2022-10-25 00:16:29 -04:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
|
|
|
|
"dynatron.me/x/blasphem/pkg/storage"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
HAProviderKey = "auth_provider.homeassistant"
|
|
|
|
)
|
|
|
|
|
|
|
|
type User struct {
|
|
|
|
Password string `json:"password"`
|
|
|
|
Username string `json:"username"`
|
|
|
|
}
|
2022-10-26 18:27:24 -04:00
|
|
|
|
2022-10-25 00:16:29 -04:00
|
|
|
type HomeAssistantProvider struct {
|
|
|
|
AuthProviderBase `json:"-"`
|
|
|
|
Users []User `json:"users"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewHAProvider(s storage.Store) (*HomeAssistantProvider, error) {
|
|
|
|
hap := &HomeAssistantProvider{
|
|
|
|
AuthProviderBase: AuthProviderBase{
|
|
|
|
Name: "Home Assistant Local",
|
|
|
|
Type: HomeAssistant,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
err := s.Get(HAProviderKey, hap)
|
|
|
|
if err != nil {
|
|
|
|
return hap, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return hap, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (hap *HomeAssistantProvider) hashPass(p string) ([]byte, error) {
|
|
|
|
return bcrypt.GenerateFromPassword([]byte(p), bcrypt.DefaultCost)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (hap *HomeAssistantProvider) ValidateCreds(rm map[string]interface{}) bool {
|
|
|
|
usernameE, hasU := rm["username"]
|
|
|
|
passwordE, hasP := rm["password"]
|
|
|
|
username, unStr := usernameE.(string)
|
|
|
|
password, paStr := passwordE.(string)
|
|
|
|
if !hasU || !hasP || !unStr || !paStr || username == "" || password == "" {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
var found *User
|
|
|
|
|
|
|
|
const dummyHash = "$2b$12$CiuFGszHx9eNHxPuQcwBWez4CwDTOcLTX5CbOpV6gef2nYuXkY7BO"
|
|
|
|
|
|
|
|
for _, v := range hap.Users { // iterate all to thwart timing attacks
|
|
|
|
if v.Username == username {
|
|
|
|
found = &v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if found == nil { // one more compare to thwart timing attacks
|
|
|
|
bcrypt.CompareHashAndPassword([]byte("foo"), []byte(dummyHash))
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
var hash []byte
|
|
|
|
hash, err := base64.StdEncoding.DecodeString(found.Password)
|
|
|
|
if err != nil {
|
|
|
|
// XXX: probably log this
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
err = bcrypt.CompareHashAndPassword(hash, []byte(password))
|
|
|
|
if err == nil {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (hap *HomeAssistantProvider) FlowSchema() []FlowSchemaItem {
|
|
|
|
return []FlowSchemaItem{
|
|
|
|
{
|
|
|
|
Type: "string",
|
|
|
|
Name: "username",
|
|
|
|
Required: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: "string",
|
|
|
|
Name: "password",
|
|
|
|
Required: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|