gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-09 21:36:09 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2158 from gravitl/GRA-1479-user-updates

Browse source 
add checks to user update processing
This commit is contained in:
dcarns 2023-04-04 16:08:34 -04:00 committed by GitHub
commit b3be57c65b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
controllers/user.go
View file

@ -331,7 +331,18 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r) var params = mux.Vars(r)
// start here // start here
jwtUser, _, isadmin, err := logic.VerifyJWT(r.Header.Get("Authorization"))
if err != nil {
logger.Log(0, "verifyJWT error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
username := params["username"] username := params["username"]
if username != jwtUser && !isadmin {
logger.Log(0, "non-admin user", jwtUser, "attempted to update user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized"))
return
}
user, err := logic.GetUser(username) user, err := logic.GetUser(username)
if err != nil { if err != nil {
logger.Log(0, username, logger.Log(0, username,
@ -354,6 +365,11 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return return
} }
if userchange.IsAdmin && !isadmin {
logger.Log(0, "non-admin user", jwtUser, "attempted get admin privilages")
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized"))
return
}
userchange.Networks = nil userchange.Networks = nil
user, err = logic.UpdateUser(&userchange, user) user, err = logic.UpdateUser(&userchange, user)
if err != nil { if err != nil {

13
logic/jwts.go
View file

@ -3,6 +3,7 @@ package logic
import ( import (
"errors" "errors"
"fmt" "fmt"
"strings"
"time" "time"
"github.com/golang-jwt/jwt/v4" "github.com/golang-jwt/jwt/v4"
@ -101,6 +102,18 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
return "", err return "", err
} }
// VerifyJWT verifies Auth Header
func VerifyJWT(bearerToken string) (username string, networks []string, isadmin bool, err error) {
token := ""
tokenSplit := strings.Split(bearerToken, " ")
if len(tokenSplit) > 1 {
token = tokenSplit[1]
} else {
return "", nil, false, errors.New("invalid auth header")
}
return VerifyUserToken(token)
}
// VerifyUserToken func will used to Verify the JWT Token while using APIS // VerifyUserToken func will used to Verify the JWT Token while using APIS
func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) { func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
claims := &models.UserClaims{} claims := &models.UserClaims{}