Implemented new authentication

This commit is contained in:
Quentin 2023-09-15 14:43:55 +02:00
parent 9c21c2e799
commit f8f417906a
Signed by untrusted user: quentin
GPG key ID: E9602264D639FF68

30
api.go
View file

@ -2,9 +2,9 @@ package main
import ( import (
//"context" //"context"
//"errors" "errors"
"fmt" "fmt"
//garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
"github.com/go-ldap/ldap/v3" "github.com/go-ldap/ldap/v3"
//"github.com/gorilla/mux" //"github.com/gorilla/mux"
"log" "log"
@ -12,12 +12,12 @@ import (
"strings" "strings"
) )
func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) {
username, password, ok := r.BasicAuth() username, password, ok := r.BasicAuth()
if !ok { if !ok {
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized) http.Error(w, "Unauthorized", http.StatusUnauthorized)
return nil return nil, errors.New("Missing or invalid 'Authenticate: Basic' field")
} }
user_dn := buildUserDN(username) user_dn := buildUserDN(username)
@ -31,14 +31,14 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
if l == nil { if l == nil {
log.Println(l) log.Println(l)
http.Error(w, "Internal server error", http.StatusInternalServerError) http.Error(w, "Internal server error", http.StatusInternalServerError)
return nil return nil, errors.New("Unable to open LDAP connection")
} }
err := l.Bind(login_info.DN, login_info.Password) err := l.Bind(login_info.DN, login_info.Password)
if err != nil { if err != nil {
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized) http.Error(w, "Unauthorized", http.StatusUnauthorized)
return nil return nil, errors.New("Unable to bind this user+password combination on the LDAP server")
} }
loginStatus := &LoginStatus{ loginStatus := &LoginStatus{
@ -73,13 +73,13 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
if err != nil { if err != nil {
log.Println(err) log.Println(err)
http.Error(w, "Internal server error", http.StatusInternalServerError) http.Error(w, "Internal server error", http.StatusInternalServerError)
return nil return nil, errors.New("Unable to search essential information about the logged user on LDAP")
} }
if len(sr.Entries) != 1 { if len(sr.Entries) != 1 {
log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN)) log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
http.Error(w, "Internal server error", http.StatusInternalServerError) http.Error(w, "Internal server error", http.StatusInternalServerError)
return nil return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)")
} }
loginStatus.UserEntry = sr.Entries[0] loginStatus.UserEntry = sr.Entries[0]
@ -99,15 +99,25 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
} }
} }
return loginStatus return loginStatus, nil
}
func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
login, err := checkLoginAPI(w, r)
if err != nil {
return nil, nil, err
}
keyPair, err := checkS3(login)
return login, keyPair, err
} }
func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) { func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
login, s3key, err := checkLoginAndS3(w, r) login, s3key, err := checkLoginAndS3API(w, r)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
log.Println(login, s3key) log.Println(login, s3key)
return return