From 54c6d3fa3aada272839a431a45318d33dbc6b9e5 Mon Sep 17 00:00:00 2001
From: Ivan Lisenkov <ivan@ivlis.com>
Date: Wed, 30 Jan 2013 00:30:05 +0400
Subject: Implement authorization header parsing

Basic HTTP authorization according to RFC 2617 is implemented.
Added an example of its usage with REST handler.
---
 src/cowboy_http.erl | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/cowboy_req.erl  |  5 +++++
 2 files changed, 64 insertions(+)

(limited to 'src')

diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index 6f42ab9..67d3f70 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -36,6 +36,7 @@
 -export([token/2]).
 -export([token_ci/2]).
 -export([quoted_string/2]).
+-export([authorization/2]).
 
 %% Decoding.
 -export([te_chunked/2]).
@@ -801,6 +802,52 @@ qvalue(<< C, Rest/binary >>, Fun, Q, M)
 qvalue(Data, Fun, Q, _M) ->
 	Fun(Data, Q).
 
+%% @doc Parse user credentials.
+-spec authorization_basic_userid(binary(), fun()) -> any().
+authorization_basic_userid(Data, Fun) ->
+	authorization_basic_userid(Data, Fun, <<>>).
+
+authorization_basic_userid(<<>>, _Fun, _Acc) ->
+	{error, badarg};
+authorization_basic_userid(<<C, _Rest/binary>>, _Fun, Acc)
+		when C < 32; C =:= 127; (C =:=$: andalso Acc =:= <<>>) ->
+	{error, badarg};
+authorization_basic_userid(<<$:, Rest/binary>>, Fun, Acc) ->
+	Fun(Rest, Acc);
+authorization_basic_userid(<<C, Rest/binary>>, Fun, Acc) ->
+	authorization_basic_userid(Rest, Fun, <<Acc/binary, C>>).
+
+-spec authorization_basic_password(binary(), fun()) -> any().
+authorization_basic_password(Data, Fun) ->
+	authorization_basic_password(Data, Fun, <<>>).
+
+authorization_basic_password(<<>>, _Fun, <<>>) ->
+	{error, badarg};
+authorization_basic_password(<<C, _Rest/binary>>, _Fun, _Acc)
+		when C < 32; C=:= 127 ->
+	{error, badarg};
+authorization_basic_password(<<>>, Fun, Acc) ->
+	Fun(Acc);
+authorization_basic_password(<<C, Rest/binary>>, Fun, Acc) ->
+	authorization_basic_password(Rest, Fun, <<Acc/binary, C>>).
+
+%% @doc Parse authorization value according rfc 2617.
+%% Only Basic authorization is supported so far.
+-spec authorization(binary(), binary()) -> {binary(), any()} | {error, badarg}.
+authorization(UserPass, Type = <<"basic">>) -> 
+	cowboy_http:whitespace(UserPass,
+		fun(D) ->
+			authorization_basic_userid(base64:mime_decode(D),
+				fun(Rest, Userid) ->
+					authorization_basic_password(Rest, 
+						fun(Password) -> 
+							{Type, {Userid, Password}}
+						end)
+				end)
+		end);
+authorization(String, Type) ->
+	{Type, String}.
+
 %% Decoding.
 
 %% @doc Decode a stream of chunks.
@@ -1294,4 +1341,16 @@ urlencode_test_() ->
 	 ?_assertEqual(<<"%ff+">>, urlencode(<<255, " ">>))
 	].
 
+http_authorization_test_() ->
+	[?_assertEqual({<<"basic">>, {<<"Alladin">>, <<"open sesame">>}},
+		authorization(<<"QWxsYWRpbjpvcGVuIHNlc2FtZQ==">>, <<"basic">>)),
+	 ?_assertEqual({error, badarg},
+		authorization(<<"dXNlcm5hbWUK">>, <<"basic">>)),
+	 ?_assertEqual({error, badarg},
+		 authorization(<<"_[]@#$%^&*()-AA==">>, <<"basic">>)),
+	 ?_assertEqual({error, badarg},
+		authorization(<<"dXNlcjpwYXNzCA==">>, <<"basic">>))  %% user:pass\010
+	]. 
+
+
 -endif.
diff --git a/src/cowboy_req.erl b/src/cowboy_req.erl
index 4ae28e9..5cb7aa3 100644
--- a/src/cowboy_req.erl
+++ b/src/cowboy_req.erl
@@ -441,6 +441,11 @@ parse_header(Name, Req, Default) when Name =:= <<"accept-language">> ->
 		fun (Value) ->
 			cowboy_http:nonempty_list(Value, fun cowboy_http:language_range/2)
 		end);
+parse_header(Name, Req, Default) when Name =:= <<"authorization">> ->
+	parse_header(Name, Req, Default,
+		fun (Value) ->
+			cowboy_http:token_ci(Value, fun cowboy_http:authorization/2)
+		end);
 parse_header(Name, Req, Default) when Name =:= <<"content-length">> ->
 	parse_header(Name, Req, Default, fun cowboy_http:digits/1);
 parse_header(Name, Req, Default) when Name =:= <<"content-type">> ->
-- 
cgit v1.2.3