService(HttpServer *server,
switch (server->config->authTokenType) {
case SERVICE_AUTH_TOKEN_TYPE_JWT:
case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK:
request->authenticated = serviceAuthWithJwt(service, request, response);
request->authenticated = serviceAuthWithJwt(service, request, response, &authResponse);

if (request->authenticated ||
service->server->config->authTokenType
Expand All @@ -3275,9 +3279,12 @@ static int handleHttpService(HttpServer *server,
#ifdef DEBUG
printf("service=%s authenticated=%d\n",service->name,request->authenticated);
#endif
AUTH_TRACE("request->authenticated %s, authResponse.authDataFound %s\n",
request->authenticated ? "true" : "false",
authResponse.authDataFound ? "true" : "false");
if (request->authenticated == FALSE){
if (service->authFlags & SERVICE_AUTH_FLAG_OPTIONAL) {
// Allow the service to decide when to respond with HTTP 401
if (service->authFlags & SERVICE_AUTH_FLAG_OPTIONAL && !authResponse.authDataFound) {
AUTH_TRACE("Allow the service to handle the request because auth is optional and authData not found\n");
serveRequest(service, response, request);
} else {
respondWithAuthError(response, &authResponse);
Expand Down

0 comments on commit d14649d

Please sign in to comment.