From ae00c1534db38b2689ed946eb89a65c704d25302 Mon Sep 17 00:00:00 2001 From: Daniel Ponte Date: Sun, 13 Nov 2022 19:06:53 -0500 Subject: [PATCH] get user --- pkg/auth/provider/hass/provider.go | 19 ++++++++++++++++--- pkg/auth/provider/provider.go | 2 ++ pkg/auth/provider/trustednets/trustednets.go | 4 ++++ pkg/auth/session.go | 4 +--- pkg/auth/store.go | 18 +++++++++++++++++- 5 files changed, 40 insertions(+), 7 deletions(-) diff --git a/pkg/auth/provider/hass/provider.go b/pkg/auth/provider/hass/provider.go index 04b3d3e..a5cc06e 100644 --- a/pkg/auth/provider/hass/provider.go +++ b/pkg/auth/provider/hass/provider.go @@ -24,7 +24,7 @@ type HAUser struct { } func (hau *HAUser) UserData() provider.ProviderUser { - return &UserData{ + return &UserData{ // strip secret Username: hau.Username, } } @@ -44,6 +44,7 @@ func (h *HAUser) ProviderUserData() interface{} { return h.UserData() } type HomeAssistantProvider struct { provider.AuthProviderBase `json:"-"` Users []HAUser `json:"users"` + userMap map[string]*HAUser } func NewHAProvider(s storage.Store) (provider.AuthProvider, error) { @@ -59,13 +60,25 @@ func NewHAProvider(s storage.Store) (provider.AuthProvider, error) { return hap, err } - for i := range hap.Users { + hap.userMap = make(map[string]*HAUser) + + for i, u := range hap.Users { hap.Users[i].AuthProvider = hap + hap.userMap[u.Username] = &hap.Users[i] } return hap, nil } +func (hap *HomeAssistantProvider) Lookup(pu provider.ProviderUser) provider.ProviderUser { + u, has := hap.userMap[pu.(*HAUser).Username] + if !has { + return nil + } + + return u +} + func (hap *HomeAssistantProvider) hashPass(p string) ([]byte, error) { return bcrypt.GenerateFromPassword([]byte(p), bcrypt.DefaultCost) } @@ -110,7 +123,7 @@ func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]i } func (hap *HomeAssistantProvider) NewCredData() interface{} { - return &UserData{} + return &HAUser{} } func (hap *HomeAssistantProvider) FlowSchema() []provider.FlowSchemaItem { diff --git a/pkg/auth/provider/provider.go b/pkg/auth/provider/provider.go index b8f3bde..a34bed0 100644 --- a/pkg/auth/provider/provider.go +++ b/pkg/auth/provider/provider.go @@ -16,6 +16,7 @@ type AuthProvider interface { // TODO: this should include stepping FlowSchema() []FlowSchemaItem NewCredData() interface{} ValidateCreds(r *http.Request, reqMap map[string]interface{}) (user ProviderUser, success bool) + Lookup(ProviderUser) ProviderUser } func Register(providerName string, f func(storage.Store) (AuthProvider, error)) { @@ -23,6 +24,7 @@ func Register(providerName string, f func(storage.Store) (AuthProvider, error)) } type ProviderUser interface { + // TODO: make sure this is sane with all the ProviderUser and UserData type stuf UserData() ProviderUser } diff --git a/pkg/auth/provider/trustednets/trustednets.go b/pkg/auth/provider/trustednets/trustednets.go index d3ae9f3..5c3dcb8 100644 --- a/pkg/auth/provider/trustednets/trustednets.go +++ b/pkg/auth/provider/trustednets/trustednets.go @@ -46,6 +46,10 @@ func New(s storage.Store) (provider.AuthProvider, error) { return hap, nil } +func (tnp *TrustedNetworksProvider) Lookup(pu provider.ProviderUser) provider.ProviderUser { + return pu +} + func (hap *TrustedNetworksProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) { /* if req.RemoteAddr in allowed then do the thing diff --git a/pkg/auth/session.go b/pkg/auth/session.go index 05ee3c3..7c2fb73 100644 --- a/pkg/auth/session.go +++ b/pkg/auth/session.go @@ -124,9 +124,7 @@ func (a *Authenticator) verifyAndGetCredential(tr *TokenRequest, r *http.Request return nil } - cred := &Credential{ - user: user, - } + cred := a.store.Credential(user) return cred } diff --git a/pkg/auth/store.go b/pkg/auth/store.go index ece416a..aa3cc40 100644 --- a/pkg/auth/store.go +++ b/pkg/auth/store.go @@ -14,6 +14,7 @@ const ( type AuthStore interface { User(UserID) *User + Credential(provider.ProviderUser) *Credential } type authStore struct { @@ -23,6 +24,16 @@ type authStore struct { Refresh []RefreshToken `json:"refresh_tokens"` userMap map[UserID]*User + providerUsers map[provider.ProviderUser]*Credential +} + +func (as *authStore) Credential(p provider.ProviderUser) *Credential { + c, have := as.providerUsers[p] + if !have { + return nil + } + + return c } func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error) { @@ -30,6 +41,7 @@ func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error) err = s.Get(AuthStoreKey, as) as.userMap = make(map[UserID]*User) + as.providerUsers = make(map[provider.ProviderUser]*Credential) for _, u := range as.Users { as.userMap[u.ID] = &u @@ -49,7 +61,11 @@ func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error) return nil, err } - c.user = pd.(provider.ProviderUser) + c.user = prov.Lookup(pd.(provider.ProviderUser)) + if c.user == nil { + return nil, fmt.Errorf("cannot find user in provider %s", prov.ProviderName()) + } + as.providerUsers[c.user] = &c } }