func (l LibsecurityRestful) sameUserFilterCheckPasswordUpdate(req *restful.Request, resp *restful.Response, chain *restful.FilterChain, passwordUpdateOnly bool) { if l.toFilter() == false { chain.ProcessFilter(req, resp) return } name := req.PathParameter(userIDParam) logger.Trace.Println("SameUserFilter: user name:", name) tokenStr := l.getCookieAccessTokenValue(req) if tokenStr == "" { l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("Authentication is required")) return } isUserMatch, err := app.IsItTheSameUser(tokenStr, name, getIPAddress(req), l.verifyKey) if err != nil { l.setError(resp, http.StatusMethodNotAllowed, err) return } isPrivilegeOk, _ := app.IsPrivilegeOk(tokenStr, am.SuperUserPermission, getIPAddress(req), l.verifyKey) if isPrivilegeOk == false && isUserMatch == false { tokenData, _ := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey) l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("User '%v' is not permitted to run the operation, Only root or the user can run it.", tokenData.UserName)) return } if passwordUpdateOnly == true { updatePasswordOnly := l.isUpdatePasswordOnly(req, resp, chain) if updatePasswordOnly == true { l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("The only permitted operation is to update the user password")) return } } chain.ProcessFilter(req, resp) }
// VerifyToken : verify is the received token is legal and as expected func (l LibsecurityRestful) VerifyToken(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) { tokenStr := l.getCookieAccessTokenValue(req) if tokenStr == "" { l.setError(resp, http.StatusMethodNotAllowed, fmt.Errorf("Authentication is required")) return } _, err := app.ParseToken(tokenStr, getIPAddress(req), l.verifyKey) if err != nil { l.setError(resp, http.StatusMethodNotAllowed, err) return } chain.ProcessFilter(req, resp) }