basic_authentication v0.2.0 Raxx.BasicAuthentication
Helpers for working with Basic authentication in Raxx applications.
Tests import functions from Raxx
, e.g. get_header
.
Link to this section Summary
Functions
Extract a clients credentials submitted using the 'Basic' HTTP authentication scheme.
Compares the two binaries in constant-time to avoid timing attacks. See: http://codahale.com/a-lesson-in-timing-attacks/
Add a clients credentials to a request to authenticate it, using the 'Basic' HTTP authentication scheme.
Generate a response to a request that failed to authenticate.
Link to this section Functions
fetch_basic_authentication(request)
Extract a clients credentials submitted using the 'Basic' HTTP authentication scheme.
If authentication of request is not set of invalid an error is returned.
Examples
iex> request(:GET, "/")
...> |> set_header("authorization", "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==")
...> |> fetch_basic_authentication()
{:ok, {"Aladdin", "open sesame"}}
iex> request(:GET, "/")
...> |> fetch_basic_authentication()
{:error, :no_authorization_header}
secure_compare(left, right)
Compares the two binaries in constant-time to avoid timing attacks. See: http://codahale.com/a-lesson-in-timing-attacks/
set_basic_authentication(request, user_id, password)
Add a clients credentials to a request to authenticate it, using the 'Basic' HTTP authentication scheme.
This function will raise an exception if either user_id or password is invalid,
see BasicAuthentication.encode_authorization
for details.
Examples
iex> request(:GET, "/")
...> |> set_basic_authentication("Aladdin", "open sesame")
...> |> get_header("authorization")
"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
unauthorized(options \\ [])
Generate a response to a request that failed to authenticate.
The response will contain a challenge for the client in the www-authenticate
header.
Use an unauthorized response to prompt a client into providing basic authentication credentials.
Options
- realm: describe the protected area. default
"Site"
- charset: default
"UTF-8"
Notes
The only valid charset is
UTF-8
; https://tools.ietf.org/html/rfc7617#section-2.1. Anil
can be provided to this function to omit the parameter.Validation should be added for the parameter values to ensure they only accept valid values.