check authentication state and pass it to the app

2024-11-29 06:45:42 +03:00 · 2018-09-27 11:16:59 -07:00 · 2018-09-27 11:16:59 -07:00 · 878de4ebcb
commit 878de4ebcb
parent 1a9a85bd45
2 changed files with 80 additions and 9 deletions
--- a/sys/vane/light.hoon
+++ b/sys/vane/light.hoon
@ -361,6 +361,8 @@
    =.  action.record  u.action
    =.  connections.state  (~(put by connections.state) duct record)
    ::
+    =/  authenticated  (request-is-logged-in:authentication http-request)
+    ::
    ?-    -.u.action
    ::
        %gen
@ -381,7 +383,7 @@
      ::  %handle-http-request type.
      ::
      ^-  cush:gall
-      [app.u.action %poke %handle-http-request !>([secure address http-request])]
+      [app.u.action %poke %handle-http-request !>([authenticated secure address http-request])]
    ::
        %login-handler
      (handle-request:authentication secure address http-request)
@ -486,11 +488,38 @@
      ==
    ::  +request-is-logged-in: checks to see if the request is authenticated
    ::
+    ::    We are considered logged in if this http-request has an urbauth
+    ::    Cookie which is not expired.
+    ::
    ++  request-is-logged-in
      |=  =http-request
      ^-  ?
+      ::  are there cookies passed with this request?
      ::
-      %.n
+      ::    TODO: In HTTP2, the client is allowed to put multiple 'Cookie'
+      ::    headers.
+      ::
+      ?~  cookie-header=(get-header 'Cookie' header-list.http-request)
+        %.n
+      ::  is the cookie line is valid?
+      ::
+      ?~  cookies=(rush u.cookie-header cock:de-purl:html)
+        %.n
+      ::  is there an urbauth cookie?
+      ::
+      ?~  urbauth=(get-header 'urbauth' u.cookies)
+        %.n
+      ::  is this formatted like a valid session cookie?
+      ::
+      ?~  session-id=(rush u.urbauth ;~(pfix (jest '0v') viz:ag))
+        %.n
+      ::  is this a session that we know about?
+      ::
+      ?~  session=(~(get by sessions.authentication-state.state) u.session-id)
+        %.n
+      ::  is this session still valid?
+      ::
+      (lte now expiry-time.u.session)
    ::  +code: returns the same as |code
    ::
    ::    This has the problem where the signature for sky vs sley.
--- a/tests/sys/vane/light.hoon
+++ b/tests/sys/vane/light.hoon
@ -249,7 +249,7 @@
          :+  /run-app/app1  [~nul ~nul]
              ^-  cush:gall
              :*  %app1  %poke  %handle-http-request
-                  !>([%.n [%ipv4 .192.168.1.1] ['GET' '/' ~ ~]])
+                  !>([%.n %.n [%ipv4 .192.168.1.1] ['GET' '/' ~ ~]])
              ==
          card
    ==
@ -332,7 +332,7 @@
          :+  /run-app/app1  [~nul ~nul]
              ^-  cush:gall
              :*  %app1  %poke  %handle-http-request
-                  !>([%.n [%ipv4 .192.168.1.1] ['GET' '/' ~ ~]])
+                  !>([%.n %.n [%ipv4 .192.168.1.1] ['GET' '/' ~ ~]])
              ==
          card
    ==
@ -436,7 +436,7 @@
          :+  /run-app/app1  [~nul ~nul]
              ^-  cush:gall
              :*  %app1  %poke  %handle-http-request
-                  !>([%.n [%ipv4 .192.168.1.1] ['GET' '/~landscape/inner-path' ~ ~]])
+                  !>([%.n %.n [%ipv4 .192.168.1.1] ['GET' '/~landscape/inner-path' ~ ~]])
              ==
          card
    ==
@ -463,14 +463,14 @@
  =^  results5  light-gate
    %-  light-call  :*
      light-gate
-      now=~1111.1.2
+      now=~1111.1.5
      scry=*sley
      ^=  call-args
        :*  duct=~[/http-blah]  ~
            %inbound-request
            %.n
            [%ipv4 .192.168.1.1]
-            ['GET' '/~/login?redirect=/~landscape' ~ ~]
+            ['GET' '/~/login?redirect=/~landscape/inner-path' ~ ~]
        ==
      ^=  expected-moves
        ^-  (list move:light-gate)
@ -480,7 +480,7 @@
                %start
                200
                ['Content-Type' 'text/html']~
-                [~ (login-page:light-gate `'/~landscape')]
+                [~ (login-page:light-gate `'/~landscape/inner-path')]
                complete=%.y
        ==  ==
    ==
@ -489,7 +489,7 @@
  =^  results6  light-gate
    %-  light-call  :*
      light-gate
-      now=~1111.1.3
+      now=~1111.1.6
      scry=*sley
      ^=  call-args
        :*  duct=~[/http-blah]  ~
@ -518,6 +518,48 @@
                complete=%.y
        ==  ==
    ==
+  ::  going back to the original url will acknowledge the authentication cookie
+  ::
+  =^  results7  light-gate
+    %-  light-call-with-comparator  :*
+      light-gate
+      now=~1111.1.6..1.0.0
+      scry=*sley
+      ^=  call-args
+        ^-  [=duct type=* wrapped-task=(hobo task:able:light-gate)]
+        :*  duct=~[/http-blah]  ~
+            %inbound-request
+            %.n
+            [%ipv4 .192.168.1.1]
+            'GET'
+            '/~landscape/inner-path'
+            ['Cookie' 'urbauth=0v3.q0p7t.mlkkq.cqtto.p0nvi.2ieea']~
+            ~
+        ==
+      ^=  comparator
+        |=  moves=(list move:light-gate)
+        ^-  tang
+        ::
+        ?.  ?=([* ~] moves)
+          [%leaf "wrong number of moves: {<(lent moves)>}"]~
+        ::
+        ::
+        =/  move=move:light-gate                              i.moves
+        =/  =duct                                             duct.move
+        =/  card=(wind note:light-gate gift:able:light-gate)  card.move
+        ::
+        %+  weld
+          (expect-eq !>(~[/http-blah]) !>(duct))
+        ::  expect authenticated=%.y in the handle below
+        ::
+        %+  expect-gall-deal
+          :+  /run-app/app1  [~nul ~nul]
+              ^-  cush:gall
+              :*  %app1  %poke  %handle-http-request
+                  !>([%.y %.n [%ipv4 .192.168.1.1] ['GET' '/~landscape/inner-path' ~ ~]])
+              ==
+          card
+    ==
  ::
  ;:  weld
    results1