Add central function to persist users on Login

This commit is contained in:
Jan Eitzinger 2024-03-28 14:22:23 +01:00
parent 50401e0030
commit 6828c97415
6 changed files with 36 additions and 15 deletions

View File

@ -347,7 +347,7 @@ func main() {
info := map[string]interface{}{} info := map[string]interface{}{}
info["hasOpenIDConnect"] = false info["hasOpenIDConnect"] = false
if config.Keys.OpenIDProvider != "" { if config.Keys.OpenIDConfig != nil {
openIDConnect := auth.NewOIDC(authentication) openIDConnect := auth.NewOIDC(authentication)
openIDConnect.RegisterEndpoints(r) openIDConnect.RegisterEndpoints(r)
info["hasOpenIDConnect"] = true info["hasOpenIDConnect"] = true
@ -569,8 +569,8 @@ func main() {
} }
var cfg struct { var cfg struct {
Compression int `json:"compression"`
Retention schema.Retention `json:"retention"` Retention schema.Retention `json:"retention"`
Compression int `json:"compression"`
} }
cfg.Retention.IncludeDB = true cfg.Retention.IncludeDB = true

View File

@ -129,6 +129,19 @@ func Init() (*Authentication, error) {
return auth, nil return auth, nil
} }
func persistUser(user *schema.User) {
r := repository.GetUserRepository()
_, err := r.GetUser(user.Username)
if err != nil && err != sql.ErrNoRows {
log.Errorf("Error while loading user '%s': %v", user.Username, err)
} else if err == sql.ErrNoRows {
if err := r.AddUser(user); err != nil {
log.Errorf("Error while adding user '%s' to DB: %v", user.Username, err)
}
}
}
func (auth *Authentication) SaveSession(rw http.ResponseWriter, r *http.Request, user *schema.User) error { func (auth *Authentication) SaveSession(rw http.ResponseWriter, r *http.Request, user *schema.User) error {
session, err := auth.sessionStore.New(r, "session") session, err := auth.sessionStore.New(r, "session")
if err != nil { if err != nil {

View File

@ -199,9 +199,7 @@ func (ja *JWTCookieSessionAuthenticator) Login(
} }
if jc.SyncUserOnLogin { if jc.SyncUserOnLogin {
if err := repository.GetUserRepository().AddUser(user); err != nil { persistUser(user)
log.Errorf("Error while adding user '%s' to DB", user.Username)
}
} }
} }

View File

@ -139,9 +139,7 @@ func (ja *JWTSessionAuthenticator) Login(
} }
if config.Keys.JwtConfig.SyncUserOnLogin { if config.Keys.JwtConfig.SyncUserOnLogin {
if err := repository.GetUserRepository().AddUser(user); err != nil { persistUser(user)
log.Errorf("Error while adding user '%s' to DB", user.Username)
}
} }
} }

View File

@ -49,7 +49,7 @@ func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value strin
} }
func NewOIDC(a *Authentication) *OIDC { func NewOIDC(a *Authentication) *OIDC {
provider, err := oidc.NewProvider(context.Background(), config.Keys.OpenIDProvider) provider, err := oidc.NewProvider(context.Background(), config.Keys.OpenIDConfig.Provider)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
@ -89,6 +89,10 @@ func (oa *OIDC) OAuth2Callback(rw http.ResponseWriter, r *http.Request) {
state := c.Value state := c.Value
c, err = r.Cookie("verifier") c, err = r.Cookie("verifier")
if err != nil {
http.Error(rw, "verifier cookie not found", http.StatusBadRequest)
return
}
codeVerifier := c.Value codeVerifier := c.Value
_ = r.ParseForm() _ = r.ParseForm()
@ -152,7 +156,7 @@ func (oa *OIDC) OAuth2Callback(rw http.ResponseWriter, r *http.Request) {
} }
} }
if len(claims.Profile.Client.Roles) == 0 { if len(roles) == 0 {
roles = append(roles, schema.GetRoleString(schema.RoleUser)) roles = append(roles, schema.GetRoleString(schema.RoleUser))
} }
@ -163,6 +167,11 @@ func (oa *OIDC) OAuth2Callback(rw http.ResponseWriter, r *http.Request) {
Projects: projects, Projects: projects,
AuthSource: schema.AuthViaOIDC, AuthSource: schema.AuthViaOIDC,
} }
if config.Keys.OpenIDConfig.SyncUserOnLogin {
persistUser(user)
}
oa.authentication.SaveSession(rw, r, user) oa.authentication.SaveSession(rw, r, user)
log.Infof("login successfull: user: %#v (roles: %v, projects: %v)", user.Username, user.Roles, user.Projects) log.Infof("login successfull: user: %#v (roles: %v, projects: %v)", user.Username, user.Roles, user.Projects)
ctx := context.WithValue(r.Context(), repository.ContextUserKey, user) ctx := context.WithValue(r.Context(), repository.ContextUserKey, user)

View File

@ -23,6 +23,11 @@ type LdapConfig struct {
SyncUserOnLogin bool `json:"syncUserOnLogin"` SyncUserOnLogin bool `json:"syncUserOnLogin"`
} }
type OpenIDConfig struct {
Provider string `json:"provider"`
SyncUserOnLogin bool `json:"syncUserOnLogin"`
}
type JWTAuthConfig struct { type JWTAuthConfig struct {
// Specifies for how long a JWT token shall be valid // Specifies for how long a JWT token shall be valid
// as a string parsable by time.ParseDuration(). // as a string parsable by time.ParseDuration().
@ -109,11 +114,9 @@ type ProgramConfig struct {
Validate bool `json:"validate"` Validate bool `json:"validate"`
// For LDAP Authentication and user synchronisation. // For LDAP Authentication and user synchronisation.
LdapConfig *LdapConfig `json:"ldap"` LdapConfig *LdapConfig `json:"ldap"`
JwtConfig *JWTAuthConfig `json:"jwts"` JwtConfig *JWTAuthConfig `json:"jwts"`
OpenIDConfig *OpenIDConfig `json:"oidc"`
// Enable OpenID connect Authentication
OpenIDProvider string `json:"openIDProvider"`
// If 0 or empty, the session does not expire! // If 0 or empty, the session does not expire!
SessionMaxAge string `json:"session-max-age"` SessionMaxAge string `json:"session-max-age"`