+ if (authData) {
+ if (await this.isValidAuthorization(authData, ctx)) {
+ return true;
+ }
+ // If they came in trying header auth, let them try again.
+ return this.requestBasic(res);
+ }
+
+ // Otherwise redirect to login.
+ res.statusCode = 302;
+ res.setHeader(Enum.Header.Location, loginPath);
+ res.end();
+
+ return false;
+ }
+
+
+ /**
+ * Require that a request has valid local auth over secure channel, requests if missing.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ * @param {String} loginPath
+ */
+ async requiredLocal(req, res, ctx, loginPath) {
+ const _scope = _fileScope('requiredLocal');
+ this.logger.debug(_scope, 'called', { ctx });
+
+ if (this.secureAuthOnly && ctx.clientProtocol.toLowerCase() !== 'https') {
+ this.logger.debug(_scope, 'rejecting insecure auth', ctx);
+ throw new Errors.ResponseError(Enum.ErrorResponse.Forbidden, 'authentication required, but connection is insecure; cannot continue');
+ }
+
+ // Only accept identifier sessions.
+ const sessionCookie = req.getHeader(Enum.Header.Cookie);
+ if (sessionCookie
+ && await this.isValidCookieAuth(ctx, sessionCookie)
+ && ctx.session.authenticatedIdentifier) {