Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add support for HTTP Basic Auth authentication

  • Loading branch information...
commit d094a1fa441817a2738adbc360e9488ff4f4cb38 1 parent bce6aa2
@sqs sqs authored
View
1  app/controllers/Application.scala
@@ -51,6 +51,7 @@ trait StatelessSecurity extends StatelessSecurityBase {
def lookupUser(userId: String) = User.findByEmail(userId)
def getUserId(user: User) = user.email
+ def authenticateUserAndReturnUserId(userId: String, password: String) = User.authenticate(userId, password).map(_.email)
def onUnauthorized(request: RequestHeader) = Redirect(routes.Application.login)
def onLoginSucceeded(request: RequestHeader) = Redirect(routes.Application.home)
View
3  module/build.sbt
@@ -7,7 +7,8 @@ resolvers ++= Seq(
)
libraryDependencies ++= Seq(
- "play" %% "play" % "2.0.1"
+ "play" %% "play" % "2.0.1",
+ "commons-codec" % "commons-codec" % "1.2"
)
organization := "com.blendlabsinc"
View
15 module/src/main/scala/com/blendlabsinc/play20/auth/StatelessSecurityBase.scala
@@ -1,16 +1,31 @@
package com.blendlabsinc.play20.auth
import play.api.mvc._
+import org.apache.commons.codec.binary.Base64.decodeBase64
trait StatelessSecurityBase {
type User
def getUserIdFromRequest(request: RequestHeader): Option[String] =
+ Seq(getUserIdFromCookie _, getUserIdFromHTTPBasicAuth _).flatMap(_.apply(request)).headOption
+
+ def getUserIdFromCookie(request: RequestHeader): Option[String] =
AuthData.decodeFromCookie(request.cookies.get(AuthData.COOKIE_NAME)).get(AuthData.UserIdKey)
+ def getUserIdFromHTTPBasicAuth(request: RequestHeader): Option[String] =
+ request.headers.get("Authorization").flatMap { authorization =>
+ authorization.split(" ").drop(1).headOption.flatMap { encoded =>
+ new String(decodeBase64(encoded.getBytes)).split(":").toList match {
+ case userId :: password :: Nil => authenticateUserAndReturnUserId(userId, password)
+ case _ => None
+ }
+ }
+ }
+
def lookupUser(userId: String): Option[User]
def getUserId(user: User): String
+ def authenticateUserAndReturnUserId(userId: String, password: String): Option[String]
def onUnauthorized(request: RequestHeader): Result
def onLoginSucceeded(request: RequestHeader): PlainResult
Please sign in to comment.
Something went wrong with that request. Please try again.