Custom http authenticator failing after upgrading to v8.0.3


I’m trying to create a custom http:authenticate/3 method and it’s doing weird stuff in SWI-Prolog version 8.0.3.

My code works as expected in version 7.6.4 but after upgrading, no cigar!

My code:

http:authenticate(my_auth_type, _Request, [user(anonymous)]).

:- http_handler(root(.), home, [authentication(my_auth_type)]).

home(Request) :-
    memberchk(user(User), Request),

The http:authenticate method is being called BUT the user is not being passed to the handler in the request. I traced the problem to following code in the http_dispatch library code:

auth_expansion(Request0, Request, Options) :-
    authentication(Options, Request0, Extra),
    append(Extra, Request, Request0).

(This is new mechanism in the upgraded version by the looks)
It looks like Request0 is the original request, Request is the modified request, but the append does not resolve obviously because the user is not in the Request0 already.

My question is, am I missing something obvious here or is this bug?


I guess the best is to look in the provided HTTP basic and digest implementations.
authentication/3 is supposed to determine the user based on what is provided in the request. Note that these hooks can only be used to deal with authentication based on the browser itself and where the authentication is passed along with the request. You need something else if you want the common cookie and login form based authentication. Anne Ogborn wrote an identity package. SWISH also provides a quite comprehensive authentication mechanism.

If something broke your code that cannot work with the current implementation and there is a good way to make the work again, please submit a pull request.

Thanks, I will look at it again next week. For now I have found a work around by creating a custom router that does the auth and then passes the request on to http_dispatch. It works essentially that same and can be retro-fitted to the http_dispatch options later.