Rework Auth Plugins to Support HTTP Authfeature/http-auth-plugins

This commit reworks auth plugins slightly to enable support for HTTP authentication. By raising an AuthenticationError, auth plugins can now return HTTP responses to the upgrade request (such as 401). Related to kanaka/noVNC#522
author: Solly Ross <sross@redhat.com> 2015-08-25 16:44:24 -0400
committer: Solly Ross <sross@redhat.com> 2015-08-25 17:52:20 -0400
commit: 1e2b5c2256d31e34083935f8adb2c8433cd40f7f (patch)
tree: 6e445718408ab9bfd5290aafed21f288051586d3 /websockify/websocketproxy.py
parent: 6c1543c05b79ae8bef2d2f7d703002a432776baf (diff)
download: websockify-feature/http-auth-plugins.tar.gz
1 files changed, 24 insertions, 9 deletions
diff --git a/websockify/websocketproxy.py b/websockify/websocketproxy.py
index 029b6f3..46ab545 100755
--- a/websockify/websocketproxy.py
+++ b/websockify/websocketproxy.py
@@ -18,6 +18,7 @@ try:    from http.server import HTTPServer
 except: from BaseHTTPServer import HTTPServer
 import select
 from websockify import websocket
+from websockify import auth_plugins as auth
 try:
     from urllib.parse import parse_qs, urlparse
 except:
@@ -37,20 +38,34 @@ Traffic Legend:
     <  - Client send
     <. - Client send partial
 """
+    
+    def send_auth_error(self, ex):
+        self.send_response(ex.code, ex.msg)
+        self.send_header('Content-Type', 'text/html')
+        for name, val in ex.headers.items():
+            self.send_header(name, val)
+        
+        self.end_headers()
+    
+    def validate_connection(self):
+        if self.server.token_plugin: 
+            (self.server.target_host, self.server.target_port) = self.get_target(self.server.token_plugin, self.path)
+
+        if self.server.auth_plugin:
+            try:
+                self.server.auth_plugin.authenticate(
+                    headers=self.headers, target_host=self.server.target_host,
+                    target_port=self.server.target_port)
+            except auth.AuthenticationError:
+                ex = sys.exc_info()[1]
+                self.send_auth_error(ex)
+                raise
 
     def new_websocket_client(self):
         """
         Called after a new WebSocket connection has been established.
         """
-        # Checks if we receive a token, and look
-        # for a valid target for it then
-        if self.server.token_plugin:
-            (self.server.target_host, self.server.target_port) = self.get_target(self.server.token_plugin, self.path)
-
-        if self.server.auth_plugin:
-            self.server.auth_plugin.authenticate(
-                headers=self.headers, target_host=self.server.target_host,
-                target_port=self.server.target_port)
+        # Checking for a token is done in validate_connection()
 
         # Connect to the target
         if self.server.wrap_cmd:
author	Solly Ross <sross@redhat.com>	2015-08-25 16:44:24 -0400
committer	Solly Ross <sross@redhat.com>	2015-08-25 17:52:20 -0400
commit	1e2b5c2256d31e34083935f8adb2c8433cd40f7f (patch)
tree	6e445718408ab9bfd5290aafed21f288051586d3 /websockify/websocketproxy.py
parent	6c1543c05b79ae8bef2d2f7d703002a432776baf (diff)
download	websockify-feature/http-auth-plugins.tar.gz