e0e3a05d |
package bearertoken
import ( |
b79cc576 |
"errors" |
e0e3a05d |
"net/http"
"strings"
"github.com/openshift/origin/pkg/auth/authenticator" |
83c702b4 |
"k8s.io/kubernetes/pkg/auth/user" |
e0e3a05d |
)
type Authenticator struct { |
a9059095 |
// auth is the token authenticator to use to validate the token |
e0e3a05d |
auth authenticator.Token |
a9059095 |
// removeHeader indicates whether the Authorization header should be removeHeaderd on successful auth
removeHeader bool |
e0e3a05d |
}
|
a9059095 |
func New(auth authenticator.Token, removeHeader bool) *Authenticator {
return &Authenticator{auth, removeHeader} |
e0e3a05d |
}
|
b79cc576 |
var invalidToken = errors.New("invalid bearer token")
|
e2ffc795 |
func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { |
e0e3a05d |
auth := strings.TrimSpace(req.Header.Get("Authorization"))
if auth == "" {
return nil, false, nil
}
parts := strings.Split(auth, " ")
if len(parts) < 2 || strings.ToLower(parts[0]) != "bearer" {
return nil, false, nil
}
token := parts[1] |
fd6725df |
// Empty bearer tokens aren't valid
if len(token) == 0 {
return nil, false, nil
}
|
a9059095 |
user, ok, err := a.auth.AuthenticateToken(token)
if ok && a.removeHeader {
req.Header.Del("Authorization")
} |
b79cc576 |
if !ok && err == nil {
err = invalidToken
} |
a9059095 |
return user, ok, err |
e0e3a05d |
} |