Basic HTTP Authentication w/ class-list

Product Discussions aFleX
1 
\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#

#
# aFleX script to provide Basic HTTP Authentication
# without the need for an external database.
#

\# The class-list for authentication is called
\# "cl-passwords" (default) of type "string" and has

# to contain the following data:
# str
#
# For example:
# str user1 13646b618f93e6a6f5c4b9fe11c558955e8956d6
# str user2 28517be59120ec2536f5a7a13f95a0d77d547d1f
#

\# The optional class-list for the URL list is called
\# "cl-url-list" (default) of type "string" and has to

# contain the following data:
# str
#
# For example:
# str /sharepoint
# str /portal
#

\# When the class-list is not configured every request
\# will be authenticated.

#

\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#

when RULE\_INIT \{

set ::DEBUG 0
  set ::REALM “Password Required”
  set ::URLLIST “cl-url-list”
  set ::PASSWORDS “cl-passwords”

\}

when HTTP\_REQUEST \{

set AUTHENTICATE 0

  set URI [string tolower [HTTP::uri]]  
  if \{ $::DEBUG == 1 \} \{ log "Start AUTHENTICATE: $AUTHENTICATE URI: $URI" \}
  if \{ $::URLLIST eq "" \} \{

set AUTHENTICATE 1

    if \{ $::DEBUG == 1 \} \{ log "Empty URLLIST AUTHENTICATE: $AUTHENTICATE URI: $URI" \}
  \} elseif \{ [CLASS::match $URI starts\_with $::URLLIST] \} \{

set AUTHENTICATE 1

    if \{ $::DEBUG == 1 \} \{ log "Class-list match AUTHENTICATE: $AUTHENTICATE URI: $URI" \}
  \}

  if \{ $AUTHENTICATE == 1 \} \{
    if \{ [HTTP::header exists "Authorization"] \} \{
      set encoded\_header [HTTP::header "Authorization"]
      regexp -nocase \{Basic (.\*)\} $encoded\_header tmpmatch encoded\_string
      set decoded\_string [b64decode $encoded\_string]
      regexp -nocase \{(.\*):(.\*)\} $decoded\_string tmpmatch auth\_user auth\_passwd
      if \{ [CLASS::match $auth\_user equals $::PASSWORDS] \} \{
        set stored\_passwd [CLASS::match $auth\_user equals $::PASSWORDS value]
        set auth\_passwd\_sha1 [sha1 $auth\_passwd\_clear]
        if \{ $auth\_passwd ne $stored\_passwd \} \{
          HTTP::respond 401 WWW-Authenticate "Basic realm=\\"$::REALM\\""
        \}
      \} else \{
        HTTP::respond 401 WWW-Authenticate "Basic realm=\\"$::REALM\\""
      \}
    \} else \{
      HTTP::respond 401 WWW-Authenticate "Basic realm=\\"$::REALM\\""
    \}
  \}
\}
2

File attached.