grafana/pkg/api/basic_auth.go

package api

import (
	"crypto/subtle"
	macaron "gopkg.in/macaron.v1"
)

// BasicAuthenticatedRequest parses the provided HTTP request for basic authentication credentials
// and returns true if the provided credentials match the expected username and password.
// Returns false if the request is unauthenticated.
// Uses constant-time comparison in order to mitigate timing attacks.
func BasicAuthenticatedRequest(req macaron.Request, expectedUser, expectedPass string) bool {
	user, pass, ok := req.BasicAuth()
	if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {
		return false
	}

	return true
}
Re-organize packages and add basic auth test 2018-11-19 12:15:18 -06:00			`package api`
Add basic authentication support to metrics endpoint 2018-11-14 14:42:47 -06:00
			`import (`
			`"crypto/subtle"`
			`macaron "gopkg.in/macaron.v1"`
			`)`

Re-organize packages and add basic auth test 2018-11-19 12:15:18 -06:00			`// BasicAuthenticatedRequest parses the provided HTTP request for basic authentication credentials`
Add basic authentication support to metrics endpoint 2018-11-14 14:42:47 -06:00			`// and returns true if the provided credentials match the expected username and password.`
			`// Returns false if the request is unauthenticated.`
			`// Uses constant-time comparison in order to mitigate timing attacks.`
			`func BasicAuthenticatedRequest(req macaron.Request, expectedUser, expectedPass string) bool {`
			`user, pass, ok := req.BasicAuth()`
Fix formatting and remove enabled toggle 2018-11-14 16:37:32 -06:00			`if !ok \|\| subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 \|\| subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {`
Add basic authentication support to metrics endpoint 2018-11-14 14:42:47 -06:00			`return false`
			`}`

			`return true`
			`}`