func init() {
	logger.Init(ioutil.Discard, ioutil.Discard, ioutil.Discard, ioutil.Discard)
	privateKeyFilePath := flag.String("rsa-private", "./dist/key.private", "RSA private key file path")
	secureKeyFilePath := flag.String("secure-key", "./dist/secureKey", "password to encrypt the secure storage")
	usersDataPath := flag.String("data-file", "./dist/data.txt", "Login information file")
	flag.Parse()

	ServicePath = cr.ServicePathPrefix + cr.Version + AmPrefix
	resourcePath = listener + ServicePath + UsersPath

	usersList := en.New()
	signKey, verifyKey := app.TokenSetUp(*privateKeyFilePath)
	loginKey := ss.GetSecureKey(*secureKeyFilePath)
	en.LoadInfo(*usersDataPath, loginKey, usersList)

	stRestful = libsecurity_restful.NewLibsecurityRestful()
	stRestful.SetData(usersList, loginKey, verifyKey, signKey, nil)

	rootCookieStr, _ := app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, signKey)
	cr.SetCookie(rootCookieStr)

	for _, name := range usersName {
		stRestful.UsersList.AddUser(name)
	}

	go runServer()
	time.Sleep(100 * time.Millisecond)
}
Example #2
0
// TODO should I force to do logout first
func (l amRestful) restAm(request *restful.Request, response *restful.Response) {
	var tUserInfo pUserData

	err := request.ReadEntity(&tUserInfo)
	if err != nil {
		l.setError(response, http.StatusNotFound, err)
		return
	}
	userInfo := userData{tUserInfo.Name, []byte(tUserInfo.Password)}
	data := l.getAM(request, response, userInfo.Name)
	if data == nil {
		return
	}
	err = data.IsPasswordMatch([]byte(userInfo.Password))
	if err != nil {
		l.setError(response, http.StatusMethodNotAllowed, fmt.Errorf("Error with the password for user '%v': %v", userInfo.Name, err))
		return
	}
	tokenStr, err := app.GenerateToken(userInfo.Name, data.Privilege, getIPAddress(request), l.st.SignKey)
	if err != nil {
		l.setError(response, http.StatusInternalServerError, err)
		return
	}
	logger.Info.Println("User:"******"is authenticated")
	addLoginCookie(response, tokenStr)
	response.WriteHeader(http.StatusOK)
	response.WriteEntity(cr.Match{Match: true, Message: fmt.Sprintf("User '%v' is authenticated", userInfo.Name)})
}
func initAListOfUsers(t *testing.T, usersList []string) string {
	cookieStr, _ := app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, stRestful.SignKey)
	cr.SetCookie(cookieStr)

	for _, name := range usersList {
		okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, name)}
		url := resourcePath + "/" + name
		exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusCreated, string(uData), okUrlJ)
		data, _ := stRestful.UsersList.GetPropertyAttachedToEntity(name, propertyName)
		exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", data.(*am.AmUserInfo))
	}
	return string(uData)
}
// 1. As a user: Update the password, verify the results
// 2. As a root: Fail to update the password to the root
// 3. As a root: Update the password, verify that it is allowed
func TestUpdatePassword(t *testing.T) {
	userName := usersName[0]

	//	initAListOfUsers(t, usersName)
	cookieStr, _ := app.GenerateToken(userName, am.UserPermission, clientIP, stRestful.SignKey)
	cr.SetCookie(cookieStr)

	url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, userName, PwdPath)
	okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
	pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "1"})
	exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(pwd), okUrlJ)

	url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PwdPath)
	okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
	pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "2"})
	exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusMethodNotAllowed, string(pwd), cr.Error{Code: http.StatusMethodNotAllowed})

	cookieStr, _ = app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, stRestful.SignKey)
	cr.SetCookie(cookieStr)
	url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PwdPath)
	okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
	pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "1"})
	exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(pwd), okUrlJ)
}
// 1. As a root: Update the user privilege, verify the results
// 2. As a root: Update the root privilege, verify that it is not allowed
// 3. As the user: Update the user privilege, verify that it is not allowed
func TestUpdatePrivilege(t *testing.T) {
	userName := usersName[0]

	initAListOfUsers(t, usersName)
	url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, userName, PrivilegePath)
	okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
	privilege, _ := json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
	exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(privilege), okUrlJ)

	url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PrivilegePath)
	okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
	privilege, _ = json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
	exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})

	cookieStr, _ := app.GenerateToken(userName, am.UserPermission, clientIP, stRestful.SignKey)
	cr.SetCookie(cookieStr)
	exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusMethodNotAllowed, string(privilege), cr.Error{Code: http.StatusMethodNotAllowed})
}