diff options
| -rw-r--r-- | TODO | 1 | ||||
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | plugins/webbox/html/webbox.js | 12 | ||||
| -rw-r--r-- | response.cpp | 16 |
4 files changed, 13 insertions, 17 deletions
@@ -1,4 +1,3 @@ -Fix auth on Chrome and Android/Samsung browser git via smart http / cgi git via web interface php diff --git a/debian/changelog b/debian/changelog index 14d0006..4f31c53 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ webserver (1.7) UNRELEASED; urgency=medium * Omit PEM file reload. Access to files is denied because of dropped privileges. * Bugfix: Keep FCGI connections open * Weekly Certificate reload via systemd service restart + * Webbox: Fixed redundant auth popup on certain browsers -- Roland Reichwein <rr@antcom.de> Sun, 17 May 2020 14:31:36 +0200 diff --git a/plugins/webbox/html/webbox.js b/plugins/webbox/html/webbox.js index 9b3a486..54adeaf 100644 --- a/plugins/webbox/html/webbox.js +++ b/plugins/webbox/html/webbox.js @@ -321,17 +321,7 @@ function initMainpage() { } if (this.status == 401) { // login error: goto login page var authheader = this.getResponseHeader("WWW-Authenticate"); - var title = "Webbox"; - // For web servers with standard AUTH BASIC, triggering problems in - // client browsers, popping up the browser's "Authenticate" window - // but we want our own - if (authheader.startsWith("Basic realm=\"") && authheader.endsWith("\"")) { - title = authheader.substr(13, authheader.length - 14); - } else - // Fixed up Apache server - if (authheader.startsWith("SR_Basic realm=\"") && authheader.endsWith("\"")) { - title = authheader.substr(16, authheader.length - 17); - } + var title = "Webbox Login"; // enable logout function if logging in document.getElementById("logoutcommand").style.display = "table-row"; diff --git a/response.cpp b/response.cpp index a5fb8c3..67cb322 100644 --- a/response.cpp +++ b/response.cpp @@ -209,8 +209,7 @@ response_type HttpStatus(std::string status, std::string message, response_type& if (status != "200") { // already handled at res init res.result(unsigned(stoul(status))); res.set(http::field::content_type, "text/html"); - if (res.result_int() == 401) - res.set(http::field::www_authenticate, "Basic realm=\"Webbox Login\""); + res.body() = "<html><body><h1>"s + Server::VersionString + " Error</h1><p>"s + status + " "s + message + "</p></body></html>"s; res.prepare_payload(); } @@ -249,14 +248,14 @@ response_type generate_response(request_type& req, Server& server) if (auth.size() != 0) { std::string authorization{req[http::field::authorization]}; if (authorization.substr(0, 6) != "Basic "s) - return HttpStatusAndStats("401", "Bad Authorization Type", req_ctx, res); + return HttpStatusAndStats("400", "Bad Authorization Type", req_ctx, res); authorization = authorization.substr(6); authorization = decode64(authorization); size_t pos {authorization.find(':')}; if (pos == authorization.npos) - return HttpStatusAndStats("401", "Bad Authorization Encoding", req_ctx, res); + return HttpStatusAndStats("400", "Bad Authorization Encoding", req_ctx, res); std::string login{authorization.substr(0, pos)}; std::string password{authorization.substr(pos + 1)}; @@ -264,8 +263,15 @@ response_type generate_response(request_type& req, Server& server) auto it {auth.find(login)}; // it.second contains crypted/hash // password is plain text to validate against the hash - if (it == auth.end() || !Auth::validate(it->second, password)) + if (it == auth.end() || !Auth::validate(it->second, password)) { + + // For now, WWW-Authenticate: Basic realm="..." will only be generated for static-files. + // All other plugins are expected to present their own login pages + if (req_ctx.GetPluginName() == "static-files") + res.set(http::field::www_authenticate, "Basic realm=\"Webbox Login\""); + return HttpStatusAndStats("401", "Bad Authorization", req_ctx, res); + } } plugin_type plugin{req_ctx.GetPlugin()}; |