diff --git a/lib_xenia/src/main/x/xenia/ChainBundle.x b/lib_xenia/src/main/x/xenia/ChainBundle.x index 5a30f2660..4c027d461 100644 --- a/lib_xenia/src/main/x/xenia/ChainBundle.x +++ b/lib_xenia/src/main/x/xenia/ChainBundle.x @@ -17,6 +17,7 @@ import web.AcceptList; import web.Body; import web.BodyParam; import web.ErrorHandler; +import web.Header; import web.HttpMethod; import web.HttpStatus; import web.MediaType; @@ -354,10 +355,10 @@ service ChainBundle { // is it a principal or an entitlement? val claim = attempt.claim; if (claim.is(Principal)) { - principals = principals.addIfAbsent(claim); + principals := principals.addIfAbsent(claim); } else { assert claim.is(Entitlement); - entitlements = entitlements.addIfAbsent(claim); + entitlements := entitlements.addIfAbsent(claim); } break; } @@ -392,10 +393,10 @@ service ChainBundle { SimpleResponse response = new SimpleResponse(status); for (Attempt attempt : failures) { if (String header := attempt.response.is(String)) { - response.header.add(WWWAuthenticate, header); + response.header.add(Header.WWWAuthenticate, header); } else if (String[] headers := attempt.response.is(String[])) { for (String header : headers) { - response.header.add(WWWAuthenticate, header); + response.header.add(Header.WWWAuthenticate, header); } } } @@ -407,8 +408,8 @@ service ChainBundle { for (Entitlement entitlement : entitlements) { Int pid = entitlement.principalId; if (entitlement.conferIdentity && !principals.any(p -> p.principalId == pid)) { - if (Principal principal := realm.readPrincipal(pid)) { - principals = principals.addIfAbsent(principal); + if (Principal principal := authenticator.realm.readPrincipal(pid)) { + principals := principals.addIfAbsent(principal); } else { // TODO log failure? } @@ -442,12 +443,19 @@ service ChainBundle { return True, new SimpleResponse(Forbidden); }; + /** + * Log a failed authentication. + */ + private void failedAuth(RequestIn request, Session? session, Attempt attempt) { + // TODO + } + /** * Determine if the specified [Permission]/check is allowed using information from the * session. */ private Boolean checkSessionApproval(Session session, - Permission permission, (function Boolean())? accessGranted) { + Permission? permission, (function Boolean())? accessGranted) { return checkApproval(session.principal, session.entitlements, permission, accessGranted); } @@ -455,8 +463,9 @@ service ChainBundle { * Determine if the specified [Permission]/check is allowed. */ private Boolean checkApproval(Principal? principal, Entitlement[] entitlements, - Permission permission, (function Boolean())? accessGranted) { + Permission? permission, (function Boolean())? accessGranted) { if (permission != Null) { + Realm realm = authenticator.realm; return principal?.permitted(realm, permission); return entitlements.any(e -> e.permitted(realm, permission)); } diff --git a/lib_xenia/src/main/x/xenia/SessionImpl.x b/lib_xenia/src/main/x/xenia/SessionImpl.x index 41e21c5dc..cc1254bab 100644 --- a/lib_xenia/src/main/x/xenia/SessionImpl.x +++ b/lib_xenia/src/main/x/xenia/SessionImpl.x @@ -396,16 +396,18 @@ service SessionImpl @Override void deauthenticate() { - if (String oldUser ?= userId) { - userId = Null; + Principal? oldPrincipal = principal; + Entitlement[] oldEntitlements = entitlements; + if (oldPrincipal != Null || !oldEntitlements.empty) { + principal = Null; + entitlements = []; exclusiveAgent = False; trustLevel = None; - roles = []; lastAuthenticated = Null; - issueEvent_(SessionDeauthenticated, Void, &sessionDeauthenticated(oldUser), + issueEvent_(SessionDeauthenticated, Void, &sessionDeauthenticated(oldPrincipal, oldEntitlements), () -> $|An exception in session {this.internalId_} occurred during a\ - | deauthentication event for user {oldUser.quoted()} + | deauthentication event ); } }