tjohnn
06/28/2019, 5:48 AMapplication/json
, does it make sense to fail a FormAuth gracefully if request Content-Type is json like this?
provider.pipeline.intercept(AuthenticationPipeline.RequestAuthentication) { context ->
var postParameters: Parameters? = null
if(!call.isJsonRequest()){
postParameters = call.receiveOrNull()
}
val username = postParameters?.get(userParamName)
val password = postParameters?.get(passwordParamName)
val credentials = if (username != null && password != null) UserPasswordCredential(username, password) else null
val principal = credentials?.let { validate(call, it) }
if (principal != null) {
context.principal(principal)
} else {
val cause = if (credentials == null) AuthenticationFailedCause.NoCredentials else AuthenticationFailedCause.InvalidCredentials
context.challenge(formAuthenticationChallengeKey, cause) {
when (challenge) {
FormAuthChallenge.Unauthorized -> call.respond(HttpStatusCode.Unauthorized)
is FormAuthChallenge.Redirect -> call.respondRedirect(challenge.url(call, credentials))
}
it.complete()
}
}
}
tjohnn
06/28/2019, 6:22 AMval postParameters = try {
call.receiveOrNull<Parameters>()
} catch (ex: Exception){
null
}