Skip to content

HTTP Basic Auth implementation #1569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 25, 2018
Merged

HTTP Basic Auth implementation #1569

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion Foundation/URLAuthenticationChallenge.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public protocol URLAuthenticationChallengeSender : NSObjectProtocol {
*/
func performDefaultHandling(for challenge: URLAuthenticationChallenge)


/*!
@method rejectProtectionSpaceAndContinueWithChallenge:
*/
Expand Down Expand Up @@ -192,3 +192,26 @@ open class URLAuthenticationChallenge : NSObject, NSSecureCoding {
}
}
}

extension _HTTPURLProtocol : URLAuthenticationChallengeSender {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must add NSUnimplemented() or fatalError() with a message to these empty methods.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done ..Thanks


func cancel(_ challenge: URLAuthenticationChallenge) {
NSUnimplemented()
}

func continueWithoutCredential(for challenge: URLAuthenticationChallenge) {
NSUnimplemented()
}

func use(_ credential: URLCredential, for challenge: URLAuthenticationChallenge) {
NSUnimplemented()
}

func performDefaultHandling(for challenge: URLAuthenticationChallenge) {
NSUnimplemented()
}

func rejectProtectionSpaceAndContinue(with challenge: URLAuthenticationChallenge) {
NSUnimplemented()
}
}
6 changes: 5 additions & 1 deletion Foundation/URLSession/NativeProtocol.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,11 @@ internal class _NativeProtocol: URLProtocol, _EasyHandleDelegate {
}

self.internalState = .transferReady(createTransferState(url: url, workQueue: t.workQueue))
configureEasyHandle(for: request)
if let authRequest = task?.authRequest {
configureEasyHandle(for: authRequest)
} else {
configureEasyHandle(for: request)
}
if (t.suspendCount) < 1 {
resume()
}
Expand Down
80 changes: 79 additions & 1 deletion Foundation/URLSession/URLSessionTask.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,14 @@ open class URLSessionTask : NSObject, NSCopying {
open private(set) var taskIdentifier: Int

/// May be nil if this is a stream task

/*@NSCopying*/ open private(set) var originalRequest: URLRequest?

/// If there's an authentication failure, we'd need to create a new request with the credentials supplied by the user
var authRequest: URLRequest? = nil

/// Authentication failure count
fileprivate var previousFailureCount = 0

/// May differ from originalRequest due to http server redirection
/*@NSCopying*/ open internal(set) var currentRequest: URLRequest? {
Expand Down Expand Up @@ -539,9 +546,38 @@ extension _ProtocolClient : URLProtocolClient {
}
}

func createProtectionSpace(_ response: HTTPURLResponse) -> URLProtectionSpace? {
let host = response.url?.host ?? ""
let port = response.url?.port ?? 80 //we're doing http
let _protocol = response.url?.scheme
if response.allHeaderFields["WWW-Authenticate"] != nil {
let wwwAuthHeaderValue = response.allHeaderFields["WWW-Authenticate"] as! String
let authMethod = wwwAuthHeaderValue.components(separatedBy: " ")[0]
let realm = String(String(wwwAuthHeaderValue.components(separatedBy: "realm=")[1].dropFirst()).dropLast())
return URLProtectionSpace(host: host, port: port, protocol: _protocol, realm: realm, authenticationMethod: authMethod)
} else {
return nil
}
}

func urlProtocolDidFinishLoading(_ protocol: URLProtocol) {
guard let task = `protocol`.task else { fatalError() }
guard let session = task.session as? URLSession else { fatalError() }
guard let response = task.response as? HTTPURLResponse else { fatalError("No response") }
if response.statusCode == 401 {
if let protectionSpace = createProtectionSpace(response) {
//TODO: Fetch and set proposed credentials if they exist
let authenticationChallenge = URLAuthenticationChallenge(protectionSpace: protectionSpace, proposedCredential: nil,
previousFailureCount: task.previousFailureCount, failureResponse: response, error: nil,
sender: `protocol` as! _HTTPURLProtocol)
task.previousFailureCount += 1
urlProtocol(`protocol`, didReceive: authenticationChallenge)
return
} else {
let urlError = URLError(_nsError: NSError(domain: NSURLErrorDomain, code: NSURLErrorUserAuthenticationRequired, userInfo: nil))
urlProtocol(`protocol`, didFailWithError: urlError)
}
}
switch session.behaviour(for: task) {
case .taskDelegate(let delegate):
if let downloadDelegate = delegate as? URLSessionDownloadDelegate, let downloadTask = task as? URLSessionDownloadTask {
Expand Down Expand Up @@ -586,7 +622,24 @@ extension _ProtocolClient : URLProtocolClient {
}

func urlProtocol(_ protocol: URLProtocol, didReceive challenge: URLAuthenticationChallenge) {
NSUnimplemented()
guard let task = `protocol`.task else { fatalError("Received response, but there's no task.") }
guard let session = task.session as? URLSession else { fatalError("Task not associated with URLSession.") }
switch session.behaviour(for: task) {
case .taskDelegate(let delegate):
session.delegateQueue.addOperation {
let authScheme = challenge.protectionSpace.authenticationMethod
delegate.urlSession(session, task: task, didReceive: challenge) { disposition, credential in
task.suspend()
guard let handler = URLSessionTask.authHandler(for: authScheme) else {
fatalError("\(authScheme) is not supported")
}
handler(task, disposition, credential)
task._protocol = _HTTPURLProtocol(task: task, cachedResponse: nil, client: nil)
task.resume()
}
}
default: return
}
}

func urlProtocol(_ protocol: URLProtocol, didLoad data: Data) {
Expand Down Expand Up @@ -653,6 +706,31 @@ extension _ProtocolClient : URLProtocolClient {
NSUnimplemented()
}
}
extension URLSessionTask {
typealias _AuthHandler = ((URLSessionTask, URLSession.AuthChallengeDisposition, URLCredential?) -> ())

static func authHandler(for authScheme: String) -> _AuthHandler? {
let handlers: [String : _AuthHandler] = [
"Basic" : basicAuth,
"Digest": digestAuth
]
return handlers[authScheme]
}

//Authentication handlers
static func basicAuth(_ task: URLSessionTask, _ disposition: URLSession.AuthChallengeDisposition, _ credential: URLCredential?) {
//TODO: Handle disposition. For now, we default to .useCredential
let user = credential?.user ?? ""
let password = credential?.password ?? ""
let encodedString = "\(user):\(password)".data(using: .utf8)?.base64EncodedString()
task.authRequest = task.originalRequest
task.authRequest?.setValue("Basic \(encodedString!)", forHTTPHeaderField: "Authorization")
}

static func digestAuth(_ task: URLSessionTask, _ disposition: URLSession.AuthChallengeDisposition, _ credential: URLCredential?) {
NSUnimplemented()
}
}

extension URLProtocol {
enum _PropertyKey: String {
Expand Down
2 changes: 1 addition & 1 deletion Foundation/URLSession/http/HTTPURLProtocol.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ internal class _HTTPURLProtocol: _NativeProtocol {
httpHeaders = hh
}

if let hh = self.task?.originalRequest?.allHTTPHeaderFields {
if let hh = request.allHTTPHeaderFields {
if httpHeaders == nil {
httpHeaders = hh
} else {
Expand Down
51 changes: 48 additions & 3 deletions TestFoundation/HTTPServer.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,7 @@ class _TCPSocket {
class _HTTPServer {

let socket: _TCPSocket
var willReadAgain = false
var port: UInt16 {
get {
return self.socket.port
Expand All @@ -202,8 +203,10 @@ class _HTTPServer {
}

public func stop() {
socket.closeClient()
socket.shutdownListener()
if !willReadAgain {
socket.closeClient()
socket.shutdownListener()
}
}

public func request() throws -> _HTTPRequest {
Expand Down Expand Up @@ -282,6 +285,34 @@ class _HTTPServer {
try self.socket.writeRawData(responseData)
}

func respondWithAuthResponse(uri: String, firstRead: Bool) throws {
let responseData: Data
if firstRead {
responseData = ("HTTP/1.1 401 UNAUTHORIZED \r\n" +
"Content-Length: 0\r\n" +
"WWW-Authenticate: Basic realm=\"Fake Relam\"\r\n" +
"Access-Control-Allow-Origin: *\r\n" +
"Access-Control-Allow-Credentials: true\r\n" +
"Via: 1.1 vegur\r\n" +
"Cache-Control: proxy-revalidate\r\n" +
"Connection: keep-Alive\r\n" +
"\r\n").data(using: .utf8)!
} else {
responseData = ("HTTP/1.1 200 OK \r\n" +
"Content-Length: 37\r\n" +
"Content-Type: application/json\r\n" +
"Access-Control-Allow-Origin: *\r\n" +
"Access-Control-Allow-Credentials: true\r\n" +
"Via: 1.1 vegur\r\n" +
"Cache-Control: proxy-revalidate\r\n" +
"Connection: keep-Alive\r\n" +
"\r\n" +
"{\"authenticated\":true,\"user\":\"user\"}\n").data(using: .utf8)!
}
try self.socket.writeRawData(responseData)
}


}

struct _HTTPRequest {
Expand Down Expand Up @@ -395,11 +426,22 @@ public class TestURLSessionServer {
} else {
try httpServer.respond(with: _HTTPResponse(response: .NOTFOUND, body: "Not Found"))
}
} else if req.uri.hasPrefix("/auth") {
httpServer.willReadAgain = true
try httpServer.respondWithAuthResponse(uri: req.uri, firstRead: true)
} else {
try httpServer.respond(with: process(request: req), startDelay: self.startDelay, sendDelay: self.sendDelay, bodyChunks: self.bodyChunks)
}
}

public func readAndRespondAgain() throws {
let req = try httpServer.request()
if req.uri.hasPrefix("/auth/") {
try httpServer.respondWithAuthResponse(uri: req.uri, firstRead: false)
}
httpServer.willReadAgain = false
}

func process(request: _HTTPRequest) -> _HTTPResponse {
if request.method == .GET || request.method == .POST || request.method == .PUT {
return getResponse(request: request)
Expand Down Expand Up @@ -559,12 +601,15 @@ class LoopbackServerTest : XCTestCase {
do {
try server.httpServer.listen(notify: condition)
try server.readAndRespond()
if server.httpServer.willReadAgain {
try server.httpServer.listen(notify: condition)
try server.readAndRespondAgain()
}
server.httpServer.socket.closeClient()
} catch {
}
}
serverPort = -2

}

globalDispatchQueue.async {
Expand Down
15 changes: 15 additions & 0 deletions TestFoundation/TestURLSession.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ class TestURLSession : LoopbackServerTest {
("test_setCookies", test_setCookies),
("test_dontSetCookies", test_dontSetCookies),
("test_initURLSessionConfiguration", test_initURLSessionConfiguration),
("test_basicAuthRequest", test_basicAuthRequest),
]
}

Expand Down Expand Up @@ -642,6 +643,14 @@ class TestURLSession : LoopbackServerTest {
XCTAssertEqual(config.urlCredentialStorage, nil)
XCTAssertEqual(config.urlCache, nil)
XCTAssertEqual(config.shouldUseExtendedBackgroundIdleMode, true)
}

func test_basicAuthRequest() {
let urlString = "http://127.0.0.1:\(TestURLSession.serverPort)/auth/basic"
let url = URL(string: urlString)!
let d = DataTask(with: expectation(description: "GET \(urlString): with a delegate"))
d.run(with: url)
waitForExpectations(timeout: 60)
}
}

Expand Down Expand Up @@ -791,6 +800,12 @@ extension DataTask : URLSessionTaskDelegate {
}
self.error = true
}

public func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge:
URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition,
URLCredential?) -> Void) {
completionHandler(.useCredential, URLCredential(user: "user", password: "passwd", persistence: .none))
}
}

class DownloadTask : NSObject {
Expand Down