ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2024-11-13 02:17:25 +01:00
Code Issues Packages Releases Activity

bugfixes in auth/

Browse Source
This commit is contained in:
Lou Knauer 2022-07-25 09:33:36 +02:00
parent 2d57e4cfe8
commit a48e94ab3e
3 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/cc-backend/main.go
View File

@ -224,6 +224,7 @@ func main() {
if err := authentication.LdapAuth.Sync(); err != nil { if err := authentication.LdapAuth.Sync(); err != nil {
log.Fatal(err) log.Fatal(err)
} }
log.Info("LDAP sync successfull")
} }
if flagGenJWT != "" { if flagGenJWT != "" {

25
internal/auth/auth.go
View File

@ -2,7 +2,11 @@ package auth
import ( import (
"context" "context"
"crypto/rand"
"encoding/base64"
"errors"
"net/http" "net/http"
"os"
"time" "time"
"github.com/ClusterCockpit/cc-backend/pkg/log" "github.com/ClusterCockpit/cc-backend/pkg/log"
@ -87,6 +91,22 @@ func Init(db *sqlx.DB, configs map[string]interface{}) (*Authentication, error)
return nil, err return nil, err
} }
sessKey := os.Getenv("SESSION_KEY")
if sessKey == "" {
log.Warn("environment variable 'SESSION_KEY' not set (will use non-persistent random key)")
bytes := make([]byte, 32)
if _, err := rand.Read(bytes); err != nil {
return nil, err
}
auth.sessionStore = sessions.NewCookieStore(bytes)
} else {
bytes, err := base64.StdEncoding.DecodeString(sessKey)
if err != nil {
return nil, err
}
auth.sessionStore = sessions.NewCookieStore(bytes)
}
auth.LocalAuth = &LocalAuthenticator{} auth.LocalAuth = &LocalAuthenticator{}
if err := auth.LocalAuth.Init(auth, nil); err != nil { if err := auth.LocalAuth.Init(auth, nil); err != nil {
return nil, err return nil, err
@ -174,6 +194,7 @@ func (auth *Authentication) Login(onsuccess http.Handler, onfailure func(rw http
log.Infof("login successfull: user: %#v (roles: %v)", user.Username, user.Roles) log.Infof("login successfull: user: %#v (roles: %v)", user.Username, user.Roles)
ctx := context.WithValue(r.Context(), ContextUserKey, user) ctx := context.WithValue(r.Context(), ContextUserKey, user)
onsuccess.ServeHTTP(rw, r.WithContext(ctx)) onsuccess.ServeHTTP(rw, r.WithContext(ctx))
return
} }
log.Warn("login failed: no authenticator applied") log.Warn("login failed: no authenticator applied")
@ -199,10 +220,12 @@ func (auth *Authentication) Auth(onsuccess http.Handler, onfailure func(rw http.
ctx := context.WithValue(r.Context(), ContextUserKey, user) ctx := context.WithValue(r.Context(), ContextUserKey, user)
onsuccess.ServeHTTP(rw, r.WithContext(ctx)) onsuccess.ServeHTTP(rw, r.WithContext(ctx))
return
} }
log.Warnf("authentication failed: %s", "no authenticator applied") log.Warnf("authentication failed: %s", "no authenticator applied")
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) // http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
onfailure(rw, r, errors.New("unauthorized (login first or use a token)"))
}) })
} }

2
internal/auth/jwt.go
View File

@ -123,7 +123,7 @@ func (ja *JWTAuthenticator) Auth(rw http.ResponseWriter, r *http.Request) (*User
rawtoken := r.Header.Get("X-Auth-Token") rawtoken := r.Header.Get("X-Auth-Token")
if rawtoken == "" { if rawtoken == "" {
rawtoken = r.Header.Get("Authorization") rawtoken = r.Header.Get("Authorization")
rawtoken = strings.TrimPrefix("Bearer ", rawtoken) rawtoken = strings.TrimPrefix(rawtoken, "Bearer ")
} }
// Because a user can also log in via a token, the // Because a user can also log in via a token, the