path: root/contrib/epee/include/net/http_auth.h

                                              

// Copyright (c) 2014-2019, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
//    conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
//    of conditions and the following disclaimer in the documentation and/or other
//    materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
//    used to endorse or promote products derived from this software without specific
//    prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once

#include <boost/optional/optional.hpp>
#include <boost/utility/string_ref.hpp>
#include <cstdint>
#include <functional>
#include <string>
#include <utility>
#include "wipeable_string.h"
#include "http_base.h"

#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "net.http"

namespace epee
{
namespace net_utils
{
  namespace http
  {
    struct login
    {
      login() : username(), password() {}
      login(std::string username_, wipeable_string password_)
        : username(std::move(username_)), password(std::move(password_))
      {}

      std::string username;
      wipeable_string password;
    };

    //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
    class http_server_auth
    {
    public:
      struct session
      {
        session(login credentials_)
          : credentials(std::move(credentials_)), nonce(), counter(0)
        {}

        login credentials;
        std::string nonce;
        std::uint32_t counter;
      };

      http_server_auth() : user(), rng() {}
      http_server_auth(login credentials, std::function<void(size_t, uint8_t*)> r);

      //! \return Auth response, or `boost::none` iff `request` had valid auth.
      boost::optional<http_response_info> get_response(const http_request_info& request)
      {
        if (user)
          return do_get_response(request);
        return boost::none;
      }

    private:
      boost::optional<http_response_info> do_get_response(const http_request_info& request);

      boost::optional<session> user;

      std::function<void(size_t, uint8_t*)> rng;
    };

    //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
    class http_client_auth
    {
    public:
      enum status : std::uint8_t { kSuccess = 0, kBadPassword, kParseFailure };

      struct session
      {
        session(login credentials_)
          : credentials(std::move(credentials_)), server(), counter(0)
        {}

        struct keys
        {
          using algorithm =
            std::function<std::string(const session&, boost::string_ref, boost::string_ref)>;

          keys() : nonce(), opaque(), realm(), generator() {}
          keys(std::string nonce_, std::string opaque_, std::string realm_, algorithm generator_)
            : nonce(std::move(nonce_))
            , opaque(std::move(opaque_))
            , realm(std::move(realm_))
            , generator(std::move(generator_))
          {}

          std::string nonce;
          std::string opaque;
          std::string realm;
          algorithm generator;
        };

        login credentials;
        keys server;
        std::uint32_t counter;
      };

      http_client_auth() : user() {}
      http_client_auth(login credentials);

      /*!
        Clients receiving a 401 response code from the server should call this
        function to process the server auth. Then, before every client request,
        `get_auth_field()` should be called to retrieve the newest
        authorization request.

        \return `kBadPassword` if client will never be able to authenticate,
          `kParseFailure` if all server authentication responses were invalid,
          and `kSuccess` if `get_auth_field` is ready to generate authorization
          fields.
      */
      status handle_401(const http_response_info& response)
      {
        if (user)
          return do_handle_401(response);
        return kBadPassword;
      }

      /*!
        After calling `handle_401`, clients should call this function to
        generate an authentication field for every request.

        \return A HTTP "Authorization" field if `handle_401(...)` previously
          returned `kSuccess`.
      */
      boost::optional<std::pair<std::string, std::string>> get_auth_field(
        const boost::string_ref method, const boost::string_ref uri)
      {
        if (user)
          return do_get_auth_field(method, uri);
        return boost::none;
      }

    private:
      status do_handle_401(const http_response_info&);
      boost::optional<std::pair<std::string, std::string>> do_get_auth_field(boost::string_ref, boost::string_ref);

      boost::optional<session> user;
    };
  }
}
}
// Copyright (c) 2014-2019, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
//    conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
//    of conditions and the following disclaimer in the documentation and/or other
//    materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
//    used to endorse or promote products derived from this software without specific
//    prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once

#include <boost/optional/optional.hpp>
#include <boost/utility/string_ref.hpp>
#include <cstdint>
#include <functional>
#include <string>
#include <utility>
#include "wipeable_string.h"
#include "http_base.h"

#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "net.http"

namespace epee
{
namespace net_utils
{
  namespace http
  {
    struct login
    {
      login() : username(), password() {}
      login(std::string username_, wipeable_string password_)
        : username(std::move(username_)), password(std::move(password_))
      {}

      std::string username;
      wipeable_string password;
    };

    //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
    class http_server_auth
    {
    public:
      struct session
      {
        session(login credentials_)
          : credentials(std::move(credentials_)), nonce(), counter(0)
        {}

        login credentials;
        std::string nonce;
        std::uint32_t counter;
      };

      http_server_auth() : user(), rng() {}
      http_server_auth(login credentials, std::function<void(size_t, uint8_t*)> r);

      //! \return Auth response, or `boost::none` iff `request` had valid auth.
      boost::optional<http_response_info> get_response(const http_request_info& request)
      {
        if (user)
          return do_get_response(request);
        return boost::none;
      }

    private:
      boost::optional<http_response_info> do_get_response(const http_request_info& request);

      boost::optional<session> user;

      std::function<void(size_t, uint8_t*)> rng;
    };

    //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
    class http_client_auth
    {
    public:
      enum status : std::uint8_t { kSuccess = 0, kBadPassword, kParseFailure };

      struct session
      {
        session(login credentials_)
          : credentials(std::move(credentials_)), server(), counter(0)
        {}

        struct keys
        {
          using algorithm =
            std::function<std::string(const session&, boost::string_ref, boost::string_ref)>;

          keys() : nonce(), opaque(), realm(), generator() {}
          keys(std::string nonce_, std::string opaque_, std::string realm_, algorithm generator_)
            : nonce(std::move(nonce_))
            , opaque(std::move(opaque_))
            , realm(std::move(realm_))
            , generator(std::move(generator_))
          {}

          std::string nonce;
          std::string opaque;
          std::string realm;
          algorithm generator;
        };

        login credentials;
        keys server;
        std::uint32_t counter;
      };

      http_client_auth() : user() {}
      http_client_auth(login credentials);

      /*!
        Clients receiving a 401 response code from the server should call this
        function to process the server auth. Then, before every client request,
        `get_auth_field()` should be called to retrieve the newest
        authorization request.

        \return `kBadPassword` if client will never be able to authenticate,
          `kParseFailure` if all server authentication responses were invalid,
          and `kSuccess` if `get_auth_field` is ready to generate authorization
          fields.
      */
      status handle_401(const http_response_info& response)
      {
        if (user)
          return do_handle_401(response);
        return kBadPassword;
      }

      /*!
        After calling `handle_401`, clients should call this function to
        generate an authentication field for every request.

        \return A HTTP "Authorization" field if `handle_401(...)` previously
          returned `kSuccess`.
      */
      boost::optional<std::pair<std::string, std::string>> get_auth_field(
        const boost::string_ref method, const boost::string_ref uri)
      {
        if (user)
          return do_get_auth_field(method, uri);
        return boost::none;
      }

    private:
      status do_handle_401(const http_response_info&);
      boost::optional<std::pair<std::string, std::string>> do_get_auth_field(boost::string_ref, boost::string_ref);

      boost::optional<session> user;
    };
  }
}
}