From 1aa1296732fd5c03b84eb47600d7beb6af6f2328 Mon Sep 17 00:00:00 2001 From: Daniel Ponte Date: Sat, 12 Nov 2022 17:31:03 -0500 Subject: [PATCH] Put http.Request in validation path --- pkg/auth/authenticator.go | 4 ++-- pkg/auth/flow.go | 2 +- pkg/auth/provider/hass/provider.go | 4 +++- pkg/auth/provider/provider.go | 4 +++- pkg/auth/provider/trustednets/trustednets.go | 8 ++++++-- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/pkg/auth/authenticator.go b/pkg/auth/authenticator.go index 0f6c639..f34f804 100644 --- a/pkg/auth/authenticator.go +++ b/pkg/auth/authenticator.go @@ -93,7 +93,7 @@ func (a *Authenticator) ProvidersHandler(c echo.Context) error { return c.JSON(http.StatusOK, providers) } -func (a *Authenticator) Check(f *Flow, rm map[string]interface{}) (provider.ProviderUser, error) { +func (a *Authenticator) Check(f *Flow, req *http.Request, rm map[string]interface{}) (provider.ProviderUser, error) { cID, hasCID := rm["client_id"] cIDStr, cidIsStr := cID.(string) if !hasCID || !cidIsStr || cIDStr == "" || cIDStr != string(f.request.ClientID) { @@ -110,7 +110,7 @@ func (a *Authenticator) Check(f *Flow, rm map[string]interface{}) (provider.Prov return nil, ErrInvalidAuth } - user, success := p.ValidateCreds(rm) + user, success := p.ValidateCreds(req, rm) if success { log.Info().Interface("user", user.ProviderUserData()).Msg("Login success") diff --git a/pkg/auth/flow.go b/pkg/auth/flow.go index af0a83e..3d1c143 100644 --- a/pkg/auth/flow.go +++ b/pkg/auth/flow.go @@ -142,7 +142,7 @@ func (f *Flow) progress(a *Authenticator, c echo.Context) error { } } } - user, err := a.Check(f, rm) + user, err := a.Check(f, c.Request(), rm) switch err { case nil: var finishedFlow struct { diff --git a/pkg/auth/provider/hass/provider.go b/pkg/auth/provider/hass/provider.go index 0abcf52..edb56fa 100644 --- a/pkg/auth/provider/hass/provider.go +++ b/pkg/auth/provider/hass/provider.go @@ -1,6 +1,8 @@ package hass import ( + "net/http" + "encoding/base64" "github.com/rs/zerolog/log" @@ -64,7 +66,7 @@ func (hap *HomeAssistantProvider) hashPass(p string) ([]byte, error) { return bcrypt.GenerateFromPassword([]byte(p), bcrypt.DefaultCost) } -func (hap *HomeAssistantProvider) ValidateCreds(rm map[string]interface{}) (provider.ProviderUser, bool) { +func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) { usernameE, hasU := rm["username"] passwordE, hasP := rm["password"] username, unStr := usernameE.(string) diff --git a/pkg/auth/provider/provider.go b/pkg/auth/provider/provider.go index 57000c6..8dbd09d 100644 --- a/pkg/auth/provider/provider.go +++ b/pkg/auth/provider/provider.go @@ -1,6 +1,8 @@ package provider import ( + "net/http" + "dynatron.me/x/blasphem/pkg/storage" ) @@ -13,7 +15,7 @@ type AuthProvider interface { // TODO: this should include stepping ProviderBase() AuthProviderBase FlowSchema() []FlowSchemaItem NewCredData() interface{} - ValidateCreds(reqMap map[string]interface{}) (user ProviderUser, success bool) + ValidateCreds(r *http.Request, reqMap map[string]interface{}) (user ProviderUser, success bool) } func Register(providerName string, f func(storage.Store) (AuthProvider, error)) { diff --git a/pkg/auth/provider/trustednets/trustednets.go b/pkg/auth/provider/trustednets/trustednets.go index 1e806f9..d284602 100644 --- a/pkg/auth/provider/trustednets/trustednets.go +++ b/pkg/auth/provider/trustednets/trustednets.go @@ -3,6 +3,8 @@ package trustednets // TODO: This doesn't work at all import ( + "net/http" + "dynatron.me/x/blasphem/pkg/auth/provider" "dynatron.me/x/blasphem/pkg/storage" ) @@ -42,8 +44,10 @@ func New(s storage.Store) (provider.AuthProvider, error) { return hap, nil } -// TODO: To implement this, ValidateCreds needs to be changed to accept an http.Request, or the echo context. -func (hap *TrustedNetworksProvider) ValidateCreds(rm map[string]interface{}) (provider.ProviderUser, bool) { +func (hap *TrustedNetworksProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) { + /* + if req.RemoteAddr in allowed then do the thing + */ return nil, false }