func TestGenerateAndValidateClaim(t *testing.T) {
certs, err := GenerateTestCerts()
if assert.NoError(t, err) {
claim, err := GenerateClaim(certs, &models.User{
ID: models.String("123"),
Login: models.String("wolfeidau"),
Email: models.String("*****@*****.**"),
Name: models.String("Mark Wolfe"),
Password: models.String("LkSquwzxdgzSTqqc7Rku5NF8/uR7TBFO1IRF1Yj2c0sM4HEVGgp0bJadWtRAaINP"), //Somewh3r3 there is a cow!
})
if assert.NoError(t, err) {
usr, err := ValidateClaim(certs, claim)
if assert.NoError(t, err) {
assert.NotNil(t, usr)
assert.Equal(t, "123", models.StringValue(usr.ID))
assert.Equal(t, "wolfeidau", models.StringValue(usr.Login))
assert.Equal(t, "*****@*****.**", models.StringValue(usr.Email))
}
}
}
}
func (ur UserResource) createUser(req *restful.Request, resp *restful.Response) {
usr := new(models.User)
err := req.ReadEntity(usr)
if err != nil {
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errorMsg("Server error."))
return
}
allErrs := validation.ValidateUserRegister(usr)
if len(allErrs) != 0 {
resp.WriteHeaderAndEntity(http.StatusBadRequest, validationErrors("validation failed", allErrs))
return
}
exists, err := ur.store.Exists(models.StringValue(usr.Login))
if err != nil {
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errorMsg("Server error."))
return
}
if exists {
resp.WriteHeaderAndEntity(http.StatusConflict, errorMsg("User already exists."))
return
}
// hash the password
pass := models.StringValue(usr.Password)
pass, err = util.HashPassword(pass)
if err != nil {
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errorMsg("Server error."))
return
}
usr.Password = models.String(pass)
nusr, err := ur.store.Create(usr)
if err != nil {
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errorMsg("Server error."))
return
}
nusr.Password = nil
resp.WriteHeaderAndEntity(http.StatusCreated, nusr)
}
// GenerateClaim generate a JWT token containing a claim using the supplied
// certificates and user
func GenerateClaim(certs *Certs, usr *models.User) (string, error) {
// generate a token
var claims = jws.Claims{
"user_id": models.StringValue(usr.ID),
"login": models.StringValue(usr.Login),
"email": models.StringValue(usr.Email),
"exp": time.Now().Add(24 * time.Hour).Unix(),
}
j := jws.NewJWT(claims, crypto.SigningMethodRS512)
b, err := j.Serialize(certs.PrivateKey)
return string(b), err
}
// BuildJWTAuthFunc build the JWT authentication filter function
func BuildJWTAuthFunc(store users.UserStore, certs *auth.Certs) restful.FilterFunction {
return func(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
encoded := req.Request.Header.Get("Authorization")
if len(encoded) == 0 {
resp.WriteErrorString(401, "401: Not Authorized")
return
}
if !strings.HasPrefix(encoded, "Bearer ") {
resp.WriteErrorString(401, "401: Not Authorized")
return
}
tokens := strings.Split(encoded, " ")
usr, err := auth.ValidateClaim(certs, tokens[1])
if err != nil {
resp.WriteErrorString(401, "401: Not Authorized")
return
}
// Extract the user_id
req.SetAttribute("user_id", models.StringValue(usr.ID))
chain.ProcessFilter(req, resp)
}
}
// GetPasswordByLogin retrieve the users password for authentication
func (usl *UserStoreLocal) GetPasswordByLogin(login string) (string, error) {
for _, v := range usl.users {
if reflect.DeepEqual(v.Login, models.String(login)) {
return models.StringValue(v.Password), nil
}
}
return "", ErrUserNotFound
}
func validateFieldLength(value *string, fldPath *field.Path, min, max int, fieldName string) field.ErrorList {
allErrs := field.ErrorList{}
if v := models.StringValue(value); !checkFieldLength(v, min, max) {
allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldName), v, fmt.Sprintf("%s: %s must be between %d and %d characters", fldPath.String(), fieldName, min, max)))
}
return allErrs
}
// Update the user, this is currently limited to changing the users name.
func (usl *UserStoreLocal) Update(user *models.User) error {
cusr, ok := usl.users[models.StringValue(user.ID)]
if !ok {
return ErrUserNotFound
}
cusr.Name = user.Name
return nil
}
// Create create a new user in the system with the given information
func (usl *UserStoreLocal) Create(user *models.User) (*models.User, error) {
var id string
// check for unique login
if usl.loginExists(models.StringValue(user.Login)) {
return nil, ErrUserAlreadyExists
}
if user.ID == nil {
id = newID()
user.ID = models.String(id)
} else {
id = models.StringValue(user.ID)
}
usl.users[id] = user
return user, nil
}
func TestGetUserByLoginRethinkDB(t *testing.T) {
_, userStore, userID, err := createUserStoreAndSession()
if assert.NoError(t, err, "connecting to rethinkdb") {
usr, err := userStore.GetByLogin("wolfeidau")
if assert.Nil(t, err) {
assert.Equal(t, "*****@*****.**", models.StringValue(usr.Email))
assert.Equal(t, userID, models.StringValue(usr.ID))
}
usr, err = userStore.GetByLogin("nothere")
if assert.Error(t, err) {
assert.Equal(t, err, ErrUserNotFound)
}
}
}
// Update the user in RethinkDB
func (us *UserStoreRethinkDB) Update(user *models.User) error {
userID := models.StringValue(user.ID)
if user.Name == nil {
return nil
}
res, err := r.DB(DBName).Table(TableName).Get(userID).Update(map[string]interface{}{
"name": models.StringValue(user.Name),
}).RunWrite(us.session)
if err != nil {
return err
}
if res.Replaced != 1 {
return ErrUserNotFound
}
return nil
}
// GetPasswordByLogin retrieve the password for a user using their login
func (us *UserStoreRethinkDB) GetPasswordByLogin(login string) (string, error) {
res, err := r.DB(DBName).Table(TableName).Filter(map[string]interface{}{
"login": login,
}).Run(us.session)
if err != nil {
return "", err
}
defer res.Close()
if res.IsNil() {
return "", ErrUserNotFound
}
usr := new(models.User)
err = res.One(&usr)
if err != nil {
return "", err
}
return models.StringValue(usr.Password), nil
}
func TestGetUserRethinkDB(t *testing.T) {
_, userStore, userID, err := createUserStoreAndSession()
if assert.NoError(t, err, "connecting to rethinkdb") {
usr, err := userStore.GetByID(userID)
if assert.NoError(t, err, "getting user from rethinkdb") {
if assert.NotNil(t, usr) {
assert.Equal(t, models.StringValue(usr.Email), "*****@*****.**")
}
}
usr, err = userStore.GetByID("123")
if assert.Error(t, err) {
assert.Equal(t, err, ErrUserNotFound)
}
}
}