Compare commits
3 commits
1aa1296732
...
9f39049dd6
Author | SHA1 | Date | |
---|---|---|---|
9f39049dd6 | |||
a540f94108 | |||
25c3e9421f |
7 changed files with 47 additions and 44 deletions
|
@ -35,14 +35,14 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Flow struct {
|
type Flow struct {
|
||||||
Type FlowType `json:"type"`
|
Type FlowType `json:"type"`
|
||||||
ID FlowID `json:"flow_id"`
|
ID FlowID `json:"flow_id"`
|
||||||
Handler []*string `json:"handler"`
|
Handler []*string `json:"handler"`
|
||||||
StepID *Step `json:"step_id,omitempty"`
|
StepID *Step `json:"step_id,omitempty"`
|
||||||
Schema []provider.FlowSchemaItem `json:"data_schema"`
|
Schema []provider.FlowSchemaItem `json:"data_schema"`
|
||||||
Errors interface{} `json:"errors"`
|
Errors interface{} `json:"errors"`
|
||||||
DescPlace *string `json:"description_placeholders"`
|
DescPlace *string `json:"description_placeholders"`
|
||||||
LastStep *string `json:"last_step"`
|
LastStep *string `json:"last_step"`
|
||||||
|
|
||||||
request *FlowRequest
|
request *FlowRequest
|
||||||
ctime time.Time
|
ctime time.Time
|
||||||
|
|
|
@ -39,7 +39,7 @@ func (h *HAUser) ProviderUserData() interface{} { return h.UserData() }
|
||||||
|
|
||||||
type HomeAssistantProvider struct {
|
type HomeAssistantProvider struct {
|
||||||
provider.AuthProviderBase `json:"-"`
|
provider.AuthProviderBase `json:"-"`
|
||||||
Users []HAUser `json:"users"`
|
Users []HAUser `json:"users"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHAProvider(s storage.Store) (provider.AuthProvider, error) {
|
func NewHAProvider(s storage.Store) (provider.AuthProvider, error) {
|
||||||
|
@ -127,4 +127,3 @@ func (hap *HomeAssistantProvider) FlowSchema() []provider.FlowSchemaItem {
|
||||||
func init() {
|
func init() {
|
||||||
provider.Register(HomeAssistant, NewHAProvider)
|
provider.Register(HomeAssistant, NewHAProvider)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -49,5 +49,3 @@ type FlowSchemaItem struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Required bool `json:"required"`
|
Required bool `json:"required"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ func New(s storage.Store) (provider.AuthProvider, error) {
|
||||||
|
|
||||||
func (hap *TrustedNetworksProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
|
func (hap *TrustedNetworksProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
|
||||||
/*
|
/*
|
||||||
if req.RemoteAddr in allowed then do the thing
|
if req.RemoteAddr in allowed then do the thing
|
||||||
*/
|
*/
|
||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
|
@ -73,4 +73,3 @@ func (hap *TrustedNetworksProvider) FlowSchema() []provider.FlowSchemaItem {
|
||||||
func init() {
|
func init() {
|
||||||
provider.Register(TrustedNetworks, New)
|
provider.Register(TrustedNetworks, New)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -66,20 +66,20 @@ func (ss *SessionStore) verify(tr *TokenRequest, r *http.Request) (provider.Prov
|
||||||
}
|
}
|
||||||
|
|
||||||
type Credential struct {
|
type Credential struct {
|
||||||
ID CredID `json:"id"`
|
ID CredID `json:"id"`
|
||||||
UserID UserID `json:"user_id"`
|
UserID UserID `json:"user_id"`
|
||||||
AuthProviderType string `json:"auth_provider_type"`
|
AuthProviderType string `json:"auth_provider_type"`
|
||||||
AuthProviderID *string `json:"auth_provider_id"`
|
AuthProviderID *string `json:"auth_provider_id"`
|
||||||
DataRaw json.RawMessage `json:"data,omitempty"`
|
DataRaw json.RawMessage `json:"data,omitempty"`
|
||||||
user provider.ProviderUser
|
user provider.ProviderUser
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cred *Credential) MarshalJSON() ([]byte, error) {
|
func (cred *Credential) MarshalJSON() ([]byte, error) {
|
||||||
rm := map[string]interface{}{
|
rm := map[string]interface{}{
|
||||||
"id": cred.ID,
|
"id": cred.ID,
|
||||||
"user_id": cred.UserID,
|
"user_id": cred.UserID,
|
||||||
"auth_provider_type": cred.user.ProviderType(),
|
"auth_provider_type": cred.user.ProviderType(),
|
||||||
"auth_provider_id": cred.user.ProviderID(),
|
"auth_provider_id": cred.user.ProviderID(),
|
||||||
}
|
}
|
||||||
|
|
||||||
providerData := cred.user.ProviderUserData()
|
providerData := cred.user.ProviderUserData()
|
||||||
|
@ -103,11 +103,12 @@ const defaultExpiration = 2 * time.Hour
|
||||||
|
|
||||||
func (a *Authenticator) NewToken(r *http.Request, user provider.ProviderUser, f *Flow) TokenID {
|
func (a *Authenticator) NewToken(r *http.Request, user provider.ProviderUser, f *Flow) TokenID {
|
||||||
id := TokenID(genUUID())
|
id := TokenID(genUUID())
|
||||||
|
now := time.Now()
|
||||||
|
|
||||||
t := &Token{
|
t := &Token{
|
||||||
ID: id,
|
ID: id,
|
||||||
Ctime: time.Now(),
|
Ctime: now,
|
||||||
Expires: time.Now().Add(defaultExpiration),
|
Expires: now.Add(defaultExpiration),
|
||||||
Addr: r.RemoteAddr,
|
Addr: r.RemoteAddr,
|
||||||
|
|
||||||
user: user,
|
user: user,
|
||||||
|
@ -122,7 +123,7 @@ type GrantType string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
GTAuthorizationCode GrantType = "authorization_code"
|
GTAuthorizationCode GrantType = "authorization_code"
|
||||||
GTRefreshToken GrantType = "refresh_token"
|
GTRefreshToken GrantType = "refresh_token"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ClientID string
|
type ClientID string
|
||||||
|
@ -134,8 +135,8 @@ func (c *ClientID) IsValid() bool {
|
||||||
|
|
||||||
type TokenRequest struct {
|
type TokenRequest struct {
|
||||||
ClientID ClientID `form:"client_id"`
|
ClientID ClientID `form:"client_id"`
|
||||||
Code TokenID `form:"code"`
|
Code TokenID `form:"code"`
|
||||||
GrantType GrantType `form:"grant_type"`
|
GrantType GrantType `form:"grant_type"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Authenticator) TokenHandler(c echo.Context) error {
|
func (a *Authenticator) TokenHandler(c echo.Context) error {
|
||||||
|
@ -162,7 +163,7 @@ func (a *Authenticator) TokenHandler(c echo.Context) error {
|
||||||
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: "bad user"})
|
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: "bad user"})
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := user.allowedToAuth(); err != nil {
|
if err := user.allowedToAuth(); err != nil {
|
||||||
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
|
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
|
||||||
}
|
}
|
||||||
return c.String(http.StatusOK, "token good I guess")
|
return c.String(http.StatusOK, "token good I guess")
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
"dynatron.me/x/blasphem/pkg/storage"
|
"dynatron.me/x/blasphem/pkg/storage"
|
||||||
)
|
)
|
||||||
|
@ -11,13 +11,13 @@ const (
|
||||||
AuthStoreKey = "auth"
|
AuthStoreKey = "auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
type AuthStore interface {
|
type AuthStore interface {
|
||||||
|
User(UserID) *User
|
||||||
}
|
}
|
||||||
|
|
||||||
type authStore struct {
|
type authStore struct {
|
||||||
Users []User `json:"users"`
|
Users []User `json:"users"`
|
||||||
Groups interface {} `json:"groups"`
|
Groups interface{} `json:"groups"`
|
||||||
Credentials []Credential `json:"credentials"`
|
Credentials []Credential `json:"credentials"`
|
||||||
|
|
||||||
userMap map[UserID]*User
|
userMap map[UserID]*User
|
||||||
|
@ -49,3 +49,7 @@ func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *authStore) User(uid UserID) *User {
|
||||||
|
return s.userMap[uid]
|
||||||
|
}
|
||||||
|
|
|
@ -11,18 +11,18 @@ type GroupID string
|
||||||
type CredID string
|
type CredID string
|
||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
ID UserID `json:"id"`
|
ID UserID `json:"id"`
|
||||||
GroupIDs []GroupID `json:"group_ids"`
|
GroupIDs []GroupID `json:"group_ids"`
|
||||||
Data interface{} `json:"data,omitempty"`
|
Data interface{} `json:"data,omitempty"`
|
||||||
UserMetadata
|
UserMetadata
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserMetadata struct {
|
type UserMetadata struct {
|
||||||
Active bool `json:"is_active"`
|
Active bool `json:"is_active"`
|
||||||
Owner bool `json:"is_owner"`
|
Owner bool `json:"is_owner"`
|
||||||
LocalOnly bool `json:"local_only"`
|
LocalOnly bool `json:"local_only"`
|
||||||
SystemGenerated bool `json:"system_generated"`
|
SystemGenerated bool `json:"system_generated"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *User) allowedToAuth() error {
|
func (u *User) allowedToAuth() error {
|
||||||
|
@ -35,8 +35,10 @@ func (u *User) allowedToAuth() error {
|
||||||
|
|
||||||
func (a *Authenticator) getOrCreateUser(c *Credential) (*User, error) {
|
func (a *Authenticator) getOrCreateUser(c *Credential) (*User, error) {
|
||||||
log.Debug().Interface("userdata", c.user.ProviderUserData()).Msg("getOrCreateUser")
|
log.Debug().Interface("userdata", c.user.ProviderUserData()).Msg("getOrCreateUser")
|
||||||
panic("not implemented")
|
u := a.store.User(c.UserID)
|
||||||
return &User{}, nil
|
if u == nil {
|
||||||
|
return nil, errors.New("no such user)
|
||||||
|
}
|
||||||
|
|
||||||
|
return u, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue