diff options
Diffstat (limited to 'include/token_authorization_middleware.hpp')
-rw-r--r-- | include/token_authorization_middleware.hpp | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp index 0a440501e1..7e4e3bb22f 100644 --- a/include/token_authorization_middleware.hpp +++ b/include/token_authorization_middleware.hpp @@ -31,8 +31,15 @@ class Middleware return; } - req.session = performXtokenAuth(req); - if (req.session == nullptr) + const crow::persistent_data::AuthConfigMethods& authMethodsConfig = + crow::persistent_data::SessionStore::getInstance() + .getAuthMethodsConfig(); + + if (req.session == nullptr && authMethodsConfig.xtoken) + { + req.session = performXtokenAuth(req); + } + if (req.session == nullptr && authMethodsConfig.cookie) { req.session = performCookieAuth(req); } @@ -42,11 +49,13 @@ class Middleware if (!authHeader.empty()) { // Reject any kind of auth other than basic or token - if (boost::starts_with(authHeader, "Token ")) + if (boost::starts_with(authHeader, "Token ") && + authMethodsConfig.sessionToken) { req.session = performTokenAuth(authHeader); } - else if (boost::starts_with(authHeader, "Basic ")) + else if (boost::starts_with(authHeader, "Basic ") && + authMethodsConfig.basic) { req.session = performBasicAuth(authHeader); } |