Пример #1
0
// GetRoles implements a naive role listing for a user. All valid tokens will
// result in a single "ADMIN" role, everybody else gets "*"
func (provider *SimpleProvider) GetRoles(token string) []string {
	user, _ := authn.Validate(token)
	var roles []string

	if user != "" {
		return append(roles, "ADMIN")
	}

	return append(roles, "*")
}
Пример #2
0
// Reissue re-issues a new token based on an existing valid one
func Reissue(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json; charset=UTF-8")

	t := r.Header.Get("Authorization")
	if strings.HasPrefix(t, "Bearer ") {
		user, err := authn.Validate(strings.SplitAfter(t, "Bearer ")[1])
		if err != nil {
			w.WriteHeader(http.StatusUnauthorized)
		} else {
			sendToken(w, user)
		}

	} else {
		w.WriteHeader(http.StatusUnauthorized)
	}

}
Пример #3
0
// PermissionHandler validates the permissions of a user before further handling
func PermissionHandler(inner http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		var user string
		var ps string

		t := r.Header.Get("Authorization")
		if strings.HasPrefix(t, "Bearer ") {
			user, _ = authn.Validate(strings.SplitAfter(t, "Bearer ")[1])
			log.Debugf("Getting user %s from %s", user, t)
		} else {
			user = ""
			log.Debugf("Failed to get user from %s", t)
		}

		if GetProvider().IsAuthorized(user, r.Method, r.URL.RequestURI()) {
			log.Debugf("Authorized access, serving the request")
			sw := util.MakeLogger(w)
			inner.ServeHTTP(sw, r)
		} else {
			log.Debugf("Unauthorized access, sending an error message")
			for _, p := range authn.KnownProviders() {
				if ps > "" {
					ps = ps + "," + p
				} else {
					ps = p
				}
			}
			w.Header().Set("WWW-Authenticate", "WWW-Authenticate:"+ps)
			w.WriteHeader(http.StatusUnauthorized)
			if err := json.NewEncoder(w).Encode(util.Error{Code: http.StatusUnauthorized, Message: "Permission denied"}); err != nil {
				panic(err)
			}
		}

	})
}
Пример #4
0
		provider  = "pwd"
	)

	s := "TEST"
	util.SetupSvcLogging(&s)

	BeforeEach(func() {
		util.LoadConfigByPathWOExtension("test_config")
		authn.InitMint()
		authn.InitValidator()
	})

	Describe("Token roundtrip", func() {
		Context("Freshly minted token", func() {
			It("Fresh token should be valid", func() {
				user, err := authn.Validate(authn.GetToken(user))
				Expect(err).To(BeNil())
				Expect(user).To(Equal(user))
			})
		})
		Context("Authenticating the user", func() {
			It("should return true, given valid username, challenge and provider", func() {
				booln := authn.Authenticate(user, challenge, provider)
				Expect(booln).To(BeTrue())
			})
		})
	})

	Describe("Reissuing a token", func() {
		Context("Username is preserved", func() {
			It("should return the username that was given to the old token", func() {