always store a tuple in #headers.authorization (capflam)

The function yaws:parse_auth/1 returned "undefined" if it couldn't parse the value of the "Authorization" header. In this case, we lost the original value of this header. Always store a tuple of the form "{User, Pass, Orig}" even if the value can't be parsed. In this case, "User" and "Pass" are set to "undefined". Also, export yaws:parse_auth/1 so that 3rd-party modules can set
AugustoGalia · May 24, 2011 · db3ec48 · db3ec48
1 parent 049d4b1
commit db3ec48
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/src/yaws.erl b/src/yaws.erl
@@ -41,7 +41,7 @@
          split_sep/2, join_sep/2,
          accepts_gzip/2, upto_char/2, deepmap/2,
          ticker/2, ticker/3,
-         parse_qvalue/1]).
+         parse_qvalue/1, parse_auth/1]).
 
 -export([outh_set_status_code/1,
          outh_set_non_cacheable/1,
@@ -2039,19 +2039,19 @@ http_collect_headers(_CliSock, _Req, _H, _SSL, _Count)  ->
 parse_auth(Orig = "Basic " ++ Auth64) ->
     case decode_base64(Auth64) of
         {error, _Err} ->
-            undefined;
+            {undefined, undefined, Orig};
         Auth ->
             case string:tokens(Auth, ":") of
                 [User, Pass] ->
                     {User, Pass, Orig};
                 _ ->
-                    undefined
+                    {undefined, undefined, Orig}
             end
     end;
 parse_auth(Orig = "Negotiate " ++ _Auth64) ->
     {undefined, undefined, Orig};
-parse_auth(_) ->
-    undefined.
+parse_auth(Orig) ->
+    {undefined, undefined, Orig}.
 
 
 decode_base64([]) ->

diff --git a/src/yaws_cgi.erl b/src/yaws_cgi.erl
@@ -203,6 +203,8 @@ build_env(Arg, Scriptfilename, Pathinfo, ExtraEnv, SC) ->
     case H#headers.authorization of
         undefined ->
             AuthEnv = [];
+        {undefined, _, _} ->
+            AuthEnv = [];
         {User, Password, "Basic " ++ Auth64} ->
             AuthEnv = [
                        {"HTTP_AUTHORIZATION", "Basic " ++ Auth64},

diff --git a/src/yaws_server.erl b/src/yaws_server.erl
@@ -1728,6 +1728,8 @@ set_auth_user(ARG, User) ->
     H = ARG#arg.headers,
     Auth =
         case H#headers.authorization of
+            {undefined, _, _} ->
+                {User, undefined, undefined};
             {_User, Pass, Orig} ->
                 {User, Pass, Orig};
             undefined ->