add support for HTTP Basic Auth authentication

blend · Jun 21, 2012 · d094a1f · d094a1f
1 parent bce6aa2
commit d094a1f
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/app/controllers/Application.scala b/app/controllers/Application.scala
@@ -51,6 +51,7 @@ trait StatelessSecurity extends StatelessSecurityBase {
 
   def lookupUser(userId: String) = User.findByEmail(userId)
   def getUserId(user: User) = user.email
+  def authenticateUserAndReturnUserId(userId: String, password: String) = User.authenticate(userId, password).map(_.email)
 
   def onUnauthorized(request: RequestHeader) = Redirect(routes.Application.login)
   def onLoginSucceeded(request: RequestHeader) = Redirect(routes.Application.home)

diff --git a/module/build.sbt b/module/build.sbt
@@ -7,7 +7,8 @@ resolvers ++= Seq(
 )
 
 libraryDependencies ++= Seq(
-  "play" %% "play" % "2.0.1"
+  "play" %% "play" % "2.0.1",
+  "commons-codec" % "commons-codec" % "1.2"
 )
 
 organization := "com.blendlabsinc"

diff --git a/module/src/main/scala/com/blendlabsinc/play20/auth/StatelessSecurityBase.scala b/module/src/main/scala/com/blendlabsinc/play20/auth/StatelessSecurityBase.scala
@@ -1,16 +1,31 @@
 package com.blendlabsinc.play20.auth
 
 import play.api.mvc._
+import org.apache.commons.codec.binary.Base64.decodeBase64
 
 trait StatelessSecurityBase {
 
   type User
 
   def getUserIdFromRequest(request: RequestHeader): Option[String] =
+    Seq(getUserIdFromCookie _, getUserIdFromHTTPBasicAuth _).flatMap(_.apply(request)).headOption
+
+  def getUserIdFromCookie(request: RequestHeader): Option[String] =
     AuthData.decodeFromCookie(request.cookies.get(AuthData.COOKIE_NAME)).get(AuthData.UserIdKey)
 
+  def getUserIdFromHTTPBasicAuth(request: RequestHeader): Option[String] =
+    request.headers.get("Authorization").flatMap { authorization =>
+      authorization.split(" ").drop(1).headOption.flatMap { encoded =>
+        new String(decodeBase64(encoded.getBytes)).split(":").toList match {
+          case userId :: password :: Nil => authenticateUserAndReturnUserId(userId, password)
+          case _ => None
+        }
+      }
+    }
+
   def lookupUser(userId: String): Option[User]
   def getUserId(user: User): String
+  def authenticateUserAndReturnUserId(userId: String, password: String): Option[String]
 
   def onUnauthorized(request: RequestHeader): Result
   def onLoginSucceeded(request: RequestHeader): PlainResult