From 4e1717db4c9b44c9255e5c58fce7d3f49af010a1 Mon Sep 17 00:00:00 2001
From: Matthew Holt <Matthew.Holt+git@gmail.com>
Date: Sat, 5 Sep 2015 16:04:30 -0600
Subject: [PATCH] basicauth: htpasswd path now relative to site root

---
 config/setup/basicauth.go              | 11 +++++++----
 dist/CHANGES.txt                       |  5 +++++
 middleware/basicauth/basicauth.go      | 12 +++++-------
 middleware/basicauth/basicauth_test.go |  2 +-
 4 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/config/setup/basicauth.go b/config/setup/basicauth.go
index a59e1349..bc57d1c6 100644
--- a/config/setup/basicauth.go
+++ b/config/setup/basicauth.go
@@ -9,6 +9,8 @@ import (
 
 // BasicAuth configures a new BasicAuth middleware instance.
 func BasicAuth(c *Controller) (middleware.Middleware, error) {
+	root := c.Root
+
 	rules, err := basicAuthParse(c)
 	if err != nil {
 		return nil, err
@@ -18,6 +20,7 @@ func BasicAuth(c *Controller) (middleware.Middleware, error) {
 
 	return func(next middleware.Handler) middleware.Handler {
 		basic.Next = next
+		basic.SiteRoot = root
 		return basic
 	}, nil
 }
@@ -34,7 +37,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
 		switch len(args) {
 		case 2:
 			rule.Username = args[0]
-			if rule.Password, err = passwordMatcher(rule.Username, args[1]); err != nil {
+			if rule.Password, err = passwordMatcher(rule.Username, args[1], c.Root); err != nil {
 				return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
 			}
 
@@ -47,7 +50,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
 		case 3:
 			rule.Resources = append(rule.Resources, args[0])
 			rule.Username = args[1]
-			if rule.Password, err = passwordMatcher(rule.Username, args[2]); err != nil {
+			if rule.Password, err = passwordMatcher(rule.Username, args[2], c.Root); err != nil {
 				return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
 			}
 		default:
@@ -60,10 +63,10 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
 	return rules, nil
 }
 
-func passwordMatcher(username, passw string) (basicauth.PasswordMatcher, error) {
+func passwordMatcher(username, passw, siteRoot string) (basicauth.PasswordMatcher, error) {
 	if !strings.HasPrefix(passw, "htpasswd=") {
 		return basicauth.PlainMatcher(passw), nil
 	}
 
-	return basicauth.GetHtpasswdMatcher(passw[9:], username)
+	return basicauth.GetHtpasswdMatcher(passw[9:], username, siteRoot)
 }
diff --git a/dist/CHANGES.txt b/dist/CHANGES.txt
index dced4bd4..f21eeda9 100644
--- a/dist/CHANGES.txt
+++ b/dist/CHANGES.txt
@@ -1,5 +1,10 @@
 CHANGES
 
+<master>
+- basicauth: Support for legacy htpasswd files
+- browse: JSON response with file listing given Accept header
+
+
 0.7.5 (August 5, 2015)
 - core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
 - fastcgi: Set HTTPS env variable if connection is secure
diff --git a/middleware/basicauth/basicauth.go b/middleware/basicauth/basicauth.go
index 02ad36c5..eeeb5476 100644
--- a/middleware/basicauth/basicauth.go
+++ b/middleware/basicauth/basicauth.go
@@ -22,8 +22,9 @@ import (
 // security of HTTP Basic Auth is disputed. Use discretion when deciding
 // what to protect with BasicAuth.
 type BasicAuth struct {
-	Next  middleware.Handler
-	Rules []Rule
+	Next     middleware.Handler
+	SiteRoot string
+	Rules    []Rule
 }
 
 // ServeHTTP implements the middleware.Handler interface.
@@ -84,11 +85,8 @@ var (
 	htpasswordsMu sync.Mutex
 )
 
-func GetHtpasswdMatcher(filename, username string) (PasswordMatcher, error) {
-	filename, err := filepath.Abs(filename)
-	if err != nil {
-		return nil, err
-	}
+func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error) {
+	filename = filepath.Join(siteRoot, filename)
 	htpasswordsMu.Lock()
 	if htpasswords == nil {
 		htpasswords = make(map[string]map[string]PasswordMatcher)
diff --git a/middleware/basicauth/basicauth_test.go b/middleware/basicauth/basicauth_test.go
index 393f2e4e..aa1fc244 100644
--- a/middleware/basicauth/basicauth_test.go
+++ b/middleware/basicauth/basicauth_test.go
@@ -132,7 +132,7 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
 
 	for i, username := range []string{"sha1", "md5"} {
 		rule := Rule{Username: username, Resources: []string{"/testing"}}
-		if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username); err != nil {
+		if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username, "/"); err != nil {
 			t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err)
 		}
 		t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password)