api tokens: add authorization method

author Fabian Grünbichler <f.gruenbichler@proxmox.com>

Fri, 30 Oct 2020 12:10:38 +0000 (13:10 +0100)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Fri, 30 Oct 2020 12:15:14 +0000 (13:15 +0100)
author Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fri, 30 Oct 2020 12:10:38 +0000 (13:10 +0100)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Fri, 30 Oct 2020 12:15:14 +0000 (13:15 +0100)
diff --git a/src/client/http_client.rs b/src/client/http_client.rs

index 3b7597fec6653b451e5c496bc839de6d08f25e56..99558dba62f2c8f4b608a3776f959b1e730cd601 100644 (file)
--- a/src/client/http_client.rs
+++ b/src/client/http_client.rs
@@ -493,7 +493,7 @@ impl HttpClient {
  
          let auth =  self.login().await?;
          if auth.auth_id.is_token() {
-            let enc_api_token = format!("{}:{}", auth.auth_id, percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
+            let enc_api_token = format!("PBSAPIToken {}:{}", auth.auth_id, percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
              req.headers_mut().insert("Authorization", HeaderValue::from_str(&enc_api_token).unwrap());
          } else {
              let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
@@ -602,7 +602,7 @@ impl HttpClient {
          let auth =  self.login().await?;
  
          if auth.auth_id.is_token() {
-            let enc_api_token = format!("{}:{}", auth.auth_id, percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
+            let enc_api_token = format!("PBSAPIToken {}:{}", auth.auth_id, percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
              req.headers_mut().insert("Authorization", HeaderValue::from_str(&enc_api_token).unwrap());
          } else {
              let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
diff --git a/src/server/rest.rs b/src/server/rest.rs

index 365e35703506feb31fa902c335575df8acf6757a..85ad3746a791f60d4a6445e50f4f4c170da593a2 100644 (file)
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@@ -17,6 +17,7 @@ use lazy_static::lazy_static;
  use serde_json::{json, Value};
  use tokio::fs::File;
  use tokio::time::Instant;
+use percent_encoding::percent_decode_str;
  use url::form_urlencoded;
  use regex::Regex;
  
@@ -568,7 +569,9 @@ fn extract_auth_data(headers: &http::HeaderMap) -> Option<AuthData> {
      }
  
      match headers.get("AUTHORIZATION").map(|v| v.to_str()) {
-        Some(Ok(v)) => Some(AuthData::ApiToken(v.to_owned())),
+        Some(Ok(v)) if v.starts_with("PBSAPIToken ") => {
+            Some(AuthData::ApiToken(v["PBSAPIToken ".len()..].to_owned()))
+        },
          _ => None,
      }
  }
@@ -609,6 +612,10 @@ fn check_auth(
  
              let tokensecret = parts.next()
                  .ok_or_else(|| format_err!("failed to split API token header"))?;
+            let tokensecret = percent_decode_str(tokensecret)
+                .decode_utf8()
+                .map_err(|_| format_err!("failed to decode API token header"))?;
+
              crate::config::token_shadow::verify_secret(&tokenid, &tokensecret)?;
  
              Ok(tokenid)
author	Fabian Grünbichler <f.gruenbichler@proxmox.com>
	Fri, 30 Oct 2020 12:10:38 +0000 (13:10 +0100)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Fri, 30 Oct 2020 12:15:14 +0000 (13:15 +0100)
src/client/http_client.rs		patch \| blob \| blame \| history
src/server/rest.rs		patch \| blob \| blame \| history