Beispiel #1
0
func adminUsersHandler(w http.ResponseWriter, r *http.Request, admin Location) {
	isAuth(w, r, admin, "admin")
	if r.Method == "POST" {
		var user httpauth.UserData
		user.Username = r.PostFormValue("username")
		user.Email = r.PostFormValue("email")
		password := r.PostFormValue("password")
		user.Role = r.PostFormValue("role")
		if err := aaa.Register(w, r, user, password); err != nil {
			// maybe something
		}
	}

	if user, err := aaa.CurrentUser(w, r); err == nil {
		type data struct {
			User  httpauth.UserData
			Roles map[string]httpauth.Role
			Users []httpauth.UserData
			Msg   []string
		}
		messages := aaa.Messages(w, r)
		users, err := backend.Users()
		if err != nil {
			panic(err)
		}
		d := data{User: user, Roles: roles, Users: users, Msg: messages}
		var templates = template.Must(template.ParseGlob("admin/templates/*"))
		t_err := templates.ExecuteTemplate(w, "manage-accounts.html", d)
		if t_err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
		}
	}
}
func (controller *usersController) newPost(rw http.ResponseWriter, req *http.Request) (int, error) {
	err := req.ParseForm()
	if err != nil {
		return http.StatusInternalServerError, err
	}

	decoder := schema.NewDecoder()
	// Ignore unknown keys to prevent errors from the CSRF token.
	decoder.IgnoreUnknownKeys(true)
	formUser := new(viewmodels.UsersEditViewModel)
	err = decoder.Decode(formUser, req.PostForm)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	valErrors := validateUserForm(formUser, false)
	if len(valErrors) > 0 {
		isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
		vm := viewmodels.NewUserViewModel(formUser, controller.roles, isAuthenticated, user, valErrors)
		vm.CsrfField = csrf.TemplateField(req)
		return http.StatusOK, controller.newTemplate.Execute(rw, vm)
	}

	var user httpauth.UserData
	user.Username = formUser.Username
	user.Email = formUser.Email
	password := formUser.Password
	user.Role = formUser.Role
	err = controller.authorizer.Register(rw, req, user, password)
	if err != nil {
		return http.StatusInternalServerError, err
	}
	http.Redirect(rw, req, "/settings/users", http.StatusSeeOther)
	return http.StatusSeeOther, nil
}
Beispiel #3
0
/**
 * This authenticates user providing X509 credential
 */
func X509Authenticator(writer http.ResponseWriter, request *http.Request) {

	logger := NewPrefixed("X509Authenticator")

	if caChannel == nil || len(request.TLS.PeerCertificates) < 1 {
		logger.Debug("No CA cert pool or no TLS peer certificate; redirect to OAuth page")
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	logger.Finest("Retrieving ca cert pool")
	caCertPool := <-caChannel
	logger.Finest("CA pool length = %v", len(caCertPool.Subjects()))

	logger.Debug("len(r.TLS.PeerCertificates) = %v", len(request.TLS.PeerCertificates))

	//	for i, c := range request.TLS.PeerCertificates {
	//		logger.Debug("request.TLS.PeerCertificates[%v].Subject = %v", i, c.Subject)
	//		logger.Debug("request.TLS.PeerCertificates[%v].Issuer = %v", i, c.Issuer)
	//		for j, a := range c.EmailAddresses {
	//			logger.Debug("request.TLS.PeerCertificates[%v].EmailAddresses[%v] = %v", i, j, a)
	//		}
	//	}
	logger.Finest("len(r.TLS.VerifiedChains) = %v", len(request.TLS.VerifiedChains))

	vOpts := x509.VerifyOptions{Roots: caCertPool}

	userCert := request.TLS.PeerCertificates[0]
	chains, err := userCert.Verify(vOpts)
	if err != nil {
		logger.Warn("failed to parse certificate: " + err.Error())
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	logger.Debug("shains = %v\n", chains)

	var user httpauth.UserData
	user.Username = userCert.Subject.CommonName + "#" + userCert.Issuer.CommonName
	user.Email = userCert.EmailAddresses[0]
	password := "******"

	err = httpAuthorizer.Register(writer, request, user, password)
	logger.Debug("register err = %v", err)
	err = httpAuthorizer.Login(writer, request, user.Username, password, APPSURL)
	logger.Debug("login err = %v", err)
	if err != nil {
		logger.Debug("err.Error = %v", err.Error())
	}

	if err == nil || err.Error() == "httpauth: already authenticated" {
		logger.Debug("00")
		http.Redirect(writer, request, APPSURL, http.StatusSeeOther)
	} else {
		logger.Debug("01")
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
	}

	logger.Debug("Fin")
}
Beispiel #4
0
func postRegister(rw http.ResponseWriter, req *http.Request) {
	var user httpauth.UserData
	user.Username = req.PostFormValue("username")
	user.Email = req.PostFormValue("email")
	password := req.PostFormValue("password")
	if err := aaa.Register(rw, req, user, password); err == nil {
		http.Redirect(rw, req, "/login?success=1", http.StatusSeeOther)
	} else {
		http.Redirect(rw, req, "/login?success=0", http.StatusSeeOther)
	}
}
Beispiel #5
0
func postAddUser(rw http.ResponseWriter, req *http.Request) {
	var user httpauth.UserData
	user.Username = req.PostFormValue("username")
	user.Email = req.PostFormValue("email")
	password := req.PostFormValue("password")
	user.Role = req.PostFormValue("role")
	if err := aaa.Register(rw, req, user, password); err != nil {
		// maybe something
	}

	http.Redirect(rw, req, "/admin", http.StatusSeeOther)
}
Beispiel #6
0
/**
 * This authenticates user providing OAuth credential
 */
func OAuthAuthenticator(writer http.ResponseWriter, request *http.Request) {

	logger := NewPrefixed("OAuthAuthenticator")

	h := md5.New()
	io.WriteString(h, "The fog is getting thicker!")
	io.WriteString(h, "And Leon's getting larger!")
	i := fmt.Sprintf("%x", h.Sum(nil))
	logger.Debug("h.sum() = %v", i)

	logger.Debug("r.Method = %v", request.Method)
	logger.Debug("r.URL = %v", request.URL)
	p, _ := url.ParseQuery(request.URL.Path)
	p, err := url.ParseQuery(request.URL.RawQuery)

	if err != nil {
		logger.Warn("failed to find OAuth credentials: " + err.Error())
		OAuthenticationPage(writer, request)
		return
	}
	if (p == nil) || (p["code"] == nil) || (len(p["code"]) < 1) {
		logger.Warn("failed to find OAuth credentials (code not set)")
		OAuthenticationPage(writer, request)
		return
	}

	paths := strings.Split(request.URL.Path, "/")
	if len(paths) < 3 {
		logger.Warn("failed to retreive AOuth server")
		OAuthenticationPage(writer, request)
		return
	}

	oauthServerName := paths[len(paths)-1]

	//
	// Retrieve OAuth conf
	//
	logger.Finest("oauthConfigurationChannels[%v] = %v", oauthServerName, oauthConfigurationChannels[oauthServerName])

	if oauthConfigurationChannels[oauthServerName] == nil {
		logger.Debug("No OAuth conf channel for %v", oauthServerName)
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	oauthConf := <-oauthConfigurationChannels[oauthServerName]
	logger.Debug("config = %v", oauthConf)

	if oauthConf == nil {
		logger.Warn("No OAuth conf; redirect to OAuth page")
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	code := p["code"][0]
	token, err := oauthConf.Config.Exchange(oauth2.NoContext, code)
	if err != nil {
		logger.Warn(err.Error())
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	if token != nil && token.Extra(OAUTH_IDTOKEN_NAME) == nil {
		logger.Warn("No OAuth id_token; redirect to OAuth page")
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	client := oauthConf.Config.Client(oauth2.NoContext, token)

	if client == nil {
		logger.Warn("No OAuth client; redirect to OAuth page")
		http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		return
	}

	var body = make([]byte, 1024)

	//	clientResponse, err := client.Get("https://www.googleapis.com/oauth2/v2/userinfo")
	clientResponse, err := client.Get(oauthConf.ApiUrl)

	n, err := clientResponse.Body.Read(body)
	logger.Debug("poeut %v, %v", n, err)
	if err == nil {
		var userJson map[string]interface{}
		err = json.Unmarshal(body[:n], &userJson)
		logger.Info("user = %v", userJson)
		//		fmt.Fprint(writer, "<p>You are logged in as ", userJson["email"], "</p>")

		var user httpauth.UserData
		//
		// next line is a type assertion, because we know the generic interface
		// contains a string
		// https://golang.org/doc/effective_go.html#interface_conversions
		//
		user.Email = userJson["email"].(string)
		user.Username = userJson["family_name"].(string) + "#" + userJson["given_name"].(string)

		password := "******"

		logger.Debug("user = %v", user)
		err = httpAuthorizer.Register(writer, request, user, password)
		logger.Debug("register err = %v", err)
		err = httpAuthorizer.Login(writer, request, user.Username, password, APPSURL)
		logger.Debug("login err = %v", err)
		if err != nil {
			logger.Debug("err.Error = %v", err.Error())
		}

		if err == nil || err.Error() == "httpauth: already authenticated" {
			logger.Debug("00")
			http.Redirect(writer, request, APPSURL, http.StatusSeeOther)
		} else {
			logger.Debug("01")
			http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
		}

		logger.Debug("Fin")
	}
}