ExFTP.Auth.BasicAuth (ExFTP v1.0.2)

View Source

When authenticator is ExFTP.Auth.BasicAuth, this authenticator will call out to an HTTP endpoint that implements HTTP Basic Auth with the user's supplied credentials.

๐Ÿ”’ Security

BasicAuth is not recommended for situations not protected by SSL.

โš™๏ธ Configuration

Keys

Example

  %{
    # ... ,
    authenticator: ExFTP.Auth.BasicAuth,
    authenticator_config: %{
      login_url: "https://httpbin.dev/basic-auth/",
      login_method: :get,
      authenticated_url: "https://httpbin.dev/hidden-basic-auth/",
      authenticated_method: :get,
      authenticated_ttl_ms: 1000 * 60 * 60
    }
  }

๐Ÿ‘€ See Also

๐Ÿ“– Resources

Summary

Functions

authenticated?(authenticator_state)

Determines whether this session is still considered authenticated

login(password, authenticator_state)

Requests a login using HTTP Basic Auth

valid_user?(username)

Always returns true.

Functions

authenticated?(authenticator_state)

@spec authenticated?(authenticator_state :: ExFTP.Authenticator.authenticator_state()) ::
  boolean()

Determines whether this session is still considered authenticated

๐Ÿท๏ธ Params

๐Ÿง‘โ€๐Ÿณ Workflow

  • Reads the authenticator_config.
  • If the config has authenticated_url,
    • Calls it using HTTP Basic Auth with username and password provided by the user
    • If the response is HTTP 200, success. Otherwise, no longer authenticated.
  • If the config does not have authenticated_url,
    • investigate the authenticator_state for authenticated: true

โคต๏ธ Returns

โœ… On Success

  `true` or `false`

๐Ÿ’ป Examples

iex> alias ExFTP.Auth.BasicAuth
iex> username = "jsmith"
iex> password = "password"
iex> Application.put_env(:ex_ftp, :authenticator, ExFTP.Auth.BasicAuth)
iex> Application.put_env(:ex_ftp, :authenticator_config, %{
iex>  login_url: "https://httpbin.dev/basic-auth/" <> username <> "/" <> password,
iex>  login_method: :get,
iex>  authenticated_url: "https://httpbin.dev/hidden-basic-auth/" <> username <> "/" <> password,
iex>  authenticated_method: :get,
iex>  authenticated_ttl_ms: 1000 * 60 * 60
iex> })
iex> {:ok, state} = BasicAuth.login(password, %{username: username})
iex> BasicAuth.authenticated?(state)
true

๐Ÿ‘€ See Also

login(password, authenticator_state)

@spec login(
  password :: ExFTP.Authenticator.password(),
  authenticator_state :: ExFTP.Authenticator.authenticator_state()
) :: {:ok, ExFTP.Authenticator.authenticator_state()} | {:error, term()}

Requests a login using HTTP Basic Auth

๐Ÿท๏ธ Params

๐Ÿง‘โ€๐Ÿณ Workflow

  • Reads the authenticator_config.
  • Receives a password from the client (a username was provided earlier)
  • Calls the login_url with HTTP Basic Auth
  • If the response is HTTP 200, success. Otherwise, bad login.

โคต๏ธ Returns

โœ… On Success

  {:ok, authenticator_state}

โŒ On Failure

  {:error, bad_login}

๐Ÿ’ป Examples

iex> alias ExFTP.Auth.BasicAuth
iex> username = "jsmith"
iex> password = "password"
iex> Application.put_env(:ex_ftp, :authenticator, ExFTP.Auth.BasicAuth)
iex> Application.put_env(:ex_ftp, :authenticator_config, %{
iex>  login_url: "https://httpbin.dev/basic-auth/" <> username <> "/" <> password,
iex>  login_method: :get,
iex>  authenticated_url: "https://httpbin.dev/hidden-basic-auth/" <> username <> "/" <> password,
iex>  authenticated_method: :get,
iex>  authenticated_ttl_ms: 1000 * 60 * 60
iex> })
iex> {:ok, _} = BasicAuth.login(password, %{username: username})

๐Ÿ‘€ See Also

valid_user?(username)

@spec valid_user?(username :: ExFTP.Authenticator.username()) :: boolean()

Always returns true.

No performance benefit

This method is normally used to short-circuit bad login requests. The performance gain in that short-circuit is negligible for basic auth, so it's not used.