forked from Deuxfleurs/guichet
Implemented new authentication
This commit is contained in:
parent
9c21c2e799
commit
f8f417906a
1 changed files with 21 additions and 11 deletions
30
api.go
30
api.go
|
@ -2,9 +2,9 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
//"context"
|
//"context"
|
||||||
//"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
//garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
|
garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
|
||||||
"github.com/go-ldap/ldap/v3"
|
"github.com/go-ldap/ldap/v3"
|
||||||
//"github.com/gorilla/mux"
|
//"github.com/gorilla/mux"
|
||||||
"log"
|
"log"
|
||||||
|
@ -12,12 +12,12 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) {
|
||||||
username, password, ok := r.BasicAuth()
|
username, password, ok := r.BasicAuth()
|
||||||
if !ok {
|
if !ok {
|
||||||
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
||||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||||
return nil
|
return nil, errors.New("Missing or invalid 'Authenticate: Basic' field")
|
||||||
}
|
}
|
||||||
user_dn := buildUserDN(username)
|
user_dn := buildUserDN(username)
|
||||||
|
|
||||||
|
@ -31,14 +31,14 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
||||||
if l == nil {
|
if l == nil {
|
||||||
log.Println(l)
|
log.Println(l)
|
||||||
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
||||||
return nil
|
return nil, errors.New("Unable to open LDAP connection")
|
||||||
}
|
}
|
||||||
|
|
||||||
err := l.Bind(login_info.DN, login_info.Password)
|
err := l.Bind(login_info.DN, login_info.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
||||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||||
return nil
|
return nil, errors.New("Unable to bind this user+password combination on the LDAP server")
|
||||||
}
|
}
|
||||||
|
|
||||||
loginStatus := &LoginStatus{
|
loginStatus := &LoginStatus{
|
||||||
|
@ -73,13 +73,13 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
||||||
return nil
|
return nil, errors.New("Unable to search essential information about the logged user on LDAP")
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(sr.Entries) != 1 {
|
if len(sr.Entries) != 1 {
|
||||||
log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
|
log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
|
||||||
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
||||||
return nil
|
return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)")
|
||||||
}
|
}
|
||||||
|
|
||||||
loginStatus.UserEntry = sr.Entries[0]
|
loginStatus.UserEntry = sr.Entries[0]
|
||||||
|
@ -99,15 +99,25 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return loginStatus
|
return loginStatus, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
|
||||||
|
login, err := checkLoginAPI(w, r)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, err
|
||||||
|
}
|
||||||
|
keyPair, err := checkS3(login)
|
||||||
|
return login, keyPair, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
|
func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
|
||||||
login, s3key, err := checkLoginAndS3(w, r)
|
login, s3key, err := checkLoginAndS3API(w, r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Println(login, s3key)
|
log.Println(login, s3key)
|
||||||
|
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in a new issue