// Authenticate implements the Provider interface authenticating a user against a // password file. None of this is intended for prodcution use. func (p *PwdProvider) Authenticate(user string, challenge string) bool { salt := util.GetConfig().Authn.PwdProvider.Salt pwdFilePath := util.GetPaths([]string{util.GetConfig().Authn.PwdProvider.PwdFileName})[0] log.Debugf("Reading passwords from %s", pwdFilePath) file, err := os.Open(pwdFilePath) if err != nil { panic(err) } defer file.Close() s := bufio.NewScanner(file) for s.Scan() { u, p := getUnP(s.Text()) log.Debugf("Validating %s against %s and %s", user, u, p) if u == user { pwd, err := base64.StdEncoding.DecodeString(p) if err != nil { log.Debugf("Base64 decode failed for user %s", user) return false } r := bcrypt.CompareHashAndPassword(pwd, []byte(salt+challenge)) if r == nil { log.Debugf("Authenticated user %s", user) return true } } } log.Debugf("User %s not found", user) return false }
func (provider *LdapProvider) bindFoxApiAsUser(ldapConnection *ldap.Conn) (bool, error) { err := ldapConnection.Bind( fmt.Sprintf("uid=%s,ou=users,ou=system", util.GetConfig().Authz.User), util.GetConfig().Authz.Password) fmt.Print("") if err != nil { return true, err } else { return false, nil } }
// HashPassword creates a valid base64 encoded hash for the given password func HashPassword(password string) string { salt := util.GetConfig().Authn.PwdProvider.Salt b, _ := bcrypt.GenerateFromPassword([]byte(salt+password), 10) return base64.StdEncoding.EncodeToString(b) }
// Decrypt decrypts a string containing a token // It returns nil if // - the token has been minted more than tokenTTL minutes ago // - the token message is not a valid TokenStruct // - the token cannot be decrypted using known keys func Decrypt(token string) *TokenStruct { var message TokenStruct // If the configuration has changed, re-load the keys if confVersion != util.GetConfig().Version { loadValidateKeys() } tok := []byte(token) m := fernet.VerifyAndDecrypt(tok, time.Duration(util.GetConfig().Authn.TokenTTL)*time.Minute, GetValidateKeys()) err := json.Unmarshal(m, &message) if err != nil { log.Info("Failed to unmarshall token contents " + string(m)) return nil } return &message }
func GetFoxes() ([]Fox, error) { var foxes []Fox foxes = make([]Fox, 0) fname := util.GetConfig().Storage.Filepath files, _ := ioutil.ReadDir(fname) for _, f := range files { fox, err := ReadFox(f.Name()) if err != nil { return foxes, err } foxes = append(foxes, fox) } return foxes, nil }
// GetToken wraps the incoming username into a TokenStruct, serializes the result to json // and generates a Fernet token based on the resulting string func GetToken(username string) string { var t []byte // If the configuration has changed, re-load the keys if confVersion != util.GetConfig().Version { loadMintKey() } n, _ := time.Now().MarshalText() t, _ = json.Marshal(TokenStruct{Username: username, MintTime: string(n)}) token, err := fernet.EncryptAndSign(t, GetKey()) if err != nil { panic(err) } return string(token) }
func loadValidateKeys() { loadValidateKeyByName(util.GetConfig().Authn.ValidateKeyNames) confVersion = util.GetConfig().Version }
// InitValidator initializes the validator by storing current config version, // creating a new lock and loading validation keys func InitValidator() { confVersion = util.GetConfig().Version validateLock = new(sync.RWMutex) loadValidateKeys() }
func loadMintKey() { LoadMintKeyByName(util.GetConfig().Authn.MintKeyName) confVersion = util.GetConfig().Version }
func InitMint() { confVersion = util.GetConfig().Version mintLock = new(sync.RWMutex) loadMintKey() }
func getFileName(uuid string) string { return util.GetConfig().Storage.Filepath + uuid }