OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file | |
2 // for details. All rights reserved. Use of this source code is governed by a | |
3 // BSD-style license that can be found in the LICENSE file. | |
4 | |
5 library http_paser.authentication_challenge; | |
6 | |
7 import 'dart:collection'; | |
8 | |
9 import 'package:string_scanner/string_scanner.dart'; | |
10 | |
11 import 'scan.dart'; | |
12 import 'utils.dart'; | |
13 | |
14 /// A single challenge in a WWW-Authenticate header, parsed as per [RFC 2617][]. | |
15 /// | |
16 /// [RFC 2617]: http://tools.ietf.org/html/rfc2617 | |
17 /// | |
18 /// Each WWW-Authenticate header contains one or more challenges, representing | |
19 /// valid ways to authenticate with the server. | |
20 class AuthenticationChallenge { | |
21 /// The scheme describing the type of authentication that's required, for | |
22 /// example "basic" or "digest". | |
23 /// | |
24 /// This is normalized to always be lower-case. | |
Bob Nystrom
2015/08/25 21:28:59
"lowercase".
nweiz
2015/08/25 22:02:08
Done.
| |
25 final String scheme; | |
26 | |
27 /// The parameters describing how to authenticate. | |
28 /// | |
29 /// The semantics of these parameters are scheme-specific. | |
30 final Map<String, String> parameters; | |
31 | |
32 /// Parses a WWW-Authenticate header, which should contain one or more | |
33 /// challenges. | |
34 /// | |
35 /// Throws a [FormatException] if the header is invalid. | |
36 static List<AuthenticationChallenge> parseHeader(String header) { | |
37 return wrapFormatException("authentication header", header, () { | |
38 var scanner = new StringScanner(header); | |
39 scanner.scan(whitespace); | |
40 var challenges = parseList(scanner, () { | |
41 scanner.expect(token, name: "a token"); | |
42 var scheme = scanner.lastMatch[0].toLowerCase(); | |
43 | |
44 scanner.scan(whitespace); | |
45 | |
46 // The spec specifically requires a space between the scheme and its | |
47 // params. | |
48 if (scanner.lastMatch == null || !scanner.lastMatch[0].contains(" ")) { | |
49 scanner.expect(" ", name: '" " or "="'); | |
50 } | |
51 | |
52 // Manually parse the inner list. We need to do some lookahead to | |
53 // disambiguate between an auth param and another challenge. | |
54 var params = {}; | |
55 _scanAuthParam(scanner, params); | |
56 | |
57 var beforeComma = scanner.position; | |
58 while (scanner.scan(",")) { | |
59 scanner.scan(whitespace); | |
60 | |
61 // Empty elements are allowed, but excluded from the results. | |
62 if (scanner.matches(",")) continue; | |
63 | |
64 scanner.expect(token, name: "a token"); | |
65 var name = scanner.lastMatch[0].toLowerCase(); | |
66 scanner.scan(whitespace); | |
67 | |
68 // If there's no "=", then this is another challenge rather than a | |
69 // parameter for the current challenge. | |
70 if (!scanner.scan('=')) { | |
71 scanner.position = beforeComma; | |
72 break; | |
73 } | |
74 | |
75 scanner.scan(whitespace); | |
76 | |
77 if (scanner.scan(token)) { | |
78 params[name] = scanner.lastMatch[0]; | |
79 } else { | |
80 params[name] = expectQuotedString( | |
81 scanner, name: "a token or a quoted string"); | |
82 } | |
83 | |
84 scanner.scan(whitespace); | |
85 beforeComma = scanner.position; | |
86 } | |
87 | |
88 return new AuthenticationChallenge(scheme, params); | |
89 }); | |
90 | |
91 scanner.expectDone(); | |
92 return challenges; | |
93 }); | |
94 } | |
95 | |
96 /// Parses a single WWW-Authenticate challenge value. | |
97 /// | |
98 /// Throws a [FormatException] if the challenge is invalid. | |
99 factory AuthenticationChallenge.parse(String challenge) { | |
100 return wrapFormatException("authentication challenge", challenge, () { | |
101 var scanner = new StringScanner(challenge); | |
102 scanner.scan(whitespace); | |
103 scanner.expect(token, name: "a token"); | |
104 var scheme = scanner.lastMatch[0].toLowerCase(); | |
105 | |
106 scanner.scan(whitespace); | |
107 | |
108 // The spec specifically requires a space between the scheme and its | |
109 // params. | |
110 if (scanner.lastMatch == null || !scanner.lastMatch[0].contains(" ")) { | |
111 scanner.expect(" "); | |
112 } | |
Bob Nystrom
2015/08/25 21:28:59
These ~10 lines are copy/pasted from above. Can yo
nweiz
2015/08/25 22:02:08
Done.
| |
113 | |
114 var params = {}; | |
115 parseList(scanner, () => _scanAuthParam(scanner, params)); | |
116 | |
117 scanner.expectDone(); | |
118 return new AuthenticationChallenge(scheme, params); | |
119 }); | |
120 } | |
121 | |
122 /// Scans a single authentication parameter and stores its result in [params]. | |
123 static void _scanAuthParam(StringScanner scanner, Map params) { | |
124 scanner.expect(token, name: "a token"); | |
125 var name = scanner.lastMatch[0].toLowerCase(); | |
126 scanner.scan(whitespace); | |
127 scanner.expect('='); | |
128 scanner.scan(whitespace); | |
129 | |
130 if (scanner.scan(token)) { | |
131 params[name] = scanner.lastMatch[0]; | |
132 } else { | |
133 params[name] = expectQuotedString( | |
134 scanner, name: "a token or a quoted string"); | |
135 } | |
136 | |
137 scanner.scan(whitespace); | |
138 } | |
139 | |
140 /// Creates a new challenge value with [scheme] and, optionally, [parameters]. | |
141 /// | |
142 /// If [parameters] isn't passed, it defaults to an empty map. | |
Bob Nystrom
2015/08/25 21:28:59
Make the parameter actually optional?
nweiz
2015/08/25 22:02:08
It actually shouldn't be optional, and this docume
| |
143 AuthenticationChallenge(this.scheme, Map<String, String> parameters) | |
144 : parameters = new UnmodifiableMapView(parameters); | |
145 } | |
OLD | NEW |