This module provides the basics to validate an HTTP Authorization
header. User and password information are read from a Unix/Apache
compatible password file.
This library provides, in addition to the HTTP authentication,
predicates to read and write password files.
- http_authenticate(+Type,
+Request, -Fields)
- True if Request contains the information to continue
according to Type. Type identifies the required
authentication technique:
- basic(+PasswordFile)
- Use HTTP
Basic authetication and verify the password from PasswordFile. PasswordFile
is a file holding usernames and passwords in a format compatible to Unix
and Apache. Each line is record with : separated fields.
The first field is the username and the second the password hash.
Password hashes are validated using crypt/2.
Successful authorization is cached for 60 seconds to avoid overhead
of decoding and lookup of the user and password data.
http_authenticate/3
just validates the header. If authorization is not provided the browser
must be challenged, in response to which it normally opens a
user-password dialogue. Example code realising this is below. The
exception causes the HTTP wrapper code to generate an HTTP 401 reply.
( http_authenticate(basic(passwd), Request, Fields)
-> true
; throw(http_reply(authorise(basic, Realm)))
).
| Fields | is a list of fields from the
password-file entry. The first element is the user. The hash is skipped. |
- To be done
- Should we also cache failures to reduce the risc of DoS attacks?
- [semidet]http_authorization_data(+AuthorizeText,
?Data)
- Decode the HTTP
Authorization header. Data is a
term
Method(User, Password)
where Method is the (downcased) authorization method (typically
basic), User is an atom holding the user name and Password
is a list of codes holding the password
- [nondet]http_current_user(+File,
?User, ?Fields)
- True when User is present in the htpasswd file File
and Fields provides the additional fields.
| Fields | are the fields from the password file File,
converted using name/2, which means that
numeric values are passed as numbers and other fields as atoms. The
password hash is the first element of Fields and is a string. |
- [det]http_read_passwd_file(+Path,
-Data)
- Read a password file. Data is a list of terms of the format
below, where User is an atom identifying the user, Hash is a string
containing the salted password hash and Fields contain additional
fields. The string value of each field is converted using name/2
to either a number or an atom.
passwd(User, Hash, Fields)
- [det]http_write_passwd_file(+File,
+Data:list)
- Write password data Data to File. Data
is a list of entries as below. See http_read_passwd_file/2
for details.
passwd(User, Hash, Fields)
- To be done
- Write to a new file and atomically replace the old one.
- [multifile]http:authenticate(+AuthData,
+Request, -Fields)
- Plugin for
library(http_dispatch) to perform basic HTTP
authentication.
This predicate throws http_reply(authorise(basic, Realm)).
| AuthData | must be a term basic(File, Realm) |
| Request | is the HTTP request |
| Fields | describes the authenticated user with
the option
user(User) and with the option user_details(Fields)
if the password file contains additional fields after the user and
password. |
