Put http.Request in validation path

2022-11-12 17:31:03 -05:00 · 2022-11-12 17:31:03 -05:00 · 1aa1296732
commit 1aa1296732
parent 2c997e3866
5 changed files with 15 additions and 7 deletions
--- a/pkg/auth/authenticator.go
+++ b/pkg/auth/authenticator.go
@ -93,7 +93,7 @@ func (a *Authenticator) ProvidersHandler(c echo.Context) error {
 	return c.JSON(http.StatusOK, providers)
 }

-func (a *Authenticator) Check(f *Flow, rm map[string]interface{}) (provider.ProviderUser, error) {
+func (a *Authenticator) Check(f *Flow, req *http.Request, rm map[string]interface{}) (provider.ProviderUser, error) {
 	cID, hasCID := rm["client_id"]
 	cIDStr, cidIsStr := cID.(string)
 	if !hasCID || !cidIsStr || cIDStr == "" || cIDStr != string(f.request.ClientID) {
@ -110,7 +110,7 @@ func (a *Authenticator) Check(f *Flow, rm map[string]interface{}) (provider.Prov
 			return nil, ErrInvalidAuth
 		}

-		user, success := p.ValidateCreds(rm)
+		user, success := p.ValidateCreds(req, rm)

 		if success {
 			log.Info().Interface("user", user.ProviderUserData()).Msg("Login success")
--- a/pkg/auth/flow.go
+++ b/pkg/auth/flow.go
@ -142,7 +142,7 @@ func (f *Flow) progress(a *Authenticator, c echo.Context) error {
 				}
 			}
 		}
-		user, err := a.Check(f, rm)
+		user, err := a.Check(f, c.Request(), rm)
 		switch err {
 		case nil:
 			var finishedFlow struct {
--- a/pkg/auth/provider/hass/provider.go
+++ b/pkg/auth/provider/hass/provider.go
@ -1,6 +1,8 @@
 package hass

 import (
+	"net/http"
+
 	"encoding/base64"

 	"github.com/rs/zerolog/log"
@ -64,7 +66,7 @@ func (hap *HomeAssistantProvider) hashPass(p string) ([]byte, error) {
 	return bcrypt.GenerateFromPassword([]byte(p), bcrypt.DefaultCost)
 }

-func (hap *HomeAssistantProvider) ValidateCreds(rm map[string]interface{}) (provider.ProviderUser, bool) {
+func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
 	usernameE, hasU := rm["username"]
 	passwordE, hasP := rm["password"]
 	username, unStr := usernameE.(string)
--- a/pkg/auth/provider/provider.go
+++ b/pkg/auth/provider/provider.go
@ -1,6 +1,8 @@
 package provider

 import (
+	"net/http"
+
 	"dynatron.me/x/blasphem/pkg/storage"
 )

@ -13,7 +15,7 @@ type AuthProvider interface { // TODO: this should include stepping
 	ProviderBase() AuthProviderBase
 	FlowSchema() []FlowSchemaItem
 	NewCredData() interface{}
-	ValidateCreds(reqMap map[string]interface{}) (user ProviderUser, success bool)
+	ValidateCreds(r *http.Request, reqMap map[string]interface{}) (user ProviderUser, success bool)
 }

 func Register(providerName string, f func(storage.Store) (AuthProvider, error)) {
--- a/pkg/auth/provider/trustednets/trustednets.go
+++ b/pkg/auth/provider/trustednets/trustednets.go
@ -3,6 +3,8 @@ package trustednets
 // TODO: This doesn't work at all

 import (
+	"net/http"
+
 	"dynatron.me/x/blasphem/pkg/auth/provider"
 	"dynatron.me/x/blasphem/pkg/storage"
 )
@ -42,8 +44,10 @@ func New(s storage.Store) (provider.AuthProvider, error) {
 	return hap, nil
 }

-// TODO: To implement this, ValidateCreds needs to be changed to accept an http.Request, or the echo context.
-func (hap *TrustedNetworksProvider) ValidateCreds(rm map[string]interface{}) (provider.ProviderUser, bool) {
+func (hap *TrustedNetworksProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
+	/*
+	if req.RemoteAddr in allowed then do the thing
+	*/
 	return nil, false
 }