Exemple #1
0
// Authenticate implements the Provider interface authenticating a user against a
// password file. None of this is intended for prodcution use.
func (p *PwdProvider) Authenticate(user string, challenge string) bool {
	salt := util.GetConfig().Authn.PwdProvider.Salt
	pwdFilePath := util.GetPaths([]string{util.GetConfig().Authn.PwdProvider.PwdFileName})[0]
	log.Debugf("Reading passwords from %s", pwdFilePath)
	file, err := os.Open(pwdFilePath)

	if err != nil {
		panic(err)
	}

	defer file.Close()

	s := bufio.NewScanner(file)
	for s.Scan() {
		u, p := getUnP(s.Text())
		log.Debugf("Validating %s against %s and %s", user, u, p)
		if u == user {
			pwd, err := base64.StdEncoding.DecodeString(p)
			if err != nil {
				log.Debugf("Base64 decode failed for user %s", user)
				return false
			}
			r := bcrypt.CompareHashAndPassword(pwd, []byte(salt+challenge))
			if r == nil {
				log.Debugf("Authenticated user %s", user)
				return true
			}
		}
	}
	log.Debugf("User %s not found", user)

	return false
}
Exemple #2
0
func (provider *LdapProvider) bindFoxApiAsUser(ldapConnection *ldap.Conn) (bool, error) {
	err := ldapConnection.Bind(
		fmt.Sprintf("uid=%s,ou=users,ou=system", util.GetConfig().Authz.User),
		util.GetConfig().Authz.Password)
	fmt.Print("")
	if err != nil {
		return true, err
	} else {
		return false, nil
	}
}
Exemple #3
0
// HashPassword creates a valid base64 encoded hash for the given password
func HashPassword(password string) string {
	salt := util.GetConfig().Authn.PwdProvider.Salt

	b, _ := bcrypt.GenerateFromPassword([]byte(salt+password), 10)

	return base64.StdEncoding.EncodeToString(b)

}
Exemple #4
0
// Decrypt decrypts a string containing a token
// It returns nil if
// - the token has been minted more than tokenTTL minutes ago
// - the token message is not a valid TokenStruct
// - the token cannot be decrypted using known keys
func Decrypt(token string) *TokenStruct {
	var message TokenStruct

	// If the configuration has changed, re-load the keys
	if confVersion != util.GetConfig().Version {
		loadValidateKeys()
	}

	tok := []byte(token)
	m := fernet.VerifyAndDecrypt(tok, time.Duration(util.GetConfig().Authn.TokenTTL)*time.Minute, GetValidateKeys())

	err := json.Unmarshal(m, &message)
	if err != nil {
		log.Info("Failed to unmarshall token contents " + string(m))
		return nil
	}
	return &message
}
Exemple #5
0
func GetFoxes() ([]Fox, error) {
	var foxes []Fox

	foxes = make([]Fox, 0)
	fname := util.GetConfig().Storage.Filepath
	files, _ := ioutil.ReadDir(fname)
	for _, f := range files {
		fox, err := ReadFox(f.Name())
		if err != nil {
			return foxes, err
		}
		foxes = append(foxes, fox)
	}

	return foxes, nil
}
Exemple #6
0
// GetToken wraps the incoming username into a TokenStruct, serializes the result to json
// and generates a Fernet token based on the resulting string
func GetToken(username string) string {
	var t []byte

	// If the configuration has changed, re-load the keys
	if confVersion != util.GetConfig().Version {
		loadMintKey()
	}

	n, _ := time.Now().MarshalText()
	t, _ = json.Marshal(TokenStruct{Username: username, MintTime: string(n)})

	token, err := fernet.EncryptAndSign(t, GetKey())
	if err != nil {
		panic(err)
	}
	return string(token)
}
Exemple #7
0
func loadValidateKeys() {
	loadValidateKeyByName(util.GetConfig().Authn.ValidateKeyNames)
	confVersion = util.GetConfig().Version
}
Exemple #8
0
// InitValidator initializes the validator by storing current config version,
// creating a new lock and loading validation keys
func InitValidator() {
	confVersion = util.GetConfig().Version
	validateLock = new(sync.RWMutex)
	loadValidateKeys()
}
Exemple #9
0
func loadMintKey() {
	LoadMintKeyByName(util.GetConfig().Authn.MintKeyName)
	confVersion = util.GetConfig().Version
}
Exemple #10
0
func InitMint() {
	confVersion = util.GetConfig().Version
	mintLock = new(sync.RWMutex)
	loadMintKey()
}
Exemple #11
0
func getFileName(uuid string) string {
	return util.GetConfig().Storage.Filepath + uuid
}