commit 1ea9f063b6472271336bf225665aea4dc17c7d77
author Ed Tanous <ed.tanous@intel.com> Tue Mar 27 17:45:20 2018 -0700
committer Ed Tanous <ed.tanous@intel.com> Sun Apr 22 18:16:47 2018 +0000
tree 38f8559e9681729f7437259f94cee7bbf7d89fab
parent bae064e493fcf02c233b0ec37666c31b9158cb09

Make middleware try other auth types on auth failure

This commit makes the authentication middleware attempt other auth
mechanisms if available from the user.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Tested By: Phosphor webui launches and logs in.  Redfish endpoints now
work with a cookie present.

Change-Id: I7c11d4b5eb3c32c8e2b9ba348b70a55bfb72bd4e

include/token_authorization_middleware.hpp

diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp
index c89dcdd..59e9cca 100644
--- a/include/token_authorization_middleware.hpp
+++ b/include/token_authorization_middleware.hpp
@@ -26,20 +26,20 @@
       return;
     }
 
-    if (req.headers.count("X-Auth-Token") == 1) {
-      ctx.session = perform_xtoken_auth(req);
-    } else if (req.headers.count("Cookie") == 1) {
+    ctx.session = perform_xtoken_auth(req);
+
+    if (ctx.session == nullptr) {
       ctx.session = perform_cookie_auth(req);
-    } else {
-      std::string auth_header = req.get_header_value("Authorization");
-      if (auth_header != "") {
-        // Reject any kind of auth other than basic or token
-        if (boost::starts_with(auth_header, "Token ")) {
-          ctx.session = perform_token_auth(auth_header);
-        } else if (boost::starts_with(auth_header, "Basic ")) {
-          ctx.session = perform_basic_auth(auth_header);
-        }
-      }
+    }
+
+    const std::string& auth_header = req.get_header_value("Authorization");
+    // Reject any kind of auth other than basic or token
+    if (ctx.session == nullptr && boost::starts_with(auth_header, "Token ")) {
+      ctx.session = perform_token_auth(auth_header);
+    }
+
+    if (ctx.session == nullptr && boost::starts_with(auth_header, "Basic ")) {
+      ctx.session = perform_basic_auth(auth_header);
     }
 
     if (ctx.session == nullptr) {
@@ -119,7 +119,10 @@
       const crow::request& req) const {
     CROW_LOG_DEBUG << "[AuthMiddleware] X-Auth-Token authentication";
 
-    auto& token = req.get_header_value("X-Auth-Token");
+    const std::string& token = req.get_header_value("X-Auth-Token");
+    if (token.empty()) {
+      return nullptr;
+    }
     auto session = PersistentData::session_store->login_session_by_token(token);
     return session;
   }
@@ -129,6 +132,9 @@
     CROW_LOG_DEBUG << "[AuthMiddleware] Cookie authentication";
 
     auto& cookie_value = req.get_header_value("Cookie");
+    if (cookie_value.empty()) {
+      return nullptr;
+    }
 
     auto start_index = cookie_value.find("SESSION=");
     if (start_index == std::string::npos) {