func (l LibsecurityRestful) sameUserFilterCheckPasswordUpdate(req *restful.Request, resp *restful.Response, chain *restful.FilterChain, passwordUpdateOnly bool) {
if l.toFilter() == false {
chain.ProcessFilter(req, resp)
return
}
name := req.PathParameter(userIDParam)
logger.Trace.Println("SameUserFilter: user name:", name)
tokenStr := l.getCookieAccessTokenValue(req)
if tokenStr == "" {
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("Authentication is required"))
return
}
isUserMatch, err := app.IsItTheSameUser(tokenStr, name, getIPAddress(req), l.verifyKey)
if err != nil {
l.setError(resp, http.StatusMethodNotAllowed, err)
return
}
isPrivilegeOk, _ := app.IsPrivilegeOk(tokenStr, am.SuperUserPermission, getIPAddress(req), l.verifyKey)
if isPrivilegeOk == false && isUserMatch == false {
tokenData, _ := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey)
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("User '%v' is not permitted to run the operation, Only root or the user can run it.", tokenData.UserName))
return
}
if passwordUpdateOnly == true {
updatePasswordOnly := l.isUpdatePasswordOnly(req, resp, chain)
if updatePasswordOnly == true {
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("The only permitted operation is to update the user password"))
return
}
}
chain.ProcessFilter(req, resp)
}
// VerifyToken : verify is the received token is legal and as expected
func (l LibsecurityRestful) VerifyToken(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
tokenStr := l.getCookieAccessTokenValue(req)
if tokenStr == "" {
l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("Authentication is required"))
return
}
_, err := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey)
if err != nil {
l.setError(resp, http.StatusMethodNotAllowed, err)
return
}
chain.ProcessFilter(req, resp)
}