You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by bm...@apache.org on 2016/01/04 22:53:34 UTC

[1/2] mesos git commit: Added implementation of HTTP "Basic" authentication scheme.

Repository: mesos
Updated Branches:
  refs/heads/master 1849bd606 -> 550396823


Added implementation of HTTP "Basic" authentication scheme.

Review: https://reviews.apache.org/r/38094/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/cc1e6e4c
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/cc1e6e4c
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/cc1e6e4c

Branch: refs/heads/master
Commit: cc1e6e4cab374a91a0cb2923f841b7b97549bfc8
Parents: 1849bd6
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Mon Jan 4 13:36:34 2016 -0800
Committer: Benjamin Mahler <be...@gmail.com>
Committed: Mon Jan 4 13:51:11 2016 -0800

----------------------------------------------------------------------
 3rdparty/libprocess/Makefile.am                 |   1 +
 .../include/process/authenticator.hpp           |  26 ++++
 3rdparty/libprocess/src/CMakeLists.txt          |   1 +
 3rdparty/libprocess/src/authenticator.cpp       | 128 +++++++++++++++++++
 3rdparty/libprocess/src/tests/http_tests.cpp    |  65 ++++++++++
 5 files changed, 221 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/Makefile.am
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/Makefile.am b/3rdparty/libprocess/Makefile.am
index 6749fd4..ac8cc8d 100644
--- a/3rdparty/libprocess/Makefile.am
+++ b/3rdparty/libprocess/Makefile.am
@@ -45,6 +45,7 @@ noinst_LTLIBRARIES = libprocess.la
 libprocess_la_SOURCES =		\
   src/authenticator_manager.hpp	\
   src/authenticator_manager.cpp	\
+  src/authenticator.cpp		\
   src/clock.cpp			\
   src/config.hpp		\
   src/decoder.hpp		\

http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/include/process/authenticator.hpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/include/process/authenticator.hpp b/3rdparty/libprocess/include/process/authenticator.hpp
index 5a32e9a..e5489c6 100644
--- a/3rdparty/libprocess/include/process/authenticator.hpp
+++ b/3rdparty/libprocess/include/process/authenticator.hpp
@@ -18,12 +18,15 @@
 #include <process/future.hpp>
 #include <process/http.hpp>
 
+#include <stout/hashmap.hpp>
 #include <stout/option.hpp>
 
 namespace process {
 namespace http {
 namespace authentication {
 
+class BasicAuthenticatorProcess;
+
 /**
  * Represents the result of authenticating a request.
  * An `AuthenticationResult` can represent one of the
@@ -77,6 +80,29 @@ public:
   virtual std::string scheme() const = 0;
 };
 
+
+/**
+ * Implements the "Basic" authentication scheme using a
+ * fixed set of credentials.
+ */
+class BasicAuthenticator : public Authenticator
+{
+public:
+  BasicAuthenticator(
+      const std::string& realm,
+      const hashmap<std::string, std::string>& credentials);
+
+  virtual ~BasicAuthenticator();
+
+  virtual Future<AuthenticationResult> authenticate(
+      const http::Request& request) override;
+
+  virtual std::string scheme() const override;
+
+private:
+  Owned<BasicAuthenticatorProcess> process_;
+};
+
 } // namespace authentication {
 } // namespace http {
 } // namespace process {

http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/CMakeLists.txt b/3rdparty/libprocess/src/CMakeLists.txt
index 681f0cf..7be3001 100644
--- a/3rdparty/libprocess/src/CMakeLists.txt
+++ b/3rdparty/libprocess/src/CMakeLists.txt
@@ -20,6 +20,7 @@ set(PROCESS_SRC
   ${PROCESS_SRC}
   authentication_router.cpp
   authentication_router.hpp
+  authenticator.cpp
   clock.cpp
   config.hpp
   decoder.hpp

http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/src/authenticator.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/authenticator.cpp b/3rdparty/libprocess/src/authenticator.cpp
new file mode 100644
index 0000000..7371a62
--- /dev/null
+++ b/3rdparty/libprocess/src/authenticator.cpp
@@ -0,0 +1,128 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+
+#include <process/authenticator.hpp>
+
+#include <string>
+#include <vector>
+
+#include <process/dispatch.hpp>
+#include <process/future.hpp>
+#include <process/http.hpp>
+#include <process/process.hpp>
+
+#include <stout/base64.hpp>
+#include <stout/hashmap.hpp>
+#include <stout/option.hpp>
+#include <stout/strings.hpp>
+#include <stout/try.hpp>
+
+namespace process {
+namespace http {
+namespace authentication {
+
+using std::string;
+using std::vector;
+
+
+class BasicAuthenticatorProcess : public Process<BasicAuthenticatorProcess>
+{
+public:
+  BasicAuthenticatorProcess(
+      const std::string& realm,
+      const hashmap<std::string, std::string>& credentials);
+
+  virtual Future<AuthenticationResult> authenticate(
+      const http::Request& request);
+
+private:
+  const std::string realm_;
+  const hashmap<std::string, std::string> credentials_;
+};
+
+
+BasicAuthenticatorProcess::BasicAuthenticatorProcess(
+    const string& realm,
+    const hashmap<string, string>& credentials)
+  : realm_(realm), credentials_(credentials) {}
+
+
+Future<AuthenticationResult> BasicAuthenticatorProcess::authenticate(
+    const Request& request)
+{
+  AuthenticationResult unauthorized;
+  unauthorized.unauthorized =
+    Unauthorized(vector<string>({"Basic realm=\"" + realm_ + "\""}));
+
+  Option<string> credentials = request.headers.get("Authorization");
+
+  if (credentials.isNone()) {
+    return unauthorized;
+  }
+
+  vector<string> components = strings::split(credentials.get(), " ");
+
+  if (components.size() != 2 || components[0] != "Basic") {
+    return unauthorized;
+  }
+
+  Try<string> decoded = base64::decode(components[1]);
+
+  if (decoded.isError()) {
+    return unauthorized;
+  }
+
+  vector<string> credential = strings::split(decoded.get(), ":");
+
+  if (credential.size() != 2 ||
+      !credentials_.contains(credential[0]) ||
+      credentials_.at(credential[0]) != credential[1]) {
+    return unauthorized;
+  }
+
+  AuthenticationResult authenticated;
+  authenticated.principal = credential[0];
+  return authenticated;
+}
+
+
+BasicAuthenticator::BasicAuthenticator(
+    const string& realm,
+    const hashmap<string, string>& credentials)
+  : process_(new BasicAuthenticatorProcess(realm, credentials))
+{
+  spawn(*process_);
+}
+
+
+BasicAuthenticator::~BasicAuthenticator()
+{
+  terminate(*process_);
+  wait(*process_);
+}
+
+
+Future<AuthenticationResult> BasicAuthenticator::authenticate(
+    const Request& request)
+{
+  return dispatch(*process_, &BasicAuthenticatorProcess::authenticate, request);
+}
+
+
+string BasicAuthenticator::scheme() const
+{
+  return "Basic";
+}
+
+} // namespace authentication {
+} // namespace http {
+} // namespace process {

http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/src/tests/http_tests.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/tests/http_tests.cpp b/3rdparty/libprocess/src/tests/http_tests.cpp
index ec7b4aa..e5999d8 100644
--- a/3rdparty/libprocess/src/tests/http_tests.cpp
+++ b/3rdparty/libprocess/src/tests/http_tests.cpp
@@ -47,6 +47,7 @@ namespace http = process::http;
 
 using authentication::Authenticator;
 using authentication::AuthenticationResult;
+using authentication::BasicAuthenticator;
 
 using process::Future;
 using process::Owned;
@@ -1424,3 +1425,67 @@ TEST_F(HttpAuthenticationTest, Pipelining)
   AWAIT_EXPECT_EQ(authentiation1.principal, principal1);
   AWAIT_EXPECT_EQ(authentiation2.principal, principal2);
 }
+
+
+// Tests the "Basic" authenticator.
+TEST_F(HttpAuthenticationTest, Basic)
+{
+  Http http;
+
+  Owned<Authenticator> authenticator(
+    new BasicAuthenticator("realm", {{"user", "password"}}));
+
+  AWAIT_READY(setAuthenticator("realm", authenticator));
+
+  // No credentials provided.
+  {
+    Future<http::Response> response = http::get(*http.process, "authenticated");
+
+    AWAIT_EXPECT_RESPONSE_STATUS_EQ(
+        http::Unauthorized(vector<string>()).status,
+        response);
+  }
+
+  // Wrong password provided.
+  {
+    http::Headers headers;
+    headers["Authorization"] =
+      "Basic " + base64::encode("user:wrongpassword");
+
+    Future<http::Response> response =
+      http::get(http.process->self(), "authenticated", None(), headers);
+
+    AWAIT_EXPECT_RESPONSE_STATUS_EQ(
+        http::Unauthorized(vector<string>()).status,
+        response);
+  }
+
+  // Wrong username provided.
+  {
+    http::Headers headers;
+    headers["Authorization"] =
+      "Basic " + base64::encode("wronguser:password");
+
+    Future<http::Response> response =
+      http::get(http.process->self(), "authenticated", None(), headers);
+
+    AWAIT_EXPECT_RESPONSE_STATUS_EQ(
+        http::Unauthorized(vector<string>()).status,
+        response);
+  }
+
+  // Right credentials provided.
+  {
+    EXPECT_CALL(*http.process, authenticated(_, Option<string>("user")))
+      .WillOnce(Return(http::OK()));
+
+    http::Headers headers;
+    headers["Authorization"] =
+      "Basic " + base64::encode("user:password");
+
+    Future<http::Response> response =
+      http::get(http.process->self(), "authenticated", None(), headers);
+
+    AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+  }
+}

[2/2] mesos git commit: Updated CMake build for authentication changes.

Posted by bm...@apache.org.

Updated CMake build for authentication changes.


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/55039682
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/55039682
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/55039682

Branch: refs/heads/master
Commit: 550396823d4754d6e6b0dbd9284d76cfd7be19ac
Parents: cc1e6e4
Author: Benjamin Mahler <be...@gmail.com>
Authored: Mon Jan 4 13:52:36 2016 -0800
Committer: Benjamin Mahler <be...@gmail.com>
Committed: Mon Jan 4 13:52:36 2016 -0800

----------------------------------------------------------------------
 3rdparty/libprocess/src/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/55039682/3rdparty/libprocess/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/CMakeLists.txt b/3rdparty/libprocess/src/CMakeLists.txt
index 7be3001..12dfaf6 100644
--- a/3rdparty/libprocess/src/CMakeLists.txt
+++ b/3rdparty/libprocess/src/CMakeLists.txt
@@ -18,8 +18,8 @@
 #######################################
 set(PROCESS_SRC
   ${PROCESS_SRC}
-  authentication_router.cpp
-  authentication_router.hpp
+  authenticator_manager.cpp
+  authenticator_manager.hpp
   authenticator.cpp
   clock.cpp
   config.hpp