MCPcopy
hub / github.com/caddyserver/caddy / Authenticate

Method Authenticate

modules/caddyhttp/caddyauth/basicauth.go:143–163  ·  view source on GitHub ↗

Authenticate validates the user credentials in req and returns the user, if valid.

(w http.ResponseWriter, req *http.Request)

Source from the content-addressed store, hash-verified

141
142// Authenticate validates the user credentials in req and returns the user, if valid.
143func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) (User, bool, error) {
144 username, plaintextPasswordStr, ok := req.BasicAuth()
145 if !ok {
146 return hba.promptForCredentials(w, nil)
147 }
148
149 account, accountExists := hba.Accounts[username]
150 if !accountExists {
151 // don't return early if account does not exist; we want
152 // to try to avoid side-channels that leak existence, so
153 // we use a fake password to simulate realistic CPU cycles
154 account.password = hba.fakePassword
155 }
156
157 same, err := hba.correctPassword(account, []byte(plaintextPasswordStr))
158 if err != nil || !same || !accountExists {
159 return hba.promptForCredentials(w, err)
160 }
161
162 return User{ID: username}, true, nil
163}
164
165func (hba HTTPBasicAuth) correctPassword(account Account, plaintextPassword []byte) (bool, error) {
166 compare := func() (bool, error) {

Callers

nothing calls this directly

Calls 2

promptForCredentialsMethod · 0.95
correctPasswordMethod · 0.95

Tested by

no test coverage detected