Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
struct dispatch_handler *d;
struct blob_attr *tb[__HDR_MAX];
struct path_info *pi;
struct dispatch_handler *d;
struct blob_attr *tb[__HDR_MAX];
struct path_info *pi;
+ char *user, *pass, *auth;
pi = uh_path_lookup(cl, url);
if (!pi)
pi = uh_path_lookup(cl, url);
if (!pi)
return true;
blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
return true;
blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
- if (tb[HDR_AUTHORIZATION]) {
- if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass))
- return true;
- if (user && pass) {
- blobmsg_add_string(&cl->hdr, "http-auth-user", user);
- blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
- }
+ auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL;
+
+ if (!uh_auth_check(cl, pi->name, auth, &user, &pass))
+ return true;
+
+ if (user && pass) {
+ blobmsg_add_string(&cl->hdr, "http-auth-user", user);
+ blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
}
d = dispatch_find(url, pi);
}
d = dispatch_find(url, pi);