(r *http.Request, guiCfg config.GUIConfiguration, ldapCfg config.LDAPConfiguration, evLogger events.Logger)
| 200 | } |
| 201 | |
| 202 | func attemptBasicAuth(r *http.Request, guiCfg config.GUIConfiguration, ldapCfg config.LDAPConfiguration, evLogger events.Logger) (string, bool) { |
| 203 | username, password, ok := r.BasicAuth() |
| 204 | if !ok { |
| 205 | return "", false |
| 206 | } |
| 207 | |
| 208 | slog.Debug("Sessionless HTTP request with authentication; this is expensive.") |
| 209 | |
| 210 | if auth(username, password, guiCfg, ldapCfg) { |
| 211 | return username, true |
| 212 | } |
| 213 | |
| 214 | usernameFromIso := string(iso88591ToUTF8([]byte(username))) |
| 215 | passwordFromIso := string(iso88591ToUTF8([]byte(password))) |
| 216 | if auth(usernameFromIso, passwordFromIso, guiCfg, ldapCfg) { |
| 217 | return usernameFromIso, true |
| 218 | } |
| 219 | |
| 220 | emitLoginAttempt(false, username, r, evLogger) |
| 221 | antiBruteForceSleep() |
| 222 | return "", false |
| 223 | } |
| 224 | |
| 225 | func (m *basicAuthAndSessionMiddleware) handleLogout(w http.ResponseWriter, r *http.Request) { |
| 226 | m.tokenCookieManager.destroySession(w, r) |
no test coverage detected