// loadToken loads a private and public RSA keys from the filesystem // in order to be used for the JWT signature func loadToken(a structs.Auth) (*rsa.PrivateKey, *rsa.PublicKey, error) { logger.Debug("Attempting to load the RSA keys from the filesystem") if a.PrivateKey == "" || a.PublicKey == "" { return nil, nil, errors.New("The paths to the private and public RSA keys were not provided") } // Read the files from the filesystem prv, err := ioutil.ReadFile(a.PrivateKey) if err != nil { logger.Fatalf("Unable to open the private key file: %v", err) } pub, err := ioutil.ReadFile(a.PublicKey) if err != nil { logger.Fatalf("Unable to open the public key file: %v", err) } // Parse the RSA keys privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(prv) if err != nil { logger.Fatalf("Unable to parse the private key: %v", err) } publicKey, err := jwt.ParseRSAPublicKeyFromPEM(pub) if err != nil { logger.Fatalf("Unable to parse the public key: %v", err) } logger.Info("Provided RSA keys successfully loaded") return privateKey, publicKey, nil }
// GetIdentification retrieves the user & pass from a POST and authenticates the user against the Identification driver func (a *Config) GetIdentification() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != "POST" { http.Redirect(w, r, "/#/login", http.StatusFound) return } decoder := json.NewDecoder(r.Body) var data interface{} err := decoder.Decode(&data) if err != nil { logger.Warningf("Could not decode the body: %s", err) http.Error(w, "", http.StatusInternalServerError) return } m, ok := data.(map[string]interface{}) if !ok { logger.Warningf("Could not assert the body: %s", err) http.Error(w, "", http.StatusInternalServerError) return } u := m["user"].(string) p := m["pass"].(string) if u == "" || p == "" { logger.Info("Authentication failed: user and password must not be empty") http.Error(w, "", http.StatusUnauthorized) return } // validate the user with the Login authentication driver user, err := a.Driver(u, p) if err != nil { message := fmt.Sprintf("Authentication failed: %s", err) // Output to stdout logger.Info(message) // Output to audit log log := structs.AuditLog{Action: "loginfailure", Level: "default", Output: message} log.RemoteAddr = helpers.GetIP(r) audit.Log(log) http.Error(w, "", http.StatusUnauthorized) return } // obfuscate the user's salt & hash user.PasswordHash = "" user.PasswordSalt = "" token, err := GetToken(&user.Role, u) if err != nil { logger.Warningf("Authentication failed, could not create the token: %s", err) http.Error(w, "", http.StatusInternalServerError) return } // Add token to the user struct user.Token = token j, err := json.Marshal(user) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } w.Header().Set("Content-Type", "application/json") w.Write(j) return }) }