Beispiel #1
0
func getPolicyForPerson(person *doorbot.Person) *security.Policy {
	var policy *security.Policy

	switch person.AccountType {
	case doorbot.AccountMember:
		policy = security.NewMemberPolicy()
		break
	case doorbot.AccountManager:
		policy = security.NewManagerPolicy()
		break
	case doorbot.AccountOwner:
		policy = security.NewOwnerPolicy()
		break
	}
	return policy
}
Beispiel #2
0
// SecuredRouteHandler returns a martini.Handler responsible of handling authentication
func SecuredRouteHandler() martini.Handler {
	return func(render render.Render, c martini.Context, req *http.Request, r doorbot.Repositories, a *doorbot.Account) {

		if a == nil {
			log.Println("Doorbot::SecuredRouteHandler No account mapped.")
			render.Status(http.StatusForbidden)
			return
		}

		session := &auth.Authorization{}

		parts, err := parseAuthorization(req, render)
		if err != nil {
			return
		}

		mode := parts[0]
		token := parts[1]

		switch mode {
		case "administrator":
			administrator, err := auth.AuthenticateAdministrator(r, token)

			if err != nil {
				render.Status(http.StatusInternalServerError)
				return
			}

			if administrator == nil {
				log.WithFields(log.Fields{
					"administrator_token": token,
					"url": req.URL,
				}).Warn("Api::Handlers->SecuredRouteHandler administrator not found.")
				render.Status(http.StatusUnauthorized)
				return
			}

			log.WithFields(log.Fields{
				"url":              req.URL,
				"administrator_id": administrator.ID,
			}).Info("Api::Handlers->SecuredRouteHandler adminstrator request")

			c.Map(administrator)
			session.Administrator = administrator
			session.Type = auth.AuthorizationAdministrator
			session.Policy = security.NewAdministratorPolicy()

		case "device":

			device, err := auth.AuthenticateDevice(r, token)

			if err != nil {
				render.Status(http.StatusInternalServerError)
				return
			}

			if device == nil {
				render.Status(http.StatusUnauthorized)
				return
			}

			log.WithFields(log.Fields{
				"url":        req.URL,
				"device_id":  device.ID,
				"account_id": a.ID,
			}).Info("Api::Handlers->SecuredRouteHandler device request")

			session.Type = auth.AuthorizationDevice
			session.Device = device
			session.Policy = security.NewDevicePolicy()

		case "person":

			person, err := auth.AuthenticatePerson(r, token)

			if err != nil {
				render.Status(http.StatusInternalServerError)
				return
			}

			if person == nil {
				render.Status(http.StatusUnauthorized)
				return
			}

			log.WithFields(log.Fields{
				"url":        req.URL,
				"account_id": a.ID,
				"person_id":  person.ID,
			}).Info("Api::Handlers->SecuredRouteHandler person request")

			session.Person = person
			session.Type = auth.AuthorizationPerson

			switch person.AccountType {
			case doorbot.AccountOwner:
				session.Policy = security.NewOwnerPolicy()
				break
			case doorbot.AccountManager:
				session.Policy = security.NewManagerPolicy()
				break
			case doorbot.AccountMember:
				session.Policy = security.NewMemberPolicy()
				break
			}

		default:
			log.WithFields(log.Fields{
				"url":        req.URL,
				"account_id": a.ID,
			}).Info("Api::Handlers->SecuredRouteHandler Unauthorized access (invalid auth type)")
			render.Status(http.StatusForbidden)
			return
		}

		c.Map(session)
	}
}