Beispiel #1
0
func (d *Daemon) auther(r *http.Request) (store.Authenticator, error) {
	overlord := d.overlord
	state := overlord.State()
	state.Lock()
	user, err := UserFromRequest(state, r)
	state.Unlock()
	if err != nil {
		return nil, err
	}
	return user.Authenticator(), nil
}
Beispiel #2
0
func loginUser(c *Command, r *http.Request) Response {
	var loginData struct {
		Username string `json:"username"`
		Password string `json:"password"`
		Otp      string `json:"otp"`
	}

	decoder := json.NewDecoder(r.Body)
	if err := decoder.Decode(&loginData); err != nil {
		return BadRequest("cannot decode login data from request body: %v", err)
	}

	macaroon, err := store.RequestPackageAccessMacaroon()
	if err != nil {
		return InternalError(err.Error())
	}

	discharge, err := store.DischargeAuthCaveat(loginData.Username, loginData.Password, macaroon, loginData.Otp)
	if err == store.ErrAuthenticationNeeds2fa {
		twofactorRequiredResponse := &resp{
			Type: ResponseTypeError,
			Result: &errorResult{
				Kind:    errorKindTwoFactorRequired,
				Message: store.ErrAuthenticationNeeds2fa.Error(),
			},
			Status: http.StatusUnauthorized,
		}
		return SyncResponse(twofactorRequiredResponse, nil)
	}
	if err != nil {
		return Unauthorized(err.Error())
	}

	overlord := c.d.overlord
	state := overlord.State()
	state.Lock()
	_, err = auth.NewUser(state, loginData.Username, macaroon, []string{discharge})
	state.Unlock()
	if err != nil {
		return InternalError("cannot persist authentication details: %v", err)
	}

	result := loginResponseData{
		Macaroon:   macaroon,
		Discharges: []string{discharge},
	}
	return SyncResponse(result, nil)
}