If it is safe to assume that FormAuth data conversion is fai kotlinlang #ktor

If it is safe to assume that FormAuth data convers...

tjohnn

06/28/2019, 5:48 AM

If it is safe to assume that FormAuth data conversion is failing for only

application/json

, does it make sense to fail a FormAuth gracefully if request Content-Type is json like this?

Copy code

provider.pipeline.intercept(AuthenticationPipeline.RequestAuthentication) { context ->
        var postParameters: Parameters? = null
        if(!call.isJsonRequest()){
            postParameters = call.receiveOrNull()
        }
        val username = postParameters?.get(userParamName)
        val password = postParameters?.get(passwordParamName)

        val credentials = if (username != null && password != null) UserPasswordCredential(username, password) else null
        val principal = credentials?.let { validate(call, it) }

        if (principal != null) {
            context.principal(principal)
        } else {
            val cause = if (credentials == null) AuthenticationFailedCause.NoCredentials else AuthenticationFailedCause.InvalidCredentials
            context.challenge(formAuthenticationChallengeKey, cause) {
                when (challenge) {
                    FormAuthChallenge.Unauthorized -> call.respond(HttpStatusCode.Unauthorized)
                    is FormAuthChallenge.Redirect -> call.respondRedirect(challenge.url(call, credentials))
                }
                it.complete()
            }
        }
    }

tjohnn

06/28/2019, 6:22 AM

Or this?

Copy code

val postParameters = try {
            call.receiveOrNull<Parameters>()
        } catch (ex: Exception){
            null
        }

2 Views

Open in Slack

Previous Next