mirror of
https://github.com/ClusterCockpit/cc-backend
synced 2024-12-25 12:59:06 +01:00
bugfixes in auth/
This commit is contained in:
parent
2d57e4cfe8
commit
a48e94ab3e
@ -224,6 +224,7 @@ func main() {
|
|||||||
if err := authentication.LdapAuth.Sync(); err != nil {
|
if err := authentication.LdapAuth.Sync(); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
log.Info("LDAP sync successfull")
|
||||||
}
|
}
|
||||||
|
|
||||||
if flagGenJWT != "" {
|
if flagGenJWT != "" {
|
||||||
|
@ -2,7 +2,11 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"os"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/ClusterCockpit/cc-backend/pkg/log"
|
"github.com/ClusterCockpit/cc-backend/pkg/log"
|
||||||
@ -87,6 +91,22 @@ func Init(db *sqlx.DB, configs map[string]interface{}) (*Authentication, error)
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sessKey := os.Getenv("SESSION_KEY")
|
||||||
|
if sessKey == "" {
|
||||||
|
log.Warn("environment variable 'SESSION_KEY' not set (will use non-persistent random key)")
|
||||||
|
bytes := make([]byte, 32)
|
||||||
|
if _, err := rand.Read(bytes); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
auth.sessionStore = sessions.NewCookieStore(bytes)
|
||||||
|
} else {
|
||||||
|
bytes, err := base64.StdEncoding.DecodeString(sessKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
auth.sessionStore = sessions.NewCookieStore(bytes)
|
||||||
|
}
|
||||||
|
|
||||||
auth.LocalAuth = &LocalAuthenticator{}
|
auth.LocalAuth = &LocalAuthenticator{}
|
||||||
if err := auth.LocalAuth.Init(auth, nil); err != nil {
|
if err := auth.LocalAuth.Init(auth, nil); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -174,6 +194,7 @@ func (auth *Authentication) Login(onsuccess http.Handler, onfailure func(rw http
|
|||||||
log.Infof("login successfull: user: %#v (roles: %v)", user.Username, user.Roles)
|
log.Infof("login successfull: user: %#v (roles: %v)", user.Username, user.Roles)
|
||||||
ctx := context.WithValue(r.Context(), ContextUserKey, user)
|
ctx := context.WithValue(r.Context(), ContextUserKey, user)
|
||||||
onsuccess.ServeHTTP(rw, r.WithContext(ctx))
|
onsuccess.ServeHTTP(rw, r.WithContext(ctx))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Warn("login failed: no authenticator applied")
|
log.Warn("login failed: no authenticator applied")
|
||||||
@ -199,10 +220,12 @@ func (auth *Authentication) Auth(onsuccess http.Handler, onfailure func(rw http.
|
|||||||
|
|
||||||
ctx := context.WithValue(r.Context(), ContextUserKey, user)
|
ctx := context.WithValue(r.Context(), ContextUserKey, user)
|
||||||
onsuccess.ServeHTTP(rw, r.WithContext(ctx))
|
onsuccess.ServeHTTP(rw, r.WithContext(ctx))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Warnf("authentication failed: %s", "no authenticator applied")
|
log.Warnf("authentication failed: %s", "no authenticator applied")
|
||||||
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
// http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
onfailure(rw, r, errors.New("unauthorized (login first or use a token)"))
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -123,7 +123,7 @@ func (ja *JWTAuthenticator) Auth(rw http.ResponseWriter, r *http.Request) (*User
|
|||||||
rawtoken := r.Header.Get("X-Auth-Token")
|
rawtoken := r.Header.Get("X-Auth-Token")
|
||||||
if rawtoken == "" {
|
if rawtoken == "" {
|
||||||
rawtoken = r.Header.Get("Authorization")
|
rawtoken = r.Header.Get("Authorization")
|
||||||
rawtoken = strings.TrimPrefix("Bearer ", rawtoken)
|
rawtoken = strings.TrimPrefix(rawtoken, "Bearer ")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Because a user can also log in via a token, the
|
// Because a user can also log in via a token, the
|
||||||
|
Loading…
Reference in New Issue
Block a user