Merge pull request #18 from artiomn/base-auth-fix

aptalca · web-flow · commit ed9b6e7a29ff · 2019-07-01T21:40:45.000-04:00
Non-working HTTP basic authentication was fixed
diff --git a/README.md b/README.md
@@ -157,6 +157,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **01.07.19:** - Fall back to base64 encoding when basic http auth is used.
 * **28.06.19:** - Rebasing to alpine 3.10.
 * **23.03.19:** - Switching to new Base images, shift to arm32v7 tag.
 * **22.02.19:** - Rebasing to alpine 3.9.
diff --git a/readme-vars.yml b/readme-vars.yml
@@ -34,6 +34,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "01.07.19:", desc: "Fall back to base64 encoding when basic http auth is used." }
   - { date: "28.06.19:", desc: "Rebasing to alpine 3.10." }
   - { date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag." }
   - { date: "22.02.19:", desc: "Rebasing to alpine 3.9." }
diff --git a/root/app/nginx-ldap-auth-daemon.py b/root/app/nginx-ldap-auth-daemon.py
@@ -9,6 +9,7 @@
 import sys, os, signal, base64, ldap, Cookie, argparse
 from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
 from cryptography.fernet import Fernet
+from cryptography.fernet import InvalidToken
 
 #Listen = ('localhost', 8888)
 #Listen = "/tmp/auth.sock"    # Also uncomment lines in 'Requests are
@@ -74,11 +75,16 @@ def do_GET(self):
 
         try:
             cipher_suite = Fernet('REPLACEWITHFERNETKEY')
+            self.log_message('Trying to dechipher credentials...')
             auth_decoded = cipher_suite.decrypt(auth_header[6:])
             user, passwd = auth_decoded.split(':', 1)
-
-        except:
+        except InvalidToken:
+            self.log_message('Incorrect token. Trying to decode credentials from BASE64...')
+            auth_decoded = base64.b64decode(auth_header[6:])
+            user, passwd = auth_decoded.split(':', 1)
+        except Exception as e:
             self.auth_failed(ctx)
+            self.log_error(e)
             return True
 
         ctx['user'] = user
@@ -245,8 +251,10 @@ def do_GET(self):
             self.send_response(200)
             self.end_headers()
 
-        except:
+        except Exception as e:
             self.auth_failed(ctx)
+            self.log_error(str(e))
+            raise
 
 def exit_handler(signal, frame):
     global Listen
