mirror of
https://github.com/grafana/grafana.git
synced 2024-11-24 18:00:31 -06:00
5070f7a75b
* Chore: Harmonize linting with plugin SDK Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix linting issues Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
21 lines
700 B
Go
21 lines
700 B
Go
package api
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
|
|
macaron "gopkg.in/macaron.v1"
|
|
)
|
|
|
|
// BasicAuthenticatedRequest parses the provided HTTP request for basic authentication credentials
|
|
// and returns true if the provided credentials match the expected username and password.
|
|
// Returns false if the request is unauthenticated.
|
|
// Uses constant-time comparison in order to mitigate timing attacks.
|
|
func BasicAuthenticatedRequest(req macaron.Request, expectedUser, expectedPass string) bool {
|
|
user, pass, ok := req.BasicAuth()
|
|
if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|