From f06073fbcdb44c7d3d0ca3688d350040403744c2 Mon Sep 17 00:00:00 2001 From: Gyu-Ho Lee Date: Tue, 6 Oct 2015 05:00:33 -0700 Subject: [PATCH] server: use standard lib http.Request.BasicAuth Go 1.4+ has https://golang.org/pkg/net/http/#Request.BasicAuth method for http.Request and it was requested by CoreOS(kelsey) [1] with the same functionalities. If dex's Go development is being done in Go 1.4 or later, we should use the standard library. Thanks! --- [1] https://codereview.appspot.com/76540043/ --- pkg/http/http.go | 25 ------------------------- server/http.go | 2 +- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/pkg/http/http.go b/pkg/http/http.go index 950bca54..90450062 100644 --- a/pkg/http/http.go +++ b/pkg/http/http.go @@ -1,7 +1,6 @@ package http import ( - "encoding/base64" "encoding/json" "errors" "net/http" @@ -29,30 +28,6 @@ func WriteError(w http.ResponseWriter, code int, msg string) { w.Write(b) } -// BasicAuth parses a username and password from the request's -// Authorization header. This was pulled from golang master: -// https://codereview.appspot.com/76540043 -func BasicAuth(r *http.Request) (username, password string, ok bool) { - auth := r.Header.Get("Authorization") - if auth == "" { - return - } - - if !strings.HasPrefix(auth, "Basic ") { - return - } - c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic ")) - if err != nil { - return - } - cs := string(c) - s := strings.IndexByte(cs, ':') - if s < 0 { - return - } - return cs[:s], cs[s+1:], true -} - func cacheControlMaxAge(hdr string) (time.Duration, bool, error) { for _, field := range strings.Split(hdr, ",") { parts := strings.SplitN(strings.TrimSpace(field), "=", 2) diff --git a/server/http.go b/server/http.go index 4746b114..b864fdcf 100644 --- a/server/http.go +++ b/server/http.go @@ -418,7 +418,7 @@ func handleTokenFunc(srv OIDCServer) http.HandlerFunc { state := r.PostForm.Get("state") - user, password, ok := phttp.BasicAuth(r) + user, password, ok := r.BasicAuth() if !ok { log.Errorf("error parsing basic auth") writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)