ExFTP.Auth.WebhookAuth (ExFTP v1.0.2)

When authenticator is ExFTP.Auth.WebhookAuth, this authenticator will call out to an HTTP endpoint that accepts two query parameters: username and/or password_hash.

⚙️ Configuration

Keys

authenticator == ExFTP.Auth.WebhookAuth
authenticator_config :: ExFTP.Auth.WebhookAuthConfig.t/0

Example

  %{
    # ... ,
    authenticator: ExFTP.Auth.WebhookAuth,
    authenticator_config: %{
      login_url: "https://httpbin.dev/status/200",
      login_method: :post,
      password_hash_type: :sha256,
      authenticated_url: "https://httpbin.dev/status/200",
      authenticated_method: :post,
      authenticated_ttl_ms: 1000 * 60 * 60
    }
  }

👀 See Also

ExFTP.Authenticator

📖 Resources

📖 RFC 959 (section-4)
📖 RFC 3659
💬 Contact the maintainer (he's happy to help!)
- 👾 Github: camatcode
- 🐘 Fediverse: @scrum_log@maston.social

Summary

Functions

authenticated?(authenticator_state)

Determines whether this session is still considered authenticated

Requests a login using a webhook.

valid_user?(username)

Always returns true.

Functions

authenticated?(authenticator_state)

Determines whether this session is still considered authenticated

🏷️ Params

authenticator_state :: ExFTP.Authenticator.authenticator_state/0

🧑‍🍳 Workflow

Reads the authenticator_config.
If the config has authenticated_url,
- Calls it with the username(e.g http://httpbin.dev/get?username={username})
- If the response is HTTP 200, success. Otherwise, no longer authenticated.
If the config does not have authenticated_url,
- investigate the authenticator_state for authenticated: true

⤵️ Returns

✅ On Success

  `true` or `false`

💻 Examples

iex> alias ExFTP.Auth.WebhookAuth
iex> Application.put_env(:ex_ftp, :authenticator, ExFTP.Auth.WebhookAuth)
iex> Application.put_env(:ex_ftp, :authenticator_config, %{
iex>  login_url: "https://httpbin.dev/status/200",
iex>  authenticated_url: "https://httpbin.dev/get",
iex>  authenticated_method: :get,
iex> })
iex> WebhookAuth.authenticated?(%{username: "jsmith"})
true

👀 See Also

login(password, authenticator_state)

@spec login(
  password :: ExFTP.Authenticator.password(),
  authenticator_state :: ExFTP.Authenticator.authenticator_state()
) :: {:ok, ExFTP.Authenticator.authenticator_state()} | {:error, term()}

Requests a login using a webhook.

password :: ExFTP.Authenticator.password/0
authenticator_state :: ExFTP.Authenticator.authenticator_state/0

Reads the authenticator_config.
Receives a password from the client (a :username key might exist in the authenticator_state)
Hashes the password
Calls the login_url (e.g http://httpbin.dev/get?username={username}&password_hash={password_hash})
If the response is HTTP 200, success. Otherwise, bad login.

✅ On Success

  {:ok, authenticator_state}

❌ On Failure

  {:error, bad_login}

iex> alias ExFTP.Auth.WebhookAuth
iex> Application.put_env(:ex_ftp, :authenticator, ExFTP.Auth.WebhookAuth)
iex> Application.put_env(:ex_ftp, :authenticator_config, %{
iex>  login_url: "https://httpbin.dev/status/200",
iex>  login_method: :post,
iex>  password_hash_type: :sha256
iex> })
iex> {:ok, _} = WebhookAuth.login("password123", %{username: "jsmith"})

valid_user?(username)

@spec valid_user?(username :: ExFTP.Authenticator.username()) :: boolean()

Always returns true.

No performance benefit

This method is normally used to short-circuit bad login requests. The performance gain in that short-circuit is negligible for webhooks, so it's not used.