http4s · rossabaker · Mar 24, 2022 · Mar 21, 2022 · Mar 21, 2022 · Mar 21, 2022
diff --git a/server/src/main/scala/org/http4s/server/middleware/authentication/DigestAuth.scala b/server/src/main/scala/org/http4s/server/middleware/authentication/DigestAuth.scala
@@ -22,25 +22,62 @@ package authentication
 import cats.Monad
 import cats.data.Kleisli
 import cats.data.NonEmptyList
+import cats.effect.Blocker
+import cats.effect.Concurrent
+import cats.effect.ContextShift
 import cats.effect.Sync
+import cats.effect.Timer
 import cats.syntax.all._
 import org.http4s.crypto.Hash
-import org.http4s.crypto.unsafe.SecureRandom
 import org.http4s.headers._
 
-import java.math.BigInteger
-import java.util.Date
 import scala.concurrent.duration._
 
 /** Provides Digest Authentication from RFC 2617.
   */
 object DigestAuth {
 
+  @deprecated(
+    "AuthenticationStore is going away, in favor of explicit subclasses of AuthStore. PlainTextAuthStore maintains the previous, insecure behaviour, whereas Md5HashedAuthStore is the new advised implementation going forward.",
+    "0.22.13",
+  )
+  type AuthenticationStore[F[_], A] = String => F[Option[(A, String)]]
+
+  sealed trait AuthStore[F[_], A]
+
   /** A function mapping username to a user object and password, or
-    * None if no user exists.  Requires that the server can recover
-    * the password in clear text, which is _strongly_ discouraged.
+    * None if no user exists.
+    *
+    * Requires that the server can recover the password in clear text,
+    * which is _strongly_ discouraged. Please use Md5HashedAuthStore
+    * if you can.
     */
-  type AuthenticationStore[F[_], A] = String => F[Option[(A, String)]]
+  object PlainTextAuthStore {
+    def apply[F[_], A](func: String => F[Option[(A, String)]]): AuthStore[F, A] =
+      new PlainTextAuthStore(func)
+  }
+  final class PlainTextAuthStore[F[_], A](val func: String => F[Option[(A, String)]])
+      extends AuthStore[F, A]
+
+  /** A function mapping username to a user object and precomputed md5
+    * hash of the username, realm, and password, or None if no user exists.
+    *
+    * More secure than PlainTextAuthStore due to only needing to
+    * store the digested hash instead of the password in plain text.
+    */
+  object Md5HashedAuthStore {
+    def apply[F[_], A](func: String => F[Option[(A, String)]]): AuthStore[F, A] =
+      new Md5HashedAuthStore(func)
+
+    def precomputeHash[F[_]: Monad: Hash](
+        username: String,
+        realm: String,
+        password: String,
+    ): F[String] =
+      DigestUtil.computeHa1(username, realm, password)
+  }
+  final class Md5HashedAuthStore[F[_], A](val func: String => F[Option[(A, String)]])
+      extends AuthStore[F, A]
 
   private trait AuthReply[+A]
   private final case class OK[A](authInfo: A) extends AuthReply[A]
@@ -52,6 +89,19 @@ object DigestAuth {
   private case object NoCredentials extends AuthReply[Nothing]
   private case object NoAuthorizationHeader extends AuthReply[Nothing]
 
+  @deprecated("Calling apply is side-effecting, please use applyF", "0.22.13")
+  def apply[F[_]: Sync, A](
+      realm: String,
+      store: String => F[Option[(A, String)]],
+      nonceCleanupInterval: Duration = 1.hour,
+      nonceStaleTime: Duration = 1.hour,
+      nonceBits: Int = 160,
+  ): AuthMiddleware[F, A] = {
+    val nonceKeeper =
+      new NonceKeeper(nonceStaleTime.toMillis, nonceCleanupInterval.toMillis, nonceBits)
+    challenged(challenge(realm, store, nonceKeeper))
+  }
+
   /** @param realm The realm used for authentication purposes.
     * @param store A partial function mapping (realm, user) to the
     *              appropriate password.
@@ -62,115 +112,185 @@ object DigestAuth {
     *                       purposes anymore).
     * @param nonceBits The number of random bits a nonce should consist of.
     */
-  def apply[F[_]: Sync, A](
+  def applyF[F[_], A](
       realm: String,
-      store: AuthenticationStore[F, A],
+      store: AuthStore[F, A],
+      blocker: Blocker,
       nonceCleanupInterval: Duration = 1.hour,
       nonceStaleTime: Duration = 1.hour,
       nonceBits: Int = 160,
-  ): AuthMiddleware[F, A] = {
-    val nonceKeeper =
-      new NonceKeeper(nonceStaleTime.toMillis, nonceCleanupInterval.toMillis, nonceBits)
-    challenged(challenge(realm, store, nonceKeeper))
-  }
+  )(implicit F: Concurrent[F], t: Timer[F], cs: ContextShift[F]): F[AuthMiddleware[F, A]] =
+    challenge[F, A](
+      realm = realm,
+      store = store,
+      nonceCleanupInterval = nonceCleanupInterval,
+      nonceStaleTime = nonceStaleTime,
+      nonceBits = nonceBits,
+      blocker = blocker,
+    ).map { runChallenge =>
+      challenged(runChallenge)
+    }
 
-  /** Side-effect of running the returned task: If req contains a valid
+  def challenge[F[_], A](
+      realm: String,
+      store: String => F[Option[(A, String)]],
+      nonceKeeper: NonceKeeper,
+  )(implicit
+      F: Sync[F]
+  ): Kleisli[F, Request[F], Either[Challenge, AuthedRequest[F, A]]] =
+    challengeInterop[F, A](
+      realm,
+      PlainTextAuthStore(store),
+      F.delay(nonceKeeper.newNonce()),
+      (data, nc) => F.delay(nonceKeeper.receiveNonce(data, nc)),
+    )
+
+  /** Similar to [[apply]], but exposing the underlying [[challenge]]
+    * [[cats.data.Kleisli]] instead of an entire [[AuthMiddleware]]
+    *
+    * Side-effect of running the returned task: If req contains a valid
     * AuthorizationHeader, the corresponding nonce counter (nc) is increased.
+    *
+    * @param realm The realm used for authentication purposes.
+    * @param store A partial function mapping (realm, user) to the
+    *              appropriate password.
+    * @param nonceCleanupInterval Interval (in milliseconds) at which stale
+    *                             nonces should be cleaned up.
+    * @param nonceStaleTime Amount of time (in milliseconds) after which a nonce
+    *                       is considered stale (i.e. not used for authentication
+    *                       purposes anymore).
+    * @param nonceBits The number of random bits a nonce should consist of.
     */
-  def challenge[F[_], A](realm: String, store: AuthenticationStore[F, A], nonceKeeper: NonceKeeper)(
-      implicit F: Sync[F]
+  def challenge[F[_], A](
+      realm: String,
+      store: AuthStore[F, A],
+      blocker: Blocker,
+      nonceCleanupInterval: Duration = 1.hour,
+      nonceStaleTime: Duration = 1.hour,
+      nonceBits: Int = 160,
+  )(implicit
+      F: Concurrent[F],
+      t: Timer[F],
+      cs: ContextShift[F],
+  ): F[Kleisli[F, Request[F], Either[Challenge, AuthedRequest[F, A]]]] =
+    NonceKeeperF[F](nonceStaleTime, nonceCleanupInterval, nonceBits, blocker)
+      .map { nonceKeeper =>
+        challengeInterop[F, A](realm, store, nonceKeeper.newNonce(), nonceKeeper.receiveNonce _)
+      }
+
+  private[this] def challengeInterop[F[_], A](
+      realm: String,
+      store: AuthStore[F, A],
+      newNonce: F[String],
+      receiveNonce: (String, Int) => F[NonceKeeper.Reply],
+  )(implicit
+      F: Sync[F]
   ): Kleisli[F, Request[F], Either[Challenge, AuthedRequest[F, A]]] =
     Kleisli { req =>
       def paramsToChallenge(params: Map[String, String]) =
         Either.left(Challenge("Digest", realm, params))
 
-      checkAuth(realm, store, nonceKeeper, req).flatMap {
+      checkAuth(realm, store, receiveNonce, req).flatMap {
         case OK(authInfo) => F.pure(Either.right(AuthedRequest(authInfo, req)))
-        case StaleNonce => getChallengeParams(nonceKeeper, staleNonce = true).map(paramsToChallenge)
-        case _ => getChallengeParams(nonceKeeper, staleNonce = false).map(paramsToChallenge)
+        case StaleNonce =>
+          getChallengeParams(newNonce, staleNonce = true).map(paramsToChallenge)
+        case _ => getChallengeParams(newNonce, staleNonce = false).map(paramsToChallenge)
       }
     }
 
   private def checkAuth[F[_]: Hash, A](
       realm: String,
-      store: AuthenticationStore[F, A],
-      nonceKeeper: NonceKeeper,
+      store: AuthStore[F, A],
+      receiveNonce: (String, Int) => F[NonceKeeper.Reply],
       req: Request[F],
   )(implicit F: Monad[F]): F[AuthReply[A]] =
     req.headers.get[Authorization] match {
       case Some(Authorization(Credentials.AuthParams(AuthScheme.Digest, params))) =>
-        checkAuthParams(realm, store, nonceKeeper, req, params)
+        checkAuthParams(realm, store, receiveNonce, req, params)
       case Some(_) =>
         F.pure(NoCredentials)
       case None =>
         F.pure(NoAuthorizationHeader)
     }
 
-  private def getChallengeParams[F[_]](nonceKeeper: NonceKeeper, staleNonce: Boolean)(implicit
+  private def getChallengeParams[F[_]](newNonce: F[String], staleNonce: Boolean)(implicit
       F: Sync[F]
   ): F[Map[String, String]] =
-    F.delay {
-      val nonce = nonceKeeper.newNonce()
-      val m = Map("qop" -> "auth", "nonce" -> nonce)
-      if (staleNonce)
-        m + ("stale" -> "TRUE")
-      else
-        m
-    }
+    newNonce
+      .map { nonce =>
+        val m = Map("qop" -> "auth", "nonce" -> nonce)
+        if (staleNonce)
+          m + ("stale" -> "TRUE")
+        else
+          m
+      }
 
   private def checkAuthParams[F[_]: Hash, A](
       realm: String,
-      store: AuthenticationStore[F, A],
-      nonceKeeper: NonceKeeper,
+      store: AuthStore[F, A],
+      receiveNonce: (String, Int) => F[NonceKeeper.Reply],
       req: Request[F],
       paramsNel: NonEmptyList[(String, String)],
   )(implicit F: Monad[F]): F[AuthReply[A]] = {
     val params = paramsNel.toList.toMap
-    if (!Set("realm", "nonce", "nc", "username", "cnonce", "qop").subsetOf(params.keySet))
-      return F.pure(BadParameters)
-
-    val method = req.method.toString
-    val uri = req.uri.toString
-
-    if (params.get("realm") != Some(realm))
-      return F.pure(BadParameters)
-
-    val nonce = params("nonce")
-    val nc = params("nc")
-    nonceKeeper.receiveNonce(nonce, Integer.parseInt(nc, 16)) match {
-      case NonceKeeper.StaleReply => F.pure(StaleNonce)
-      case NonceKeeper.BadNCReply => F.pure(BadNC)
-      case NonceKeeper.OKReply =>
-        store(params("username")).flatMap {
-          case None => F.pure(UserUnknown)
-          case Some((authInfo, password)) =>
-            DigestUtil
-              .computeResponse(
-                method,
-                params("username"),
-                realm,
-                password,
-                uri,
-                nonce,
-                nc,
-                params("cnonce"),
-                params("qop"),
-              )
-              .map { resp =>
-                if (resp == params("response")) OK(authInfo)
-                else WrongResponse
-              }
+    if (!Set("realm", "nonce", "nc", "username", "cnonce", "qop").subsetOf(params.keySet)) {
+      F.pure(BadParameters)
+    } else {
+      val method = req.method.toString
+
+      if (!params.get("realm").contains(realm)) {
+        F.pure(BadParameters)
+      } else {
+        val nonce = params("nonce")
+        val nc = params("nc")
+        receiveNonce(nonce, Integer.parseInt(nc, 16)).flatMap {
+          case NonceKeeper.StaleReply => F.pure(StaleNonce)
+          case NonceKeeper.BadNCReply => F.pure(BadNC)
+          case NonceKeeper.OKReply =>
+            (store match {
+              case authStore: PlainTextAuthStore[F, A] =>
+                authStore.func(params("username")).flatMap {
+                  case None => F.pure(UserUnknown)
+                  case Some((authInfo, password)) =>
+                    DigestUtil
+                      .computeResponse(
+                        method,
+                        params("username"),
+                        realm,
+                        password,
+                        req.uri,
+                        nonce,
+                        nc,
+                        params("cnonce"),
+                        params("qop"),
+                      )
+                      .map { resp =>
+                        if (resp == params("response")) OK(authInfo)
+                        else WrongResponse
+                      }
+                }
+              case authStore: Md5HashedAuthStore[F, A] =>
+                authStore.func(params("username")).flatMap {
+                  case None => F.pure(UserUnknown)
+                  case Some((authInfo, ha1Hash)) =>
+                    DigestUtil
+                      .computeHashedResponse(
+                        method,
+                        ha1Hash,
+                        req.uri,
+                        nonce,
+                        nc,
+                        params("cnonce"),
+                        params("qop"),
+                      )
+                      .map { resp =>
+                        if (resp == params("response")) OK(authInfo)
+                        else WrongResponse
+                      }
+                }
+            })
         }
+      }
     }
   }
 }
-
-private[authentication] class Nonce(val created: Date, var nc: Int, val data: String)
-
-private[authentication] object Nonce {
-  val random = new SecureRandom()
-
-  private def getRandomData(bits: Int): String = new BigInteger(bits, random).toString(16)
-
-  def gen(bits: Int): Nonce = new Nonce(new Date(), 0, getRandomData(bits))
-}