basic_authentication v0.2.0 Raxx.BasicAuthentication

Helpers for working with Basic authentication in Raxx applications.

Tests import functions from Raxx, e.g. get_header.

Link to this section Summary

Functions

Extract a clients credentials submitted using the 'Basic' HTTP authentication scheme.

Compares the two binaries in constant-time to avoid timing attacks. See: http://codahale.com/a-lesson-in-timing-attacks/

Add a clients credentials to a request to authenticate it, using the 'Basic' HTTP authentication scheme.

Generate a response to a request that failed to authenticate.

Link to this section Functions

Link to this function

fetch_basic_authentication(request)

Extract a clients credentials submitted using the 'Basic' HTTP authentication scheme.

If authentication of request is not set of invalid an error is returned.

Examples

iex> request(:GET, "/")
...> |> set_header("authorization", "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==")
...> |> fetch_basic_authentication()
{:ok, {"Aladdin", "open sesame"}}

iex> request(:GET, "/")
...> |> fetch_basic_authentication()
{:error, :no_authorization_header}
Link to this function

secure_compare(left, right)

Compares the two binaries in constant-time to avoid timing attacks. See: http://codahale.com/a-lesson-in-timing-attacks/

Link to this function

set_basic_authentication(request, user_id, password)

Add a clients credentials to a request to authenticate it, using the 'Basic' HTTP authentication scheme.

This function will raise an exception if either user_id or password is invalid, see BasicAuthentication.encode_authorization for details.

Examples

iex> request(:GET, "/")
...> |> set_basic_authentication("Aladdin", "open sesame")
...> |> get_header("authorization")
"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
Link to this function

unauthorized(options \\ [])

Generate a response to a request that failed to authenticate.

The response will contain a challenge for the client in the www-authenticate header. Use an unauthorized response to prompt a client into providing basic authentication credentials.

Options

  • realm: describe the protected area. default "Site"
  • charset: default "UTF-8"

Notes

  • The only valid charset is UTF-8; https://tools.ietf.org/html/rfc7617#section-2.1. A nil can be provided to this function to omit the parameter.

  • Validation should be added for the parameter values to ensure they only accept valid values.