This module provides the basics to validate an HTTP Authorization
header. User and password information are read from a Unix/Apache
compatible password file.
This library provides, in addition to the HTTP authentication, predicates to read and write password files.
Basic
authetication and verify the password from PasswordFile. PasswordFile
is a file holding usernames and passwords in a format compatible to Unix
and Apache. Each line is record with :
separated fields.
The first field is the username and the second the password hash.
Password hashes are validated using crypt/2.Successful authorization is cached for 60 seconds to avoid overhead of decoding and lookup of the user and password data.
http_authenticate/3 just validates the header. If authorization is not provided the browser must be challenged, in response to which it normally opens a user-password dialogue. Example code realising this is below. The exception causes the HTTP wrapper code to generate an HTTP 401 reply.
( http_authenticate(basic(passwd), Request, Fields) -> true ; throw(http_reply(authorise(basic, Realm))) ).
Fields | is a list of fields from the password-file entry. The first element is the user. The hash is skipped. |
Authorization
header. Data is a
term
Method(User, Password)
where Method is the (downcased) authorization method (typically
basic
), User is an atom holding the user name and Password
is a list of codes holding the password
Fields | are the fields from the password file File, converted using name/2, which means that numeric values are passed as numbers and other fields as atoms. The password hash is the first element of Fields and is a string. |
passwd(User, Hash, Fields)
passwd(User, Hash, Fields)
library(http_dispatch)
to perform basic HTTP
authentication.
This predicate throws http_reply(authorise(basic, Realm))
.
AuthData | must be a term basic(File, Realm) |
Request | is the HTTP request |
Fields | describes the authenticated user with
the option
user(User) and with the option user_details(Fields)
if the password file contains additional fields after the user and
password. |