SWI-Prolog -- http_authenticate/3

Documentation
- Reference manual
- Packages
  - SWI-Prolog HTTP support
    - The HTTP server libraries
      - library(http/http_authenticate): Authenticate HTTP connections using 401 headers
        
        http_authenticate/3
        
        http_authorization_data/2
        
        http_current_user/3
        
        http_read_passwd_file/2
        
        http_write_passwd_file/2
        
        authenticate/3

Availability::- use_module(library(http/http_authenticate)).

http_authenticate(+Type, +Request, -Fields)

True if Request contains the information to continue according to Type. Type identifies the required authentication technique:

basic(+PasswordFile): Use HTTP Basic authentication and verify the password from PasswordFile. PasswordFile is a file holding usernames and passwords in a format compatible to Unix and Apache. Each line is record with : separated fields. The first field is the username and the second the password hash. Password hashes are validated using crypt/2.

Successful authorization is cached for 60 seconds to avoid overhead of decoding and lookup of the user and password data.

http_authenticate/3 just validates the header. If authorization is not provided the browser must be challenged, in response to which it normally opens a user-password dialogue. Example code realising this is below. The exception causes the HTTP wrapper code to generate an HTTP 401 reply.

(   http_authenticate(basic(passwd), Request, Fields)
->  true
;   throw(http_reply(authorise(basic, Realm)))
).

Fields

is a list of fields from the password-file entry. The first element is the user. The hash is skipped.

To be done: Should we also cache failures to reduce the risk of DoS attacks?