From f2c596ee2d1a6dbd444b6942a3539d581b08d806 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 3 Jul 2019 20:32:07 +0100 Subject: [PATCH] Authorization for inbox access --- auth.py | 11 +++++++++++ daemon.py | 15 +++++++++++++++ tests.py | 2 ++ 3 files changed, 28 insertions(+) diff --git a/auth.py b/auth.py index ab0b9110..b768d651 100644 --- a/auth.py +++ b/auth.py @@ -38,6 +38,17 @@ def createBasicAuthHeader(nickname: str,password: str) -> str: authStr=nickname.replace('\n','')+':'+password.replace('\n','') return 'Basic '+base64.b64encode(authStr.encode('utf-8')).decode('utf-8') +def nicknameFromBasicAuth(authHeader: str) -> str: + """Returns the nickname from basic auth header + """ + if ' ' not in authHeader: + return None + base64Str = authHeader.split(' ')[1].replace('\n','') + plain = base64.b64decode(base64Str).decode('utf-8') + if ':' not in plain: + return None + return plain.split(':')[0] + def authorizeBasic(baseDir: str,authHeader: str) -> bool: """HTTP basic auth """ diff --git a/daemon.py b/daemon.py index 7dd92f0b..57688084 100644 --- a/daemon.py +++ b/daemon.py @@ -23,6 +23,7 @@ from inbox import inboxPermittedMessage from inbox import inboxMessageHasParams from follow import getFollowingFeed from auth import authorize +from auth import nicknameFromBasicAuth import os import sys @@ -122,6 +123,20 @@ class PubServer(BaseHTTPRequestHandler): if self._webfinger(): self.server.GETbusy=False return + # get the inbox for a given person + if self.path.endswith('/inbox'): + if '/users/' in self.path: + if self.headers.get('Authorization'): + nickname=self.path.split('/users/')[1].replace('/inbox','') + if nickname==nicknameFromBasicAuth(self.headers['Authorization']): + if authorize(self.server.baseDir,self.headers['Authorization']): + # TODO + print('inbox access not supported yet') + self.send_response(401) + self.end_headers() + self.server.POSTbusy=False + return + # get outbox feed for a person outboxFeed=personOutboxJson(self.server.baseDir,self.server.domain, \ self.server.port,self.path, \ diff --git a/tests.py b/tests.py index 90d00df4..b2e28779 100644 --- a/tests.py +++ b/tests.py @@ -35,6 +35,7 @@ from person import setBio from auth import createBasicAuthHeader from auth import authorizeBasic from auth import storeBasicCredentials +from auth import nicknameFromBasicAuth testServerAliceRunning = False testServerBobRunning = False @@ -316,6 +317,7 @@ def testAuthentication(): assert storeBasicCredentials(baseDir,nickname,password) authHeader=createBasicAuthHeader(nickname,password) + assert nickname==nicknameFromBasicAuth(authHeader) assert authorizeBasic(baseDir,authHeader) authHeader=createBasicAuthHeader(nickname,password+'1')