Esempio n. 1
0
func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error) {
	ar := &AuthRequest{RemoteAddr: req.RemoteAddr, Actions: []string{}}
	user, password, haveBasicAuth := req.BasicAuth()
	if haveBasicAuth {
		ar.User = user
		ar.Password = authn.PasswordString(password)
	}
	ar.Account = req.FormValue("account")
	if ar.Account == "" {
		ar.Account = ar.User
	} else if haveBasicAuth && ar.Account != ar.User {
		return nil, fmt.Errorf("user and account are not the same (%q vs %q)", ar.User, ar.Account)
	}
	ar.Service = req.FormValue("service")
	scope := req.FormValue("scope")
	if scope != "" {
		parts := strings.Split(scope, ":")
		if len(parts) != 3 {
			return nil, fmt.Errorf("invalid scope: %q", scope)
		}
		ar.Type = parts[0]
		ar.Name = parts[1]
		ar.Actions = strings.Split(parts[2], ",")
		sort.Strings(ar.Actions)
	}
	return ar, nil
}
Esempio n. 2
0
// ======================================= 登陆相关=========================================
func (acm *AuthConfigManager) DoLogin(user string, password string) (string, bool) {
	for _, a := range acm.authConfig.Authenticators {
		result, err := a.Authenticate(user, authn.PasswordString(password))
		// glog.V(2).Infof("Authn %s %s -> %t, %s", a.Name(), ar.ai.Account, result, err)
		if err != nil {
			if err == authn.NoMatch {
				continue
			}
			// err = fmt.Errorf("authn #%d returned error: %s", i+1, err)
			// glog.Errorf("%s: %s", ar, err)
			return err.Error(), false
		}
		return "", result
	}
	// Deny by default.
	// glog.Warningf("%s did not match any authn rule", ar.ai)
	return "", false
}