예제 #1
0
// Delegate processes a delegation request.
func Delegate(jsonIn []byte) ([]byte, error) {
	var s delegate
	if err := json.Unmarshal(jsonIn, &s); err != nil {
		return jsonStatusError(err)
	}

	if passvault.NumRecords() == 0 {
		return jsonStatusError(errors.New("Vault is not created yet"))
	}

	// Find password record for user and verify that their password
	// matches. If not found then add a new entry for this user.

	pr, found := passvault.GetRecord(s.Name)
	if found {
		if err := pr.ValidatePassword(s.Password); err != nil {
			return jsonStatusError(err)
		}
	} else {
		var err error
		if pr, err = passvault.AddNewRecord(s.Name, s.Password, false); err != nil {
			log.Printf("Error adding record for %s: %s\n", s.Name, err)
			return jsonStatusError(err)
		}
	}

	// add signed-in record to active set
	if err := keycache.AddKeyFromRecord(pr, s.Name, s.Password, s.Uses, s.Time); err != nil {
		log.Printf("Error adding key to cache for %s: %s\n", s.Name, err)
		return jsonStatusError(err)
	}

	return jsonStatusOk()
}
예제 #2
0
// Create processes a create request.
func Create(jsonIn []byte) ([]byte, error) {
	var s create
	if err := json.Unmarshal(jsonIn, &s); err != nil {
		return jsonStatusError(err)
	}

	if passvault.NumRecords() != 0 {
		return jsonStatusError(errors.New("Vault is already created"))
	}

	if _, err := passvault.AddNewRecord(s.Name, s.Password, true); err != nil {
		log.Printf("Error adding record for %s: %s\n", s.Name, err)
		return jsonStatusError(err)
	}

	return jsonStatusOk()
}
예제 #3
0
// Password processes a password change request.
func Password(jsonIn []byte) ([]byte, error) {
	var s password
	if err := json.Unmarshal(jsonIn, &s); err != nil {
		return jsonStatusError(err)
	}

	if passvault.NumRecords() == 0 {
		return jsonStatusError(errors.New("Vault is not created yet"))
	}

	// add signed-in record to active set
	if err := passvault.ChangePassword(s.Name, s.Password, s.NewPassword); err != nil {
		log.Println("Error changing password:", err)
		return jsonStatusError(err)
	}

	return jsonStatusOk()
}
예제 #4
0
// validateAdmin checks that the username and password passed in are
// correct and that the user is an admin
func validateAdmin(name, password string) error {
	if passvault.NumRecords() == 0 {
		return errors.New("Vault is not created yet")
	}

	pr, ok := passvault.GetRecord(name)
	if !ok {
		return errors.New("User not present")
	}
	if err := pr.ValidatePassword(password); err != nil {
		return err
	}
	if !pr.IsAdmin() {
		return errors.New("Admin required")
	}

	return nil
}
예제 #5
0
// Summary processes a summary request.
func Summary(jsonIn []byte) ([]byte, error) {
	var s summary
	keycache.Refresh()

	if err := json.Unmarshal(jsonIn, &s); err != nil {
		return jsonStatusError(err)
	}

	if passvault.NumRecords() == 0 {
		return jsonStatusError(errors.New("Vault is not created yet"))
	}

	if err := validateAdmin(s.Name, s.Password); err != nil {
		log.Printf("Error validating admin status of %s: %s", s.Name, err)
		return jsonStatusError(err)
	}

	return jsonSummary()
}