clagraff / gowebauth Goto Github PK

tdyj

This one might end up being a PITA.
See the wikipedia article on digest auth to get an idea of how QOP plays into effect with auth requests.

Support a new Authorizer for handling HTTP Digest Auth.
See: https://en.wikipedia.org/wiki/Digest_access_authentication for more information.

As part of the Authorizer interface, the IsAuthorized(string) error function should return both an optional error, and the identifier for successful authentication strings.
A la IsAuthorized(token string) (Identity string, Error error)

Break out the User and Realm authorizers and their tests into separate files. Like user.go, realm.go, and a associated test files.

The Digest.FailureHandler function does not appear to be covered at all, when viewed with the coverage tool. This should be addressed as it is important to know that the function will work as expected.

tbd

It woule be nice to be able to combine multiple username and passwords into a single BasicAuth struct for authentication.

Now that issue #18 has been merged, which un-exported a bunch of stuff from the packages, we no longer need the Nonce struct to be exported.

When using the OneUseStore, nonces can be generated without having any method of forcing their removal. This means an attacker could continue to make unauthenticated requests in order to generate more nonces which will never be removed, thus eating away at the servers resources.

Add a change log similar to the one in openRCT2

This is a test of creating an epic

Parse supplied .htpasswd files to determine usernames and password hashes to be used for checking authentication.

Please see the generated godoc docstring for MakeRealm. It can be found here.

Notice that there are backticks viewable in the docs. Remove these, as they should not have been there.

The following nonce stores would be great to include:

• Limitable-use nonce (3-use nonce, 2-use nonce, N-use nonce, etc)
• Time-limited nonce (nonce valid for X seconds)

Under the nonce section, there is a typo.

$ echo -n "gon:Restricted Page:hunter123" | md5sum<Paste>

shouldnt have the <Paste> at the end.

Add a test coverage indicator, such as cover.run, to the readme for the project.

Implement or create issues for the following authentication types:

• JSON Web Tokens
• Signatures
• API Key instead of username+password

Most pulled from here and here