diff --git a/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/BearerAuthenticationProvider.kt b/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/BearerAuthenticationProvider.kt
index cb5bef86c58fb4ef676124ebd59d94b533420196..690844f0ff8e6791fcfccfce0219ace6907f6721 100644
--- a/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/BearerAuthenticationProvider.kt
+++ b/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/BearerAuthenticationProvider.kt
@@ -14,6 +14,7 @@ import io.ktor.auth.parseAuthorizationHeader
import io.ktor.http.auth.HttpAuthHeader
import io.ktor.request.httpMethod
import io.ktor.response.respond
+import io.ktor.util.pipeline.PipelineContext
import org.briarproject.mailbox.core.util.LogUtils.debug
import org.slf4j.LoggerFactory.getLogger
@@ -64,40 +65,48 @@ internal fun Authentication.Configuration.bearer(
) {
val provider = BearerAuthenticationProvider.Configuration(name).apply(configure).build()
provider.pipeline.intercept(AuthenticationPipeline.RequestAuthentication) { context ->
- val authHeader = provider.authHeader(call)
- if (authHeader == null) {
- context.unauthorizedResponse(AuthenticationFailedCause.NoCredentials, provider)
- return@intercept
- }
+ authenticate(context, provider, name)
+ }
+ register(provider)
+}
- try {
- // TODO try faking accessType with X-Http-Method-Override header
- val accessType = call.request.httpMethod.toAccessType()
- val token = (authHeader as? HttpAuthHeader.Single)?.blob
- if (accessType == null || token == null) {
- context.unauthorizedResponse(AuthenticationFailedCause.InvalidCredentials, provider)
- return@intercept
- }
- val folderId = call.parameters["folderId"]
+private suspend fun PipelineContext<AuthenticationContext, ApplicationCall>.authenticate(
+ context: AuthenticationContext,
+ provider: BearerAuthenticationProvider,
+ name: String?,
+) {
+ val authHeader = provider.authHeader(call)
+ if (authHeader == null) {
+ context.unauthorizedResponse(AuthenticationFailedCause.NoCredentials, provider)
+ return
+ }
- // TODO remove logging before release
- LOG.debug { "name: $name" }
- LOG.debug { "httpMethod: ${call.request.httpMethod}" }
+ try {
+ // TODO try faking accessType with X-Http-Method-Override header
+ val accessType = call.request.httpMethod.toAccessType()
+ val token = (authHeader as? HttpAuthHeader.Single)?.blob
+ if (accessType == null || token == null) {
+ context.unauthorizedResponse(AuthenticationFailedCause.InvalidCredentials, provider)
+ return
+ }
+ val folderId = call.parameters["folderId"]
- val credentials = Credentials(accessType, token, folderId)
- val principal = provider.authenticationFunction(call, credentials)
- if (principal == null) {
- context.unauthorizedResponse(AuthenticationFailedCause.InvalidCredentials, provider)
- } else {
- context.principal(principal)
- }
- } catch (cause: Throwable) {
- val message = cause.message ?: cause.javaClass.simpleName
- LOG.debug { "Bearer verification failed: $message" }
- context.error(AUTH_KEY_BEARER, AuthenticationFailedCause.Error(message))
+ // TODO remove logging before release
+ LOG.debug { "name: $name" }
+ LOG.debug { "httpMethod: ${call.request.httpMethod}" }
+
+ val credentials = Credentials(accessType, token, folderId)
+ val principal = provider.authenticationFunction(call, credentials)
+ if (principal == null) {
+ context.unauthorizedResponse(AuthenticationFailedCause.InvalidCredentials, provider)
+ } else {
+ context.principal(principal)
}
+ } catch (cause: Throwable) {
+ val message = cause.message ?: cause.javaClass.simpleName
+ LOG.debug { "Bearer verification failed: $message" }
+ context.error(AUTH_KEY_BEARER, AuthenticationFailedCause.Error(message))
}
- register(provider)
}
private fun AuthenticationContext.unauthorizedResponse(