[pve-devel] [PATCH 17/23] allow ticket in auth header as fallback

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Nov 12 11:43:24 CET 2019 

On 11/12/19 11:17 AM, Fabian Grünbichler wrote:
> On November 12, 2019 11:05 am, Thomas Lamprecht wrote:
>> On 11/12/19 10:46 AM, Fabian Grünbichler wrote:
>>> On October 17, 2019 5:33 pm, Thomas Lamprecht wrote:
>>>> On 10/17/19 3:14 PM, Fabian Grünbichler wrote:
>>>>> @@ -1232,7 +1232,10 @@ sub unshift_read_header {
>>>>>  		} elsif ($path =~ m/^\Q$base_uri\E/) {
>>>>>  		    my $token = $r->header('CSRFPreventionToken');
>>>>>  		    my $cookie = $r->header('Cookie');
>>>>> -		    my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $self->{cookie_name});
>>>>> +		    my $auth_header = $r->header('Authorization');
>>>>> +		    my $ticket = PVE::APIServer::Formatter::extract_auth_value($cookie, $self->{cookie_name});
>>>>> +		    $ticket = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{cookie_name})
>>>>> +			if !$ticket;
>>>>
>>>> can we do this a bit more separate like:
>>>>
>>>> if (!$ticket && (my $auth_header = $r->header('Authorization')) {
>>>>     $ticket = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{cookie_name});
>>>> }
>>>
>>> this would then (with the next patch) become:
>>>
>>> my $api_token;
>>> if (!$ticket && (my $auth_header = $r->header('Authorization')) {
>>>     $ticket = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{cookie_name});
>>>
>>>     if (!$ticket) {
>>>         $api_token = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{apitoken_name});
>>>     }
>>> }
>>>
>> the inner (apitoken) "if" would be nicer to move a layer out below the other one.>>
> 
> it needs $auth_header though, which would then also move (back out 
> again):
> 
> my $auth_header = $r->header('Authorization');
> if (!$ticket) {
>     $ticket = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{cookie_name});
> }
> my $api_token;
> if (!$ticket) {
>     $api_token = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{apitoken_name});
> }
> 
> which is basically the original version, modulo separate declaration of 
> $api_token:
> 
> my $auth_header = $r->header('Authorization');
> 
> $ticket = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{cookie_name})
>     if !$ticket;
> 
> my $api_token;
> $api_token = PVE::APIServer::Formatter::extract_auth_value($auth_header, $self->{apitoken_name})
>     if !$ticket;
> 

Above with line spacing and comments would already be a big
improvement. I feel that the real-nice-thing is still missing though,
but no better idea myself ^^

More information about the pve-devel mailing list