| 23 | } |
| 24 | |
| 25 | ApiUser::Ptr ApiUser::GetByAuthHeader(const String& auth_header) |
| 26 | { |
| 27 | String::SizeType pos = auth_header.FindFirstOf(" "); |
| 28 | String username, password; |
| 29 | |
| 30 | if (pos != String::NPos && auth_header.SubStr(0, pos) == "Basic") { |
| 31 | String credentials_base64 = auth_header.SubStr(pos + 1); |
| 32 | String credentials = Base64::Decode(credentials_base64); |
| 33 | |
| 34 | String::SizeType cpos = credentials.FindFirstOf(":"); |
| 35 | |
| 36 | if (cpos != String::NPos) { |
| 37 | username = credentials.SubStr(0, cpos); |
| 38 | password = credentials.SubStr(cpos + 1); |
| 39 | } |
| 40 | } |
| 41 | |
| 42 | const ApiUser::Ptr& user = ApiUser::GetByName(username); |
| 43 | |
| 44 | /* Deny authentication if: |
| 45 | * 1) user does not exist |
| 46 | * 2) given password is empty |
| 47 | * 2) configured password does not match. |
| 48 | */ |
| 49 | if (!user || password.IsEmpty()) |
| 50 | return nullptr; |
| 51 | else if (user && !Utility::ComparePasswords(password, user->GetPassword())) |
| 52 | return nullptr; |
| 53 | |
| 54 | return user; |
| 55 | } |
nothing calls this directly
no test coverage detected