Ejemplo n.º 1
0
// loadToken loads a private and public RSA keys from the filesystem
// in order to be used for the JWT signature
func loadToken(a structs.Auth) (*rsa.PrivateKey, *rsa.PublicKey, error) {
	logger.Debug("Attempting to load the RSA keys from the filesystem")

	if a.PrivateKey == "" || a.PublicKey == "" {
		return nil, nil, errors.New("The paths to the private and public RSA keys were not provided")
	}

	// Read the files from the filesystem
	prv, err := ioutil.ReadFile(a.PrivateKey)
	if err != nil {
		logger.Fatalf("Unable to open the private key file: %v", err)
	}
	pub, err := ioutil.ReadFile(a.PublicKey)
	if err != nil {
		logger.Fatalf("Unable to open the public key file: %v", err)
	}

	// Parse the RSA keys
	privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(prv)
	if err != nil {
		logger.Fatalf("Unable to parse the private key: %v", err)
	}
	publicKey, err := jwt.ParseRSAPublicKeyFromPEM(pub)
	if err != nil {
		logger.Fatalf("Unable to parse the public key: %v", err)
	}

	logger.Info("Provided RSA keys successfully loaded")
	return privateKey, publicKey, nil
}
Ejemplo n.º 2
0
// GetIdentification retrieves the user & pass from a POST and authenticates the user against the Identification driver
func (a *Config) GetIdentification() http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.Method != "POST" {
			http.Redirect(w, r, "/#/login", http.StatusFound)
			return
		}

		decoder := json.NewDecoder(r.Body)
		var data interface{}
		err := decoder.Decode(&data)
		if err != nil {
			logger.Warningf("Could not decode the body: %s", err)
			http.Error(w, "", http.StatusInternalServerError)
			return
		}

		m, ok := data.(map[string]interface{})
		if !ok {
			logger.Warningf("Could not assert the body: %s", err)
			http.Error(w, "", http.StatusInternalServerError)
			return
		}

		u := m["user"].(string)
		p := m["pass"].(string)
		if u == "" || p == "" {
			logger.Info("Authentication failed: user and password must not be empty")
			http.Error(w, "", http.StatusUnauthorized)
			return
		}

		// validate the user with the Login authentication driver
		user, err := a.Driver(u, p)
		if err != nil {
			message := fmt.Sprintf("Authentication failed: %s", err)

			// Output to stdout
			logger.Info(message)

			// Output to audit log
			log := structs.AuditLog{Action: "loginfailure", Level: "default", Output: message}
			log.RemoteAddr = helpers.GetIP(r)
			audit.Log(log)

			http.Error(w, "", http.StatusUnauthorized)
			return
		}

		// obfuscate the user's salt & hash
		user.PasswordHash = ""
		user.PasswordSalt = ""

		token, err := GetToken(&user.Role, u)
		if err != nil {
			logger.Warningf("Authentication failed, could not create the token: %s", err)
			http.Error(w, "", http.StatusInternalServerError)
			return
		}

		// Add token to the user struct
		user.Token = token

		j, err := json.Marshal(user)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		w.Header().Set("Content-Type", "application/json")
		w.Write(j)
		return
	})
}