Updated basic auth plugin faas provider

Signed-off-by: Karthick Prabu <karthikprabu.cs@gmail.com>
2025-06-14 03:06:46 +00:00 · 2019-10-16 00:27:35 +05:30 · 2019-10-16 00:27:35 +05:30 · 1c9e122370
commit 1c9e122370
parent 4ac782e5a4
7 changed files with 40 additions and 15 deletions
--- a/auth/basic-auth/Gopkg.lock
+++ b/auth/basic-auth/Gopkg.lock
@ -2,12 +2,12 @@


 [[projects]]
-  digest = "1:57ef1eb08e128d58c028f402b2030582907c49efc461f4764cf5c9161a4af2c0"
+  digest = "1:1fa5fe80531abdddbdf5d3c467144cf66e29dd939878c6b53f4c67d2bf1970be"
  name = "github.com/openfaas/faas-provider"
  packages = ["auth"]
  pruneopts = "UT"
-  revision = "376c26ef02007abb7cadbd550bb75df166764473"
-  version = "0.9.1"
+  revision = "8699aa7d3999c17851f88640c0dd2291daafd45e"
+  version = "0.13.0"

 [[projects]]
  digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"
--- a/auth/basic-auth/Gopkg.toml
+++ b/auth/basic-auth/Gopkg.toml
@ -1,6 +1,6 @@
 [[constraint]]
  name = "github.com/openfaas/faas-provider"
-  version = "0.9.1"
+  version = "0.13.0"

 [prune]
  go-tests = true
--- a/auth/basic-auth/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go
+++ b/auth/basic-auth/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go
@ -4,6 +4,7 @@
 package auth

 import (
+	"crypto/subtle"
 	"net/http"
 )

@ -12,10 +13,13 @@ func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredenti
 	return func(w http.ResponseWriter, r *http.Request) {

 		user, password, ok := r.BasicAuth()
-		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)

-		if !ok || !(credentials.Password == password && user == credentials.User) {
+		const noMatch = 0
+		if !ok ||
+			user != credentials.User ||
+			subtle.ConstantTimeCompare([]byte(credentials.Password), []byte(password)) == noMatch {

+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte("invalid credentials"))
 			return
--- a/auth/basic-auth/vendor/github.com/openfaas/faas-provider/auth/credentials.go
+++ b/auth/basic-auth/vendor/github.com/openfaas/faas-provider/auth/credentials.go
@ -17,7 +17,7 @@ type BasicAuthCredentials struct {
 }

 type ReadBasicAuth interface {
-	Read() (error, *BasicAuthCredentials)
+	Read() (*BasicAuthCredentials, error)
 }

 type ReadBasicAuthFromDisk struct {
--- a/gateway/Gopkg.lock
+++ b/gateway/Gopkg.lock
@ -93,23 +93,32 @@
  version = "v1.0.1"

 [[projects]]
-  digest = "1:340f4e2e095ead4e0a15b4646da3e4533f8b6520e3a382eaf586e8166f3bbcb5"
+  digest = "1:7185714c9e0d3e7f49516df22328ab92e56d3397499d8c77be7f65856599a939"
  name = "github.com/openfaas/faas"
-  packages = ["gateway/queue"]
+  packages = [
+    "gateway/handlers",
+    "gateway/metrics",
+    "gateway/plugin",
+    "gateway/queue",
+    "gateway/requests",
+    "gateway/scaling",
+    "gateway/types",
+    "gateway/version",
+  ]
  pruneopts = "UT"
  revision = "bfa869ec8c0c04c26c5b0ed434bc367e712dcaef"
  version = "0.10.2"

 [[projects]]
-  digest = "1:4a97aa8ada0b2f865ca69a3a3bc0a2524c24f31c578c995d5c52cecb6913a9dc"
+  digest = "1:63153ec3ac1c4e93e615b6f5b271a35ad8ced327eba70530903edac0b1f3e652"
  name = "github.com/openfaas/faas-provider"
  packages = [
    "auth",
    "types",
  ]
  pruneopts = "UT"
-  revision = "478f741b64cbcfaaee852156b060514be56623b3"
-  version = "0.12.0"
+  revision = "8699aa7d3999c17851f88640c0dd2291daafd45e"
+  version = "0.13.0"

 [[projects]]
  digest = "1:f7b0087a32b4f017ce89562494ae510f21e7d22e70cc1911640a32ebe583e92e"
@ -204,6 +213,14 @@
    "github.com/gorilla/mux",
    "github.com/openfaas/faas-provider/auth",
    "github.com/openfaas/faas-provider/types",
+    "github.com/openfaas/faas/gateway/handlers",
+    "github.com/openfaas/faas/gateway/metrics",
+    "github.com/openfaas/faas/gateway/plugin",
+    "github.com/openfaas/faas/gateway/queue",
+    "github.com/openfaas/faas/gateway/requests",
+    "github.com/openfaas/faas/gateway/scaling",
+    "github.com/openfaas/faas/gateway/types",
+    "github.com/openfaas/faas/gateway/version",
    "github.com/openfaas/nats-queue-worker/handler",
    "github.com/prometheus/client_golang/prometheus",
    "github.com/prometheus/client_golang/prometheus/promhttp",
--- a/gateway/Gopkg.toml
+++ b/gateway/Gopkg.toml
@ -8,7 +8,7 @@

 [[constraint]]
  name = "github.com/openfaas/faas-provider"
-  version = "0.12.0"
+  version = "0.13.0"

 [[constraint]]
  name = "github.com/openfaas/nats-queue-worker"
--- a/gateway/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go
+++ b/gateway/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go
@ -4,6 +4,7 @@
 package auth

 import (
+	"crypto/subtle"
 	"net/http"
 )

@ -12,10 +13,13 @@ func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredenti
 	return func(w http.ResponseWriter, r *http.Request) {

 		user, password, ok := r.BasicAuth()
-		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)

-		if !ok || !(credentials.Password == password && user == credentials.User) {
+		const noMatch = 0
+		if !ok ||
+			user != credentials.User ||
+			subtle.ConstantTimeCompare([]byte(credentials.Password), []byte(password)) == noMatch {

+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte("invalid credentials"))
 			return