mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
good first draft, fixed test
This commit is contained in:
parent
4e4e8b3ab5
commit
7939e5968f
71
auth/auth.go
71
auth/auth.go
|
@ -4,6 +4,8 @@ import (
|
|||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/gravitl/netmaker/servercfg"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
@ -18,6 +20,7 @@ const (
|
|||
azure_ad_provider_name = "azure-ad"
|
||||
github_provider_name = "github"
|
||||
verify_user = "verifyuser"
|
||||
auth_key = "netmaker_auth"
|
||||
)
|
||||
|
||||
var oauth_state_string = "netmaker-oauth-state" // should be set randomly each provider login
|
||||
|
@ -49,6 +52,10 @@ func InitializeAuthProvider() string {
|
|||
if functions == nil {
|
||||
return ""
|
||||
}
|
||||
var _, err = fetchPassValue(logic.RandomString(64))
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
var authInfo = servercfg.GetAuthProviderInfo()
|
||||
functions[init_provider].(func(string, string, string))(servercfg.GetAPIConnString()+"/api/oauth/callback", authInfo[1], authInfo[2])
|
||||
return authInfo[0]
|
||||
|
@ -72,16 +79,60 @@ func HandleAuthLogin(w http.ResponseWriter, r *http.Request) {
|
|||
functions[handle_login].(func(http.ResponseWriter, *http.Request))(w, r)
|
||||
}
|
||||
|
||||
// VerifyUserToken - checks if oauth2 token is valid
|
||||
func VerifyUserToken(accessToken string) bool {
|
||||
var token = &oauth2.Token{}
|
||||
var err = json.Unmarshal([]byte(accessToken), token)
|
||||
if err != nil || !token.Valid() {
|
||||
return false
|
||||
// == private methods ==
|
||||
|
||||
func addUser(email string) error {
|
||||
var hasAdmin, err = logic.HasAdmin()
|
||||
if err != nil {
|
||||
logic.Log("error checking for existence of admin user during OAuth login for "+email+", user not added", 1)
|
||||
return err
|
||||
} // generate random password to adapt to current model
|
||||
var newPass, fetchErr = fetchPassValue("")
|
||||
if fetchErr != nil {
|
||||
return fetchErr
|
||||
}
|
||||
var functions = getCurrentAuthFunctions()
|
||||
if functions == nil {
|
||||
return false
|
||||
var newUser = models.User{
|
||||
UserName: email,
|
||||
Password: newPass,
|
||||
}
|
||||
return functions[verify_user].(func(*oauth2.Token) bool)(token)
|
||||
if !hasAdmin { // must be first attempt, create an admin
|
||||
if newUser, err = logic.CreateAdmin(newUser); err != nil {
|
||||
logic.Log("error creating admin from user, "+email+", user not added", 1)
|
||||
} else {
|
||||
logic.Log("admin created from user, "+email+", was first user added", 0)
|
||||
}
|
||||
} else { // otherwise add to db as admin..?
|
||||
// TODO: add ability to add users with preemptive permissions
|
||||
newUser.IsAdmin = true
|
||||
if newUser, err = logic.CreateUser(newUser); err != nil {
|
||||
logic.Log("error creating user, "+email+", user not added", 1)
|
||||
} else {
|
||||
logic.Log("user created from, "+email+"", 0)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func fetchPassValue(newValue string) (string, error) {
|
||||
|
||||
type valueHolder struct {
|
||||
Value string `json:"value" bson:"value"`
|
||||
}
|
||||
var newValueHolder = &valueHolder{
|
||||
Value: newValue,
|
||||
}
|
||||
var data, marshalErr = json.Marshal(newValueHolder)
|
||||
if marshalErr != nil {
|
||||
return "", marshalErr
|
||||
}
|
||||
|
||||
var currentValue, err = logic.FetchAuthSecret(auth_key, string(data))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
var unmarshErr = json.Unmarshal([]byte(currentValue), newValueHolder)
|
||||
if unmarshErr != nil {
|
||||
return "", unmarshErr
|
||||
}
|
||||
return newValueHolder.Value, nil
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/gravitl/netmaker/servercfg"
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/google"
|
||||
|
@ -34,7 +35,7 @@ func initGoogle(redirectURL string, clientID string, clientSecret string) {
|
|||
|
||||
func handleGoogleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
oauth_state_string = logic.RandomString(16)
|
||||
url := auth_provider.AuthCodeURL(oauth_state_string)
|
||||
var url = auth_provider.AuthCodeURL(oauth_state_string)
|
||||
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
|
||||
}
|
||||
|
||||
|
@ -46,8 +47,30 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
|
|||
http.Redirect(w, r, servercfg.GetFrontendURL()+"?oauth=callback-error", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
_, err = logic.GetUser(content.Email)
|
||||
if err != nil { // user must not exists, so try to make one
|
||||
if err = addUser(content.Email); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
var newPass, fetchErr = fetchPassValue("")
|
||||
if fetchErr != nil {
|
||||
return
|
||||
}
|
||||
// send a netmaker jwt token
|
||||
var authRequest = models.UserAuthParams{
|
||||
UserName: content.Email,
|
||||
Password: newPass,
|
||||
}
|
||||
|
||||
var jwt, jwtErr = logic.VerifyAuthRequest(authRequest)
|
||||
if jwtErr != nil {
|
||||
logic.Log("could not parse jwt for user "+authRequest.UserName, 1)
|
||||
return
|
||||
}
|
||||
|
||||
logic.Log("completed google oauth sigin in for "+content.Email, 0)
|
||||
http.Redirect(w, r, servercfg.GetFrontendURL()+"?oauth="+content.AccessToken+"&email="+content.Email, http.StatusPermanentRedirect)
|
||||
http.Redirect(w, r, servercfg.GetFrontendURL()+"?login="+jwt+"&email="+content.Email, http.StatusPermanentRedirect)
|
||||
}
|
||||
|
||||
func getUserInfo(state string, code string) (*OauthUser, error) {
|
||||
|
|
|
@ -12,7 +12,6 @@ import (
|
|||
"github.com/gravitl/netmaker/functions"
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
func userHandlers(r *mux.Router) {
|
||||
|
@ -53,7 +52,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
if err != nil {
|
||||
returnErrorResponse(response, request, formatError(err, "badrequest"))
|
||||
return
|
||||
|
@ -86,35 +85,6 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
|||
response.Write(successJSONResponse)
|
||||
}
|
||||
|
||||
// VerifyAuthRequest - verifies an auth request
|
||||
func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
|
||||
var result models.User
|
||||
if authRequest.UserName == "" {
|
||||
return "", errors.New("username can't be empty")
|
||||
} else if authRequest.Password == "" {
|
||||
return "", errors.New("password can't be empty")
|
||||
}
|
||||
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved).
|
||||
record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName)
|
||||
if err != nil {
|
||||
return "", errors.New("incorrect credentials")
|
||||
}
|
||||
if err = json.Unmarshal([]byte(record), &result); err != nil {
|
||||
return "", errors.New("incorrect credentials")
|
||||
}
|
||||
|
||||
// compare password from request to stored password in database
|
||||
// might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
|
||||
// TODO: Consider a way of hashing the password client side before sending, or using certificates
|
||||
if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil {
|
||||
return "", errors.New("incorrect credentials")
|
||||
}
|
||||
|
||||
//Create a new JWT for the node
|
||||
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
|
||||
return tokenString, nil
|
||||
}
|
||||
|
||||
// The middleware for most requests to the API
|
||||
// They all pass through here first
|
||||
// This will validate the JWT (or check for master token)
|
||||
|
|
|
@ -4,52 +4,53 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/gravitl/netmaker/database"
|
||||
"github.com/gravitl/netmaker/logic"
|
||||
"github.com/gravitl/netmaker/models"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func deleteAllUsers() {
|
||||
users, _ := GetUsers()
|
||||
users, _ := logic.GetUsers()
|
||||
for _, user := range users {
|
||||
DeleteUser(user.UserName)
|
||||
logic.DeleteUser(user.UserName)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHasAdmin(t *testing.T) {
|
||||
//delete all current users
|
||||
database.InitializeDatabase()
|
||||
users, _ := GetUsers()
|
||||
users, _ := logic.GetUsers()
|
||||
for _, user := range users {
|
||||
success, err := DeleteUser(user.UserName)
|
||||
success, err := logic.DeleteUser(user.UserName)
|
||||
assert.Nil(t, err)
|
||||
assert.True(t, success)
|
||||
}
|
||||
t.Run("NoUser", func(t *testing.T) {
|
||||
found, err := HasAdmin()
|
||||
found, err := logic.HasAdmin()
|
||||
assert.Nil(t, err)
|
||||
assert.False(t, found)
|
||||
})
|
||||
t.Run("No admin user", func(t *testing.T) {
|
||||
var user = models.User{"noadmin", "password", nil, false}
|
||||
_, err := CreateUser(user)
|
||||
_, err := logic.CreateUser(user)
|
||||
assert.Nil(t, err)
|
||||
found, err := HasAdmin()
|
||||
found, err := logic.HasAdmin()
|
||||
assert.Nil(t, err)
|
||||
assert.False(t, found)
|
||||
})
|
||||
t.Run("admin user", func(t *testing.T) {
|
||||
var user = models.User{"admin", "password", nil, true}
|
||||
_, err := CreateUser(user)
|
||||
_, err := logic.CreateUser(user)
|
||||
assert.Nil(t, err)
|
||||
found, err := HasAdmin()
|
||||
found, err := logic.HasAdmin()
|
||||
assert.Nil(t, err)
|
||||
assert.True(t, found)
|
||||
})
|
||||
t.Run("multiple admins", func(t *testing.T) {
|
||||
var user = models.User{"admin1", "password", nil, true}
|
||||
_, err := CreateUser(user)
|
||||
_, err := logic.CreateUser(user)
|
||||
assert.Nil(t, err)
|
||||
found, err := HasAdmin()
|
||||
found, err := logic.HasAdmin()
|
||||
assert.Nil(t, err)
|
||||
assert.True(t, found)
|
||||
})
|
||||
|
@ -60,12 +61,12 @@ func TestCreateUser(t *testing.T) {
|
|||
deleteAllUsers()
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
t.Run("NoUser", func(t *testing.T) {
|
||||
admin, err := CreateUser(user)
|
||||
admin, err := logic.CreateUser(user)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admin.UserName)
|
||||
})
|
||||
t.Run("UserExists", func(t *testing.T) {
|
||||
_, err := CreateUser(user)
|
||||
_, err := logic.CreateUser(user)
|
||||
assert.NotNil(t, err)
|
||||
assert.EqualError(t, err, "user exists")
|
||||
})
|
||||
|
@ -78,14 +79,14 @@ func TestCreateAdmin(t *testing.T) {
|
|||
t.Run("NoAdmin", func(t *testing.T) {
|
||||
user.UserName = "admin"
|
||||
user.Password = "password"
|
||||
admin, err := CreateAdmin(user)
|
||||
admin, err := logic.CreateAdmin(user)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admin.UserName)
|
||||
})
|
||||
t.Run("AdminExists", func(t *testing.T) {
|
||||
user.UserName = "admin2"
|
||||
user.Password = "password1"
|
||||
admin, err := CreateAdmin(user)
|
||||
admin, err := logic.CreateAdmin(user)
|
||||
assert.EqualError(t, err, "admin user already exists")
|
||||
assert.Equal(t, admin, models.User{})
|
||||
})
|
||||
|
@ -95,14 +96,14 @@ func TestDeleteUser(t *testing.T) {
|
|||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
t.Run("NonExistent User", func(t *testing.T) {
|
||||
deleted, err := DeleteUser("admin")
|
||||
deleted, err := logic.DeleteUser("admin")
|
||||
assert.EqualError(t, err, "user does not exist")
|
||||
assert.False(t, deleted)
|
||||
})
|
||||
t.Run("Existing User", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
CreateUser(user)
|
||||
deleted, err := DeleteUser("admin")
|
||||
logic.CreateUser(user)
|
||||
deleted, err := logic.DeleteUser("admin")
|
||||
assert.Nil(t, err)
|
||||
assert.True(t, deleted)
|
||||
})
|
||||
|
@ -114,44 +115,44 @@ func TestValidateUser(t *testing.T) {
|
|||
t.Run("Valid Create", func(t *testing.T) {
|
||||
user.UserName = "admin"
|
||||
user.Password = "validpass"
|
||||
err := ValidateUser("create", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
t.Run("Valid Update", func(t *testing.T) {
|
||||
user.UserName = "admin"
|
||||
user.Password = "password"
|
||||
err := ValidateUser("update", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
t.Run("Invalid UserName", func(t *testing.T) {
|
||||
t.Skip()
|
||||
user.UserName = "*invalid"
|
||||
err := ValidateUser("create", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.Error(t, err)
|
||||
//assert.Contains(t, err.Error(), "Field validation for 'UserName' failed")
|
||||
})
|
||||
t.Run("Short UserName", func(t *testing.T) {
|
||||
t.Skip()
|
||||
user.UserName = "1"
|
||||
err := ValidateUser("create", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.NotNil(t, err)
|
||||
//assert.Contains(t, err.Error(), "Field validation for 'UserName' failed")
|
||||
})
|
||||
t.Run("Empty UserName", func(t *testing.T) {
|
||||
t.Skip()
|
||||
user.UserName = ""
|
||||
err := ValidateUser("create", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.EqualError(t, err, "some string")
|
||||
//assert.Contains(t, err.Error(), "Field validation for 'UserName' failed")
|
||||
})
|
||||
t.Run("EmptyPassword", func(t *testing.T) {
|
||||
user.Password = ""
|
||||
err := ValidateUser("create", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.EqualError(t, err, "Key: 'User.Password' Error:Field validation for 'Password' failed on the 'required' tag")
|
||||
})
|
||||
t.Run("ShortPassword", func(t *testing.T) {
|
||||
user.Password = "123"
|
||||
err := ValidateUser("create", user)
|
||||
err := logic.ValidateUser(user)
|
||||
assert.EqualError(t, err, "Key: 'User.Password' Error:Field validation for 'Password' failed on the 'min' tag")
|
||||
})
|
||||
}
|
||||
|
@ -160,14 +161,14 @@ func TestGetUser(t *testing.T) {
|
|||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
t.Run("NonExistantUser", func(t *testing.T) {
|
||||
admin, err := GetUser("admin")
|
||||
admin, err := logic.GetUser("admin")
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, "", admin.UserName)
|
||||
})
|
||||
t.Run("UserExisits", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
CreateUser(user)
|
||||
admin, err := GetUser("admin")
|
||||
logic.CreateUser(user)
|
||||
admin, err := logic.GetUser("admin")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admin.UserName)
|
||||
})
|
||||
|
@ -183,7 +184,7 @@ func TestGetUserInternal(t *testing.T) {
|
|||
})
|
||||
t.Run("UserExisits", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
CreateUser(user)
|
||||
logic.CreateUser(user)
|
||||
admin, err := GetUserInternal("admin")
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admin.UserName)
|
||||
|
@ -194,21 +195,21 @@ func TestGetUsers(t *testing.T) {
|
|||
database.InitializeDatabase()
|
||||
deleteAllUsers()
|
||||
t.Run("NonExistantUser", func(t *testing.T) {
|
||||
admin, err := GetUsers()
|
||||
admin, err := logic.GetUsers()
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, []models.ReturnUser(nil), admin)
|
||||
})
|
||||
t.Run("UserExisits", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, true}
|
||||
CreateUser(user)
|
||||
admins, err := GetUsers()
|
||||
logic.CreateUser(user)
|
||||
admins, err := logic.GetUsers()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, user.UserName, admins[0].UserName)
|
||||
})
|
||||
t.Run("MulipleUsers", func(t *testing.T) {
|
||||
user := models.User{"user", "password", nil, true}
|
||||
CreateUser(user)
|
||||
admins, err := GetUsers()
|
||||
logic.CreateUser(user)
|
||||
admins, err := logic.GetUsers()
|
||||
assert.Nil(t, err)
|
||||
for _, u := range admins {
|
||||
if u.UserName == "admin" {
|
||||
|
@ -227,14 +228,14 @@ func TestUpdateUser(t *testing.T) {
|
|||
user := models.User{"admin", "password", nil, true}
|
||||
newuser := models.User{"hello", "world", []string{"wirecat, netmaker"}, true}
|
||||
t.Run("NonExistantUser", func(t *testing.T) {
|
||||
admin, err := UpdateUser(newuser, user)
|
||||
admin, err := logic.UpdateUser(newuser, user)
|
||||
assert.EqualError(t, err, "could not find any records")
|
||||
assert.Equal(t, "", admin.UserName)
|
||||
})
|
||||
|
||||
t.Run("UserExists", func(t *testing.T) {
|
||||
CreateUser(user)
|
||||
admin, err := UpdateUser(newuser, user)
|
||||
logic.CreateUser(user)
|
||||
admin, err := logic.UpdateUser(newuser, user)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, newuser.UserName, admin.UserName)
|
||||
})
|
||||
|
@ -271,43 +272,43 @@ func TestVerifyAuthRequest(t *testing.T) {
|
|||
t.Run("EmptyUserName", func(t *testing.T) {
|
||||
authRequest.UserName = ""
|
||||
authRequest.Password = "Password"
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
assert.Equal(t, "", jwt)
|
||||
assert.EqualError(t, err, "username can't be empty")
|
||||
})
|
||||
t.Run("EmptyPassword", func(t *testing.T) {
|
||||
authRequest.UserName = "admin"
|
||||
authRequest.Password = ""
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
assert.Equal(t, "", jwt)
|
||||
assert.EqualError(t, err, "password can't be empty")
|
||||
})
|
||||
t.Run("NonExistantUser", func(t *testing.T) {
|
||||
authRequest.UserName = "admin"
|
||||
authRequest.Password = "password"
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
assert.Equal(t, "", jwt)
|
||||
assert.EqualError(t, err, "incorrect credentials")
|
||||
})
|
||||
t.Run("Non-Admin", func(t *testing.T) {
|
||||
user := models.User{"nonadmin", "somepass", nil, false}
|
||||
CreateUser(user)
|
||||
logic.CreateUser(user)
|
||||
authRequest := models.UserAuthParams{"nonadmin", "somepass"}
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
assert.NotNil(t, jwt)
|
||||
assert.Nil(t, err)
|
||||
})
|
||||
t.Run("WrongPassword", func(t *testing.T) {
|
||||
user := models.User{"admin", "password", nil, false}
|
||||
CreateUser(user)
|
||||
logic.CreateUser(user)
|
||||
authRequest := models.UserAuthParams{"admin", "badpass"}
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
assert.Equal(t, "", jwt)
|
||||
assert.EqualError(t, err, "incorrect credentials")
|
||||
})
|
||||
t.Run("Success", func(t *testing.T) {
|
||||
authRequest := models.UserAuthParams{"admin", "password"}
|
||||
jwt, err := VerifyAuthRequest(authRequest)
|
||||
jwt, err := logic.VerifyAuthRequest(authRequest)
|
||||
assert.Nil(t, err)
|
||||
assert.NotNil(t, jwt)
|
||||
})
|
||||
|
|
|
@ -39,6 +39,9 @@ const SERVERCONF_TABLE_NAME = "serverconf"
|
|||
// DATABASE_FILENAME - database file name
|
||||
const DATABASE_FILENAME = "netmaker.db"
|
||||
|
||||
// GENERATED_TABLE_NAME - stores server generated k/v
|
||||
const GENERATED_TABLE_NAME = "generated"
|
||||
|
||||
// == ERROR CONSTS ==
|
||||
|
||||
// NO_RECORD - no singular result found
|
||||
|
@ -114,6 +117,7 @@ func createTables() {
|
|||
createTable(INT_CLIENTS_TABLE_NAME)
|
||||
createTable(PEERS_TABLE_NAME)
|
||||
createTable(SERVERCONF_TABLE_NAME)
|
||||
createTable(GENERATED_TABLE_NAME)
|
||||
}
|
||||
|
||||
func createTable(tableName string) error {
|
||||
|
|
|
@ -123,6 +123,35 @@ func CreateAdmin(admin models.User) (models.User, error) {
|
|||
return CreateUser(admin)
|
||||
}
|
||||
|
||||
// VerifyAuthRequest - verifies an auth request
|
||||
func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
|
||||
var result models.User
|
||||
if authRequest.UserName == "" {
|
||||
return "", errors.New("username can't be empty")
|
||||
} else if authRequest.Password == "" {
|
||||
return "", errors.New("password can't be empty")
|
||||
}
|
||||
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved).
|
||||
record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName)
|
||||
if err != nil {
|
||||
return "", errors.New("incorrect credentials")
|
||||
}
|
||||
if err = json.Unmarshal([]byte(record), &result); err != nil {
|
||||
return "", errors.New("incorrect credentials")
|
||||
}
|
||||
|
||||
// compare password from request to stored password in database
|
||||
// might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
|
||||
// TODO: Consider a way of hashing the password client side before sending, or using certificates
|
||||
if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil {
|
||||
return "", errors.New("incorrect credentials")
|
||||
}
|
||||
|
||||
//Create a new JWT for the node
|
||||
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
|
||||
return tokenString, nil
|
||||
}
|
||||
|
||||
// UpdateUser - updates a given user
|
||||
func UpdateUser(userchange models.User, user models.User) (models.User, error) {
|
||||
//check if user exists
|
||||
|
@ -197,3 +226,14 @@ func DeleteUser(user string) (bool, error) {
|
|||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// FetchAuthSecret - manages secrets for oauth
|
||||
func FetchAuthSecret(key string, secret string) (string, error) {
|
||||
var record, err = database.FetchRecord(database.GENERATED_TABLE_NAME, key)
|
||||
if err != nil {
|
||||
if err = database.Insert(key, secret, database.GENERATED_TABLE_NAME); err != nil {
|
||||
return "", err
|
||||
}
|
||||
}
|
||||
return record, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue