From e7156ad61be2fe935fdb64e9d0e877fa0e9f7f9e Mon Sep 17 00:00:00 2001
From: Jonas Schnelli <dev@jonasschnelli.ch>
Date: Thu, 22 Sep 2016 09:58:13 +0200
Subject: [RPC] pass HTTP basic authentication username to the JSONRequest
 object

---
 src/httprpc.cpp  | 11 +++++++----
 src/rest.cpp     |  1 +
 src/rpc/server.h |  3 ++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 54651911aa..e35acb6cd9 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass)
     return false;
 }
 
-static bool RPCAuthorized(const std::string& strAuth)
+static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
 {
     if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
         return false;
@@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth)
     std::string strUserPass64 = strAuth.substr(6);
     boost::trim(strUserPass64);
     std::string strUserPass = DecodeBase64(strUserPass64);
-    
+
+    if (strUserPass.find(":") != std::string::npos)
+        strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":"));
+
     //Check if authorized under single-user field
     if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) {
         return true;
@@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
         return false;
     }
 
-    if (!RPCAuthorized(authHeader.second)) {
+    JSONRPCRequest jreq;
+    if (!RPCAuthorized(authHeader.second, jreq.authUser)) {
         LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
 
         /* Deter brute-forcing
@@ -172,7 +176,6 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
         return false;
     }
 
-    JSONRPCRequest jreq;
     try {
         // Parse request
         UniValue valRequest;
diff --git a/src/rest.cpp b/src/rest.cpp
index 707dfe6987..b8b5420626 100644
--- a/src/rest.cpp
+++ b/src/rest.cpp
@@ -286,6 +286,7 @@ static bool rest_chaininfo(HTTPRequest* req, const std::string& strURIPart)
     switch (rf) {
     case RF_JSON: {
         JSONRPCRequest jsonRequest;
+        jsonRequest.params = UniValue(UniValue::VARR);
         UniValue chainInfoObject = getblockchaininfo(jsonRequest);
         string strJSON = chainInfoObject.write() + "\n";
         req->WriteHeader("Content-Type", "application/json");
diff --git a/src/rpc/server.h b/src/rpc/server.h
index d8b5097035..c59886222c 100644
--- a/src/rpc/server.h
+++ b/src/rpc/server.h
@@ -49,8 +49,9 @@ public:
     UniValue params;
     bool fHelp;
     std::string URI;
+    std::string authUser;
 
-    JSONRPCRequest() { id = NullUniValue; }
+    JSONRPCRequest() { id = NullUniValue; params = NullUniValue; fHelp = false; }
     void parse(const UniValue& valRequest);
 };
 
-- 
cgit v1.2.3