summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorRoland Reichwein <mail@reichwein.it>2020-05-20 18:22:59 +0200
committerRoland Reichwein <mail@reichwein.it>2020-05-20 18:22:59 +0200
commit5408976a072ee79df77499e2dfbc69c4cfd5d266 (patch)
tree7edbf86f0f89b2eb6b12cb2d30d24e2f02fa402d
parentb15c034bfb19a30e2e2d68f28bc4ce199a39069d (diff)
Webbox: Fix auth popup on certain browsers
-rw-r--r--TODO1
-rw-r--r--debian/changelog1
-rw-r--r--plugins/webbox/html/webbox.js12
-rw-r--r--response.cpp16
4 files changed, 13 insertions, 17 deletions
diff --git a/TODO b/TODO
index 94643d5..7072663 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,3 @@
-Fix auth on Chrome and Android/Samsung browser
git via smart http / cgi
git via web interface
php
diff --git a/debian/changelog b/debian/changelog
index 14d0006..4f31c53 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ webserver (1.7) UNRELEASED; urgency=medium
* Omit PEM file reload. Access to files is denied because of dropped privileges.
* Bugfix: Keep FCGI connections open
* Weekly Certificate reload via systemd service restart
+ * Webbox: Fixed redundant auth popup on certain browsers
-- Roland Reichwein <rr@antcom.de> Sun, 17 May 2020 14:31:36 +0200
diff --git a/plugins/webbox/html/webbox.js b/plugins/webbox/html/webbox.js
index 9b3a486..54adeaf 100644
--- a/plugins/webbox/html/webbox.js
+++ b/plugins/webbox/html/webbox.js
@@ -321,17 +321,7 @@ function initMainpage() {
}
if (this.status == 401) { // login error: goto login page
var authheader = this.getResponseHeader("WWW-Authenticate");
- var title = "Webbox";
- // For web servers with standard AUTH BASIC, triggering problems in
- // client browsers, popping up the browser's "Authenticate" window
- // but we want our own
- if (authheader.startsWith("Basic realm=\"") && authheader.endsWith("\"")) {
- title = authheader.substr(13, authheader.length - 14);
- } else
- // Fixed up Apache server
- if (authheader.startsWith("SR_Basic realm=\"") && authheader.endsWith("\"")) {
- title = authheader.substr(16, authheader.length - 17);
- }
+ var title = "Webbox Login";
// enable logout function if logging in
document.getElementById("logoutcommand").style.display = "table-row";
diff --git a/response.cpp b/response.cpp
index a5fb8c3..67cb322 100644
--- a/response.cpp
+++ b/response.cpp
@@ -209,8 +209,7 @@ response_type HttpStatus(std::string status, std::string message, response_type&
if (status != "200") { // already handled at res init
res.result(unsigned(stoul(status)));
res.set(http::field::content_type, "text/html");
- if (res.result_int() == 401)
- res.set(http::field::www_authenticate, "Basic realm=\"Webbox Login\"");
+
res.body() = "<html><body><h1>"s + Server::VersionString + " Error</h1><p>"s + status + " "s + message + "</p></body></html>"s;
res.prepare_payload();
}
@@ -249,14 +248,14 @@ response_type generate_response(request_type& req, Server& server)
if (auth.size() != 0) {
std::string authorization{req[http::field::authorization]};
if (authorization.substr(0, 6) != "Basic "s)
- return HttpStatusAndStats("401", "Bad Authorization Type", req_ctx, res);
+ return HttpStatusAndStats("400", "Bad Authorization Type", req_ctx, res);
authorization = authorization.substr(6);
authorization = decode64(authorization);
size_t pos {authorization.find(':')};
if (pos == authorization.npos)
- return HttpStatusAndStats("401", "Bad Authorization Encoding", req_ctx, res);
+ return HttpStatusAndStats("400", "Bad Authorization Encoding", req_ctx, res);
std::string login{authorization.substr(0, pos)};
std::string password{authorization.substr(pos + 1)};
@@ -264,8 +263,15 @@ response_type generate_response(request_type& req, Server& server)
auto it {auth.find(login)};
// it.second contains crypted/hash
// password is plain text to validate against the hash
- if (it == auth.end() || !Auth::validate(it->second, password))
+ if (it == auth.end() || !Auth::validate(it->second, password)) {
+
+ // For now, WWW-Authenticate: Basic realm="..." will only be generated for static-files.
+ // All other plugins are expected to present their own login pages
+ if (req_ctx.GetPluginName() == "static-files")
+ res.set(http::field::www_authenticate, "Basic realm=\"Webbox Login\"");
+
return HttpStatusAndStats("401", "Bad Authorization", req_ctx, res);
+ }
}
plugin_type plugin{req_ctx.GetPlugin()};