Beispiel #1
0
// PermissionHandler validates the permissions of a user before further handling
func PermissionHandler(inner http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		var user string
		var ps string

		t := r.Header.Get("Authorization")
		if strings.HasPrefix(t, "Bearer ") {
			user, _ = authn.Validate(strings.SplitAfter(t, "Bearer ")[1])
			log.Debugf("Getting user %s from %s", user, t)
		} else {
			user = ""
		}

		if GetProvider().IsAuthorized(user, r.Method, r.URL.RequestURI()) {
			sw := util.MakeLogger(w)
			inner.ServeHTTP(sw, r)
		} else {
			for _, p := range authn.KnownProviders() {
				if ps > "" {
					ps = ps + "," + p
				} else {
					ps = p
				}
			}
			w.Header().Set("WWW-Authenticate", "WWW-Authenticate:"+ps)
			w.WriteHeader(http.StatusUnauthorized)

		}

	})
}
Beispiel #2
0
// GetRoles implements a naive role listing. All valid tokens will
// result in a single "ADMIN" role, everybody else gets "*"
func (provider *SimpleProvider) GetRoles(token string) []string {
	user, _ := authn.Validate(token)
	var roles []string

	if user != "" {
		return append(roles, "ADMIN")
	}

	return append(roles, "*")
}
Beispiel #3
0
// TODO: make it possible to get multiple groups for users
func (provider *LdapProvider) GetRoles(token string) []string {
	user, _ := authn.Validate(token)

	entry, err := provider.getEntryForUser(user)

	if err != nil {
		return []string{"registry user"}
	} else {
		return []string{entry.GetAttributeValue("cn")}
	}

}
Beispiel #4
0
// Reissue re-issues a new token based on an existing valid one
func Reissue(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

	t := r.Header.Get("Authorization")
	if strings.HasPrefix(t, "Bearer ") {
		user, err := authn.Validate(strings.SplitAfter(t, "Bearer ")[1])
		if err != nil {
			w.WriteHeader(http.StatusUnauthorized)
		} else {
			sendToken(w, user)
		}

	} else {
		w.WriteHeader(http.StatusUnauthorized)
	}

}
Beispiel #5
0
	var newToken string
	var err error
	var user = "******"
	var challange = "test"
	var provider = "pwd"

	BeforeEach(func() {
		util.LoadConfigByName("test_config")
		authn.InitMint()
		authn.InitValidator()
	})

	Describe("Token roundtrip", func() {
		Context("Freshly minted token", func() {
			It("Fresh token should be valid", func() {
				user, err := authn.Validate(authn.GetToken(user))
				Expect(err).To(BeNil())
				Expect(user).To(Equal(user))
			})
		})
		Context("Authenticating the user", func() {
			It("should return true, given valid username, challange and provider", func() {
				bool := authn.Authenticate(user, challange, provider)
				Expect(bool).To(BeTrue())
			})
		})
	})

	Describe("Reissuing a token", func() {
		Context("Username is preserved", func() {
			It("should return the username that was given to the old token", func() {