distribution/registry/auth/basic/htpasswd.go

package basic

import (
	"crypto/sha1"
	"encoding/base64"
	"encoding/csv"
	"errors"
	"os"
)

// ErrSHARequired - returned in error field of challenge when the htpasswd was not made using SHA1 algorithm.
// 	            (SHA1 is considered obsolete but the alternative for htpasswd is MD5, or system crypt...)
var ErrSHARequired = errors.New("htpasswd file must use SHA (htpasswd -s)")

// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it.
type HTPasswd struct {
	path   string
	reader *csv.Reader
}

// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file.
func NewHTPasswd(htpath string) *HTPasswd {
	return &HTPasswd{path: htpath}
}

// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file.
func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) {

	// Hash the credential.
	sha := sha1.New()
	sha.Write([]byte(pwd))
	hash := base64.StdEncoding.EncodeToString(sha.Sum(nil))

	// Open the file.
	in, err := os.Open(htpasswd.path)
	if err != nil {
		return false, err
	}

	// Parse the contents of the standard .htpasswd until we hit the end or find a match.
	reader := csv.NewReader(in)
	reader.Comma = ':'
	reader.Comment = '#'
	reader.TrimLeadingSpace = true
	for entry, readerr := reader.Read(); entry != nil || readerr != nil; entry, readerr = reader.Read() {
		if entry[0] == user {
			if len(entry[1]) < 6 || entry[1][0:5] != "{SHA}" {
				return false, ErrSHARequired
			}
			return entry[1][5:] == hash, nil
		}
	}
	return false, nil
}
Implementation of a basic authentication scheme using standard .htpasswd files Signed-off-by: BadZen <dave.trombley@gmail.com> Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-21 19:57:12 +00:00			`package basic`

			`import (`
			`"crypto/sha1"`
			`"encoding/base64"`
			`"encoding/csv"`
			`"errors"`
			`"os"`
			`)`

Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-22 14:35:59 +00:00			`// ErrSHARequired - returned in error field of challenge when the htpasswd was not made using SHA1 algorithm.`
			`// (SHA1 is considered obsolete but the alternative for htpasswd is MD5, or system crypt...)`
Implementation of a basic authentication scheme using standard .htpasswd files Signed-off-by: BadZen <dave.trombley@gmail.com> Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-21 19:57:12 +00:00			`var ErrSHARequired = errors.New("htpasswd file must use SHA (htpasswd -s)")`

Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-22 14:35:59 +00:00			`// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it.`
Implementation of a basic authentication scheme using standard .htpasswd files Signed-off-by: BadZen <dave.trombley@gmail.com> Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-21 19:57:12 +00:00			`type HTPasswd struct {`
			`path string`
			`reader *csv.Reader`
			`}`

Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-22 14:35:59 +00:00			`// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file.`
Implementation of a basic authentication scheme using standard .htpasswd files Signed-off-by: BadZen <dave.trombley@gmail.com> Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-21 19:57:12 +00:00			`func NewHTPasswd(htpath string) *HTPasswd {`
			`return &HTPasswd{path: htpath}`
			`}`

Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-22 14:35:59 +00:00			`// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file.`
Implementation of a basic authentication scheme using standard .htpasswd files Signed-off-by: BadZen <dave.trombley@gmail.com> Signed-off-by: Dave Trombley <dave.trombley@gmail.com> 2015-04-21 19:57:12 +00:00			`func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) {`

			`// Hash the credential.`
			`sha := sha1.New()`
			`sha.Write([]byte(pwd))`
			`hash := base64.StdEncoding.EncodeToString(sha.Sum(nil))`

			`// Open the file.`
			`in, err := os.Open(htpasswd.path)`
			`if err != nil {`
			`return false, err`
			`}`

			`// Parse the contents of the standard .htpasswd until we hit the end or find a match.`
			`reader := csv.NewReader(in)`
			`reader.Comma = ':'`
			`reader.Comment = '#'`
			`reader.TrimLeadingSpace = true`
			`for entry, readerr := reader.Read(); entry != nil \|\| readerr != nil; entry, readerr = reader.Read() {`
			`if entry[0] == user {`
			`if len(entry[1]) < 6 \|\| entry[1][0:5] != "{SHA}" {`
			`return false, ErrSHARequired`
			`}`
			`return entry[1][5:] == hash, nil`
			`}`
			`}`
			`return false, nil`
			`}`