Exemplo n.º 1
0
//Validate access token
func (s *Server) validateAccessLoginToken(token string) (string, bool) {

	btok, err := base64.URLEncoding.DecodeString(token)

	if err != nil {
		return "", false

	}
	k := fernet.MustDecodeKeys(s.config.Clients["browser"].Secret)
	email := fernet.VerifyAndDecrypt(btok, 60*time.Second, k)

	c := s.redisConn()
	defer c.Close()

	status, err := redis.String(c.Do("GET", email))
	if err != nil {
		return "", false
	}

	if status == "loggedin" {
		return string(email), true
	} else {
		return "", false
	}

}
Exemplo n.º 2
0
Arquivo: auth.go Projeto: Jwpe/l2met
// ParseAndDecrypt returns the outlet's API credentials which
// are expected to be signed & encrypted and stuffed into the
// authorization header of the HTTP request.
func ParseAndDecrypt(r *http.Request) (string, string, error) {
	header, err := parseAuthHeader(r)
	if err != nil {
		return "", "", err
	}

	user, _, err := ParseRaw(header)
	if err != nil {
		return "", "", err
	}

	// If we have gotten here, we have a signed, authentication request.
	// If we can verify & decrypt, then we will pass the decrypted credenti
	// to the caller. Most of the time, the username and password will be
	// credentials to Librato metric API. We don't care about the
	// validity of those credentials here. If they are wrong
	// the metrics will be dropped in the outlet. Keep an eye on HTTP
	// authentication errors from the log output of the outlets.
	if len(keys) > 0 {
		s := fernet.VerifyAndDecrypt([]byte(user), ttl, keys)
		if s != nil {
			parts := strings.Split(string(s), ":")
			return parts[0], parts[1], nil
		}
	}
	return "", "", errors.New("End of Authentication chain reached.")
}
Exemplo n.º 3
0
Arquivo: auth.go Projeto: heroku/l2met
func Parse(r *http.Request) (string, string, error) {
	header, err := parseAuthHeader(r)
	if err != nil {
		return "", "", err
	}

	user, _, err := ParseRaw(header)
	if err != nil {
		return "", "", err
	}

	//If we have gotten here, we have a signed, db-less authentication reque
	//If we can verify and decrypt, then we will pass the decrypted credenti
	//to the caller. Most of the time, the username and password will be
	//credentials to outlet providers. (e.g. Librato creds or Graphite creds
	//We care about the validity of those credentials here. If they are wron
	//the metrics will be dropped at the outlet. Keep an eye on http
	//authentication errors from the log output of the outlets.
	if len(keys) > 0 {
		if s := fernet.VerifyAndDecrypt([]byte(user), OneHundredYears, keys); s != nil {
			parts := strings.Split(string(s), ":")
			return parts[0], parts[1], nil
		}
	}
	return "", "", errors.New("End of Authentication chain reached.")
}
Exemplo n.º 4
0
func Example() {
	k := fernet.MustDecodeKeys("cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=")
	tok, err := fernet.EncryptAndSign([]byte("hello"), k[0])
	if err != nil {
		panic(err)
	}
	msg := fernet.VerifyAndDecrypt(tok, 60*time.Second, k)
	fmt.Println(string(msg))
	// Output:
	// hello
}
Exemplo n.º 5
0
//Validate access token
func (s *Server) validateSharedToken(token string) bool {

	btok, err := base64.URLEncoding.DecodeString(token)

	if err != nil {
		return false

	}
	k := fernet.MustDecodeKeys(s.config.Clients["browser"].Secret)
	shared_token := fernet.VerifyAndDecrypt(btok, 60*10*time.Second, k)
	if string(shared_token) == string(s.config.Clients["browser"].Token) {
		return true
	} else {
		return false
	}

}
Exemplo n.º 6
0
func ParseAuth(r *http.Request) (string, string, error) {
	header, err := parseAuthHeader(r)
	if err != nil {
		return "", "", err
	}

	user, _, err := parseAuthValue(header)
	if err != nil {
		return "", "", err
	}

	//If we have gotten here, we have a signed, db-less authentication reque
	//If we can verify and decrypt, then we will pass the decrypted credenti
	//to the caller. Most of the time, the username and password will be
	//credentials to outlet providers. (e.g. Librato creds or Graphite creds
	//We care about the validity of those credentials here. If they are wron
	//the metrics will be dropped at the outlet. Keep an eye on http
	//authentication errors from the log output of the outlets.
	if len(keys) > 0 {
		if s := fernet.VerifyAndDecrypt([]byte(user), OneHundredYears, keys); s != nil {
			parts := strings.Split(string(s), ":")
			return parts[0], parts[1], nil
		}
	}
	//If the user is not == "l2met" then dbless-auth is requested.
	//ATM we assume the first part (user field) contains a base64 encoded
	//representation of the outlet credentials.
	if len(user) > 0 {
		trimmedUser := strings.Replace(user, ":", "", -1)
		decodedUser, err := base64.StdEncoding.DecodeString(trimmedUser)
		if err != nil {
			return trimmedUser, "", err
		}
		outletCreds := strings.Split(string(decodedUser), ":")
		//If the : is absent in parts[0], outletCreds[0] will contain the entire string in parts[0].
		u := outletCreds[0]
		//It is not required for the outletCreds to contain a pass.
		//The empty string that is returned will be handled by the outlet.
		var p string
		if len(outletCreds) > 1 {
			p = outletCreds[1]
		}
		return u, p, nil
	}
	return "", "", errors.New("End of Authe chain reached.")
}
Exemplo n.º 7
0
func TestFernet(t *testing.T) {
	k := fernet.MustDecodeKeys("YI1ZYdopn6usnQ/5gMAHg8+pNh6D0DdaJkytdoLWUj0=")
	tok, err := fernet.EncryptAndSign([]byte("mysharedtoken"), k[0])
	if err != nil {
		t.Fatalf("fernet encryption failed %v\n", err)
	}
	stok := base64.URLEncoding.EncodeToString(tok)

	btok, err := base64.URLEncoding.DecodeString(stok)
	//fmt.Println(btok)

	if err != nil {
		t.Fatalf("fernet key decryption failed %v\n", err)
	}

	msg := fernet.VerifyAndDecrypt(btok, 60*time.Second, k)
	if string(msg) != "mysharedtoken" {
		t.Fatalf("verification failed!\n")
	}

}