zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-28 03:01:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

good first draft, fixed test

Browse Source
This commit is contained in:
0xdcarns
2021-10-21 20:32:23 -04:00
parent 4e4e8b3ab5
commit 7939e5968f
6 changed files with 177 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
auth/auth.go
View File

@@ -4,6 +4,8 @@ import (
"encoding/json" "encoding/json"
"net/http" "net/http"
"github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/servercfg" "github.com/gravitl/netmaker/servercfg"
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
@@ -18,6 +20,7 @@ const (
azure_ad_provider_name = "azure-ad" azure_ad_provider_name = "azure-ad"
github_provider_name = "github" github_provider_name = "github"
verify_user = "verifyuser" verify_user = "verifyuser"
auth_key = "netmaker_auth"
) )
var oauth_state_string = "netmaker-oauth-state" // should be set randomly each provider login var oauth_state_string = "netmaker-oauth-state" // should be set randomly each provider login
@@ -49,6 +52,10 @@ func InitializeAuthProvider() string {
if functions == nil { if functions == nil {
return "" return ""
} }
var _, err = fetchPassValue(logic.RandomString(64))
if err != nil {
return ""
}
var authInfo = servercfg.GetAuthProviderInfo() var authInfo = servercfg.GetAuthProviderInfo()
functions[init_provider].(func(string, string, string))(servercfg.GetAPIConnString()+"/api/oauth/callback", authInfo[1], authInfo[2]) functions[init_provider].(func(string, string, string))(servercfg.GetAPIConnString()+"/api/oauth/callback", authInfo[1], authInfo[2])
return authInfo[0] return authInfo[0]
@@ -72,16 +79,60 @@ func HandleAuthLogin(w http.ResponseWriter, r *http.Request) {
functions[handle_login].(func(http.ResponseWriter, *http.Request))(w, r) functions[handle_login].(func(http.ResponseWriter, *http.Request))(w, r)
} }
// VerifyUserToken - checks if oauth2 token is valid // == private methods ==
func VerifyUserToken(accessToken string) bool {
var token = &oauth2.Token{} func addUser(email string) error {
var err = json.Unmarshal([]byte(accessToken), token) var hasAdmin, err = logic.HasAdmin()
if err != nil || !token.Valid() { if err != nil {
return false logic.Log("error checking for existence of admin user during OAuth login for "+email+", user not added", 1)
return err
} // generate random password to adapt to current model
var newPass, fetchErr = fetchPassValue("")
if fetchErr != nil {
return fetchErr
} }
var functions = getCurrentAuthFunctions() var newUser = models.User{
if functions == nil { UserName: email,
return false Password: newPass,
} }
return functions[verify_user].(func(*oauth2.Token) bool)(token) if !hasAdmin { // must be first attempt, create an admin
if newUser, err = logic.CreateAdmin(newUser); err != nil {
logic.Log("error creating admin from user, "+email+", user not added", 1)
} else {
logic.Log("admin created from user, "+email+", was first user added", 0)
}
} else { // otherwise add to db as admin..?
// TODO: add ability to add users with preemptive permissions
newUser.IsAdmin = true
if newUser, err = logic.CreateUser(newUser); err != nil {
logic.Log("error creating user, "+email+", user not added", 1)
} else {
logic.Log("user created from, "+email+"", 0)
}
}
return nil
}
func fetchPassValue(newValue string) (string, error) {
type valueHolder struct {
Value string `json:"value" bson:"value"`
}
var newValueHolder = &valueHolder{
Value: newValue,
}
var data, marshalErr = json.Marshal(newValueHolder)
if marshalErr != nil {
return "", marshalErr
}
var currentValue, err = logic.FetchAuthSecret(auth_key, string(data))
if err != nil {
return "", err
}
var unmarshErr = json.Unmarshal([]byte(currentValue), newValueHolder)
if unmarshErr != nil {
return "", unmarshErr
}
return newValueHolder.Value, nil
} }

27
auth/google.go
View File

@@ -7,6 +7,7 @@ import (
"net/http" "net/http"
"github.com/gravitl/netmaker/logic" "github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/servercfg" "github.com/gravitl/netmaker/servercfg"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
@@ -34,7 +35,7 @@ func initGoogle(redirectURL string, clientID string, clientSecret string) {
func handleGoogleLogin(w http.ResponseWriter, r *http.Request) { func handleGoogleLogin(w http.ResponseWriter, r *http.Request) {
oauth_state_string = logic.RandomString(16) oauth_state_string = logic.RandomString(16)
url := auth_provider.AuthCodeURL(oauth_state_string) var url = auth_provider.AuthCodeURL(oauth_state_string)
http.Redirect(w, r, url, http.StatusTemporaryRedirect) http.Redirect(w, r, url, http.StatusTemporaryRedirect)
} }
@@ -46,8 +47,30 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, servercfg.GetFrontendURL()+"?oauth=callback-error", http.StatusTemporaryRedirect) http.Redirect(w, r, servercfg.GetFrontendURL()+"?oauth=callback-error", http.StatusTemporaryRedirect)
return return
} }
_, err = logic.GetUser(content.Email)
if err != nil { // user must not exists, so try to make one
if err = addUser(content.Email); err != nil {
return
}
}
var newPass, fetchErr = fetchPassValue("")
if fetchErr != nil {
return
}
// send a netmaker jwt token
var authRequest = models.UserAuthParams{
UserName: content.Email,
Password: newPass,
}
var jwt, jwtErr = logic.VerifyAuthRequest(authRequest)
if jwtErr != nil {
logic.Log("could not parse jwt for user "+authRequest.UserName, 1)
return
}
logic.Log("completed google oauth sigin in for "+content.Email, 0) logic.Log("completed google oauth sigin in for "+content.Email, 0)
http.Redirect(w, r, servercfg.GetFrontendURL()+"?oauth="+content.AccessToken+"&email="+content.Email, http.StatusPermanentRedirect) http.Redirect(w, r, servercfg.GetFrontendURL()+"?login="+jwt+"&email="+content.Email, http.StatusPermanentRedirect)
} }
func getUserInfo(state string, code string) (*OauthUser, error) { func getUserInfo(state string, code string) (*OauthUser, error) {

32
controllers/userHttpController.go
View File

@@ -12,7 +12,6 @@ import (
"github.com/gravitl/netmaker/functions" "github.com/gravitl/netmaker/functions"
"github.com/gravitl/netmaker/logic" "github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
"golang.org/x/crypto/bcrypt"
) )
func userHandlers(r *mux.Router) { func userHandlers(r *mux.Router) {
@@ -53,7 +52,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
return return
} }
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
if err != nil { if err != nil {
returnErrorResponse(response, request, formatError(err, "badrequest")) returnErrorResponse(response, request, formatError(err, "badrequest"))
return return
@@ -86,35 +85,6 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
response.Write(successJSONResponse) response.Write(successJSONResponse)
} }
// VerifyAuthRequest - verifies an auth request
func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
var result models.User
if authRequest.UserName == "" {
return "", errors.New("username can't be empty")
} else if authRequest.Password == "" {
return "", errors.New("password can't be empty")
}
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved).
record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName)
if err != nil {
return "", errors.New("incorrect credentials")
}
if err = json.Unmarshal([]byte(record), &result); err != nil {
return "", errors.New("incorrect credentials")
}
// compare password from request to stored password in database
// might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
// TODO: Consider a way of hashing the password client side before sending, or using certificates
if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil {
return "", errors.New("incorrect credentials")
}
//Create a new JWT for the node
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
return tokenString, nil
}
// The middleware for most requests to the API // The middleware for most requests to the API
// They all pass through here first // They all pass through here first
// This will validate the JWT (or check for master token) // This will validate the JWT (or check for master token)

91
controllers/userHttpController_test.go
View File

@@ -4,52 +4,53 @@ import (
"testing" "testing"
"github.com/gravitl/netmaker/database" "github.com/gravitl/netmaker/database"
"github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
func deleteAllUsers() { func deleteAllUsers() {
users, _ := GetUsers() users, _ := logic.GetUsers()
for _, user := range users { for _, user := range users {
DeleteUser(user.UserName) logic.DeleteUser(user.UserName)
} }
} }
func TestHasAdmin(t *testing.T) { func TestHasAdmin(t *testing.T) {
//delete all current users //delete all current users
database.InitializeDatabase() database.InitializeDatabase()
users, _ := GetUsers() users, _ := logic.GetUsers()
for _, user := range users { for _, user := range users {
success, err := DeleteUser(user.UserName) success, err := logic.DeleteUser(user.UserName)
assert.Nil(t, err) assert.Nil(t, err)
assert.True(t, success) assert.True(t, success)
} }
t.Run("NoUser", func(t *testing.T) { t.Run("NoUser", func(t *testing.T) {
found, err := HasAdmin() found, err := logic.HasAdmin()
assert.Nil(t, err) assert.Nil(t, err)
assert.False(t, found) assert.False(t, found)
}) })
t.Run("No admin user", func(t *testing.T) { t.Run("No admin user", func(t *testing.T) {
var user = models.User{"noadmin", "password", nil, false} var user = models.User{"noadmin", "password", nil, false}
_, err := CreateUser(user) _, err := logic.CreateUser(user)
assert.Nil(t, err) assert.Nil(t, err)
found, err := HasAdmin() found, err := logic.HasAdmin()
assert.Nil(t, err) assert.Nil(t, err)
assert.False(t, found) assert.False(t, found)
}) })
t.Run("admin user", func(t *testing.T) { t.Run("admin user", func(t *testing.T) {
var user = models.User{"admin", "password", nil, true} var user = models.User{"admin", "password", nil, true}
_, err := CreateUser(user) _, err := logic.CreateUser(user)
assert.Nil(t, err) assert.Nil(t, err)
found, err := HasAdmin() found, err := logic.HasAdmin()
assert.Nil(t, err) assert.Nil(t, err)
assert.True(t, found) assert.True(t, found)
}) })
t.Run("multiple admins", func(t *testing.T) { t.Run("multiple admins", func(t *testing.T) {
var user = models.User{"admin1", "password", nil, true} var user = models.User{"admin1", "password", nil, true}
_, err := CreateUser(user) _, err := logic.CreateUser(user)
assert.Nil(t, err) assert.Nil(t, err)
found, err := HasAdmin() found, err := logic.HasAdmin()
assert.Nil(t, err) assert.Nil(t, err)
assert.True(t, found) assert.True(t, found)
}) })
@@ -60,12 +61,12 @@ func TestCreateUser(t *testing.T) {
deleteAllUsers() deleteAllUsers()
user := models.User{"admin", "password", nil, true} user := models.User{"admin", "password", nil, true}
t.Run("NoUser", func(t *testing.T) { t.Run("NoUser", func(t *testing.T) {
admin, err := CreateUser(user) admin, err := logic.CreateUser(user)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, user.UserName, admin.UserName) assert.Equal(t, user.UserName, admin.UserName)
}) })
t.Run("UserExists", func(t *testing.T) { t.Run("UserExists", func(t *testing.T) {
_, err := CreateUser(user) _, err := logic.CreateUser(user)
assert.NotNil(t, err) assert.NotNil(t, err)
assert.EqualError(t, err, "user exists") assert.EqualError(t, err, "user exists")
}) })
@@ -78,14 +79,14 @@ func TestCreateAdmin(t *testing.T) {
t.Run("NoAdmin", func(t *testing.T) { t.Run("NoAdmin", func(t *testing.T) {
user.UserName = "admin" user.UserName = "admin"
user.Password = "password" user.Password = "password"
admin, err := CreateAdmin(user) admin, err := logic.CreateAdmin(user)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, user.UserName, admin.UserName) assert.Equal(t, user.UserName, admin.UserName)
}) })
t.Run("AdminExists", func(t *testing.T) { t.Run("AdminExists", func(t *testing.T) {
user.UserName = "admin2" user.UserName = "admin2"
user.Password = "password1" user.Password = "password1"
admin, err := CreateAdmin(user) admin, err := logic.CreateAdmin(user)
assert.EqualError(t, err, "admin user already exists") assert.EqualError(t, err, "admin user already exists")
assert.Equal(t, admin, models.User{}) assert.Equal(t, admin, models.User{})
}) })
@@ -95,14 +96,14 @@ func TestDeleteUser(t *testing.T) {
database.InitializeDatabase() database.InitializeDatabase()
deleteAllUsers() deleteAllUsers()
t.Run("NonExistent User", func(t *testing.T) { t.Run("NonExistent User", func(t *testing.T) {
deleted, err := DeleteUser("admin") deleted, err := logic.DeleteUser("admin")
assert.EqualError(t, err, "user does not exist") assert.EqualError(t, err, "user does not exist")
assert.False(t, deleted) assert.False(t, deleted)
}) })
t.Run("Existing User", func(t *testing.T) { t.Run("Existing User", func(t *testing.T) {
user := models.User{"admin", "password", nil, true} user := models.User{"admin", "password", nil, true}
CreateUser(user) logic.CreateUser(user)
deleted, err := DeleteUser("admin") deleted, err := logic.DeleteUser("admin")
assert.Nil(t, err) assert.Nil(t, err)
assert.True(t, deleted) assert.True(t, deleted)
}) })
@@ -114,44 +115,44 @@ func TestValidateUser(t *testing.T) {
t.Run("Valid Create", func(t *testing.T) { t.Run("Valid Create", func(t *testing.T) {
user.UserName = "admin" user.UserName = "admin"
user.Password = "validpass" user.Password = "validpass"
err := ValidateUser("create", user) err := logic.ValidateUser(user)
assert.Nil(t, err) assert.Nil(t, err)
}) })
t.Run("Valid Update", func(t *testing.T) { t.Run("Valid Update", func(t *testing.T) {
user.UserName = "admin" user.UserName = "admin"
user.Password = "password" user.Password = "password"
err := ValidateUser("update", user) err := logic.ValidateUser(user)
assert.Nil(t, err) assert.Nil(t, err)
}) })
t.Run("Invalid UserName", func(t *testing.T) { t.Run("Invalid UserName", func(t *testing.T) {
t.Skip() t.Skip()
user.UserName = "*invalid" user.UserName = "*invalid"
err := ValidateUser("create", user) err := logic.ValidateUser(user)
assert.Error(t, err) assert.Error(t, err)
//assert.Contains(t, err.Error(), "Field validation for 'UserName' failed") //assert.Contains(t, err.Error(), "Field validation for 'UserName' failed")
}) })
t.Run("Short UserName", func(t *testing.T) { t.Run("Short UserName", func(t *testing.T) {
t.Skip() t.Skip()
user.UserName = "1" user.UserName = "1"
err := ValidateUser("create", user) err := logic.ValidateUser(user)
assert.NotNil(t, err) assert.NotNil(t, err)
//assert.Contains(t, err.Error(), "Field validation for 'UserName' failed") //assert.Contains(t, err.Error(), "Field validation for 'UserName' failed")
}) })
t.Run("Empty UserName", func(t *testing.T) { t.Run("Empty UserName", func(t *testing.T) {
t.Skip() t.Skip()
user.UserName = "" user.UserName = ""
err := ValidateUser("create", user) err := logic.ValidateUser(user)
assert.EqualError(t, err, "some string") assert.EqualError(t, err, "some string")
//assert.Contains(t, err.Error(), "Field validation for 'UserName' failed") //assert.Contains(t, err.Error(), "Field validation for 'UserName' failed")
}) })
t.Run("EmptyPassword", func(t *testing.T) { t.Run("EmptyPassword", func(t *testing.T) {
user.Password = "" user.Password = ""
err := ValidateUser("create", user) err := logic.ValidateUser(user)
assert.EqualError(t, err, "Key: 'User.Password' Error:Field validation for 'Password' failed on the 'required' tag") assert.EqualError(t, err, "Key: 'User.Password' Error:Field validation for 'Password' failed on the 'required' tag")
}) })
t.Run("ShortPassword", func(t *testing.T) { t.Run("ShortPassword", func(t *testing.T) {
user.Password = "123" user.Password = "123"
err := ValidateUser("create", user) err := logic.ValidateUser(user)
assert.EqualError(t, err, "Key: 'User.Password' Error:Field validation for 'Password' failed on the 'min' tag") assert.EqualError(t, err, "Key: 'User.Password' Error:Field validation for 'Password' failed on the 'min' tag")
}) })
} }
@@ -160,14 +161,14 @@ func TestGetUser(t *testing.T) {
database.InitializeDatabase() database.InitializeDatabase()
deleteAllUsers() deleteAllUsers()
t.Run("NonExistantUser", func(t *testing.T) { t.Run("NonExistantUser", func(t *testing.T) {
admin, err := GetUser("admin") admin, err := logic.GetUser("admin")
assert.EqualError(t, err, "could not find any records") assert.EqualError(t, err, "could not find any records")
assert.Equal(t, "", admin.UserName) assert.Equal(t, "", admin.UserName)
}) })
t.Run("UserExisits", func(t *testing.T) { t.Run("UserExisits", func(t *testing.T) {
user := models.User{"admin", "password", nil, true} user := models.User{"admin", "password", nil, true}
CreateUser(user) logic.CreateUser(user)
admin, err := GetUser("admin") admin, err := logic.GetUser("admin")
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, user.UserName, admin.UserName) assert.Equal(t, user.UserName, admin.UserName)
}) })
@@ -183,7 +184,7 @@ func TestGetUserInternal(t *testing.T) {
}) })
t.Run("UserExisits", func(t *testing.T) { t.Run("UserExisits", func(t *testing.T) {
user := models.User{"admin", "password", nil, true} user := models.User{"admin", "password", nil, true}
CreateUser(user) logic.CreateUser(user)
admin, err := GetUserInternal("admin") admin, err := GetUserInternal("admin")
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, user.UserName, admin.UserName) assert.Equal(t, user.UserName, admin.UserName)
@@ -194,21 +195,21 @@ func TestGetUsers(t *testing.T) {
database.InitializeDatabase() database.InitializeDatabase()
deleteAllUsers() deleteAllUsers()
t.Run("NonExistantUser", func(t *testing.T) { t.Run("NonExistantUser", func(t *testing.T) {
admin, err := GetUsers() admin, err := logic.GetUsers()
assert.EqualError(t, err, "could not find any records") assert.EqualError(t, err, "could not find any records")
assert.Equal(t, []models.ReturnUser(nil), admin) assert.Equal(t, []models.ReturnUser(nil), admin)
}) })
t.Run("UserExisits", func(t *testing.T) { t.Run("UserExisits", func(t *testing.T) {
user := models.User{"admin", "password", nil, true} user := models.User{"admin", "password", nil, true}
CreateUser(user) logic.CreateUser(user)
admins, err := GetUsers() admins, err := logic.GetUsers()
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, user.UserName, admins[0].UserName) assert.Equal(t, user.UserName, admins[0].UserName)
}) })
t.Run("MulipleUsers", func(t *testing.T) { t.Run("MulipleUsers", func(t *testing.T) {
user := models.User{"user", "password", nil, true} user := models.User{"user", "password", nil, true}
CreateUser(user) logic.CreateUser(user)
admins, err := GetUsers() admins, err := logic.GetUsers()
assert.Nil(t, err) assert.Nil(t, err)
for _, u := range admins { for _, u := range admins {
if u.UserName == "admin" { if u.UserName == "admin" {
@@ -227,14 +228,14 @@ func TestUpdateUser(t *testing.T) {
user := models.User{"admin", "password", nil, true} user := models.User{"admin", "password", nil, true}
newuser := models.User{"hello", "world", []string{"wirecat, netmaker"}, true} newuser := models.User{"hello", "world", []string{"wirecat, netmaker"}, true}
t.Run("NonExistantUser", func(t *testing.T) { t.Run("NonExistantUser", func(t *testing.T) {
admin, err := UpdateUser(newuser, user) admin, err := logic.UpdateUser(newuser, user)
assert.EqualError(t, err, "could not find any records") assert.EqualError(t, err, "could not find any records")
assert.Equal(t, "", admin.UserName) assert.Equal(t, "", admin.UserName)
}) })
t.Run("UserExists", func(t *testing.T) { t.Run("UserExists", func(t *testing.T) {
CreateUser(user) logic.CreateUser(user)
admin, err := UpdateUser(newuser, user) admin, err := logic.UpdateUser(newuser, user)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, newuser.UserName, admin.UserName) assert.Equal(t, newuser.UserName, admin.UserName)
}) })
@@ -271,43 +272,43 @@ func TestVerifyAuthRequest(t *testing.T) {
t.Run("EmptyUserName", func(t *testing.T) { t.Run("EmptyUserName", func(t *testing.T) {
authRequest.UserName = "" authRequest.UserName = ""
authRequest.Password = "Password" authRequest.Password = "Password"
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
assert.Equal(t, "", jwt) assert.Equal(t, "", jwt)
assert.EqualError(t, err, "username can't be empty") assert.EqualError(t, err, "username can't be empty")
}) })
t.Run("EmptyPassword", func(t *testing.T) { t.Run("EmptyPassword", func(t *testing.T) {
authRequest.UserName = "admin" authRequest.UserName = "admin"
authRequest.Password = "" authRequest.Password = ""
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
assert.Equal(t, "", jwt) assert.Equal(t, "", jwt)
assert.EqualError(t, err, "password can't be empty") assert.EqualError(t, err, "password can't be empty")
}) })
t.Run("NonExistantUser", func(t *testing.T) { t.Run("NonExistantUser", func(t *testing.T) {
authRequest.UserName = "admin" authRequest.UserName = "admin"
authRequest.Password = "password" authRequest.Password = "password"
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
assert.Equal(t, "", jwt) assert.Equal(t, "", jwt)
assert.EqualError(t, err, "incorrect credentials") assert.EqualError(t, err, "incorrect credentials")
}) })
t.Run("Non-Admin", func(t *testing.T) { t.Run("Non-Admin", func(t *testing.T) {
user := models.User{"nonadmin", "somepass", nil, false} user := models.User{"nonadmin", "somepass", nil, false}
CreateUser(user) logic.CreateUser(user)
authRequest := models.UserAuthParams{"nonadmin", "somepass"} authRequest := models.UserAuthParams{"nonadmin", "somepass"}
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
assert.NotNil(t, jwt) assert.NotNil(t, jwt)
assert.Nil(t, err) assert.Nil(t, err)
}) })
t.Run("WrongPassword", func(t *testing.T) { t.Run("WrongPassword", func(t *testing.T) {
user := models.User{"admin", "password", nil, false} user := models.User{"admin", "password", nil, false}
CreateUser(user) logic.CreateUser(user)
authRequest := models.UserAuthParams{"admin", "badpass"} authRequest := models.UserAuthParams{"admin", "badpass"}
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
assert.Equal(t, "", jwt) assert.Equal(t, "", jwt)
assert.EqualError(t, err, "incorrect credentials") assert.EqualError(t, err, "incorrect credentials")
}) })
t.Run("Success", func(t *testing.T) { t.Run("Success", func(t *testing.T) {
authRequest := models.UserAuthParams{"admin", "password"} authRequest := models.UserAuthParams{"admin", "password"}
jwt, err := VerifyAuthRequest(authRequest) jwt, err := logic.VerifyAuthRequest(authRequest)
assert.Nil(t, err) assert.Nil(t, err)
assert.NotNil(t, jwt) assert.NotNil(t, jwt)
}) })

4
database/database.go
View File

@@ -39,6 +39,9 @@ const SERVERCONF_TABLE_NAME = "serverconf"
// DATABASE_FILENAME - database file name // DATABASE_FILENAME - database file name
const DATABASE_FILENAME = "netmaker.db" const DATABASE_FILENAME = "netmaker.db"
// GENERATED_TABLE_NAME - stores server generated k/v
const GENERATED_TABLE_NAME = "generated"
// == ERROR CONSTS == // == ERROR CONSTS ==
// NO_RECORD - no singular result found // NO_RECORD - no singular result found
@@ -114,6 +117,7 @@ func createTables() {
createTable(INT_CLIENTS_TABLE_NAME) createTable(INT_CLIENTS_TABLE_NAME)
createTable(PEERS_TABLE_NAME) createTable(PEERS_TABLE_NAME)
createTable(SERVERCONF_TABLE_NAME) createTable(SERVERCONF_TABLE_NAME)
createTable(GENERATED_TABLE_NAME)
} }
func createTable(tableName string) error { func createTable(tableName string) error {

40
logic/auth.go
View File

@@ -123,6 +123,35 @@ func CreateAdmin(admin models.User) (models.User, error) {
return CreateUser(admin) return CreateUser(admin)
} }
// VerifyAuthRequest - verifies an auth request
func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
var result models.User
if authRequest.UserName == "" {
return "", errors.New("username can't be empty")
} else if authRequest.Password == "" {
return "", errors.New("password can't be empty")
}
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved).
record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName)
if err != nil {
return "", errors.New("incorrect credentials")
}
if err = json.Unmarshal([]byte(record), &result); err != nil {
return "", errors.New("incorrect credentials")
}
// compare password from request to stored password in database
// might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
// TODO: Consider a way of hashing the password client side before sending, or using certificates
if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil {
return "", errors.New("incorrect credentials")
}
//Create a new JWT for the node
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
return tokenString, nil
}
// UpdateUser - updates a given user // UpdateUser - updates a given user
func UpdateUser(userchange models.User, user models.User) (models.User, error) { func UpdateUser(userchange models.User, user models.User) (models.User, error) {
//check if user exists //check if user exists
@@ -197,3 +226,14 @@ func DeleteUser(user string) (bool, error) {
} }
return true, nil return true, nil
} }
// FetchAuthSecret - manages secrets for oauth
func FetchAuthSecret(key string, secret string) (string, error) {
var record, err = database.FetchRecord(database.GENERATED_TABLE_NAME, key)
if err != nil {
if err = database.Insert(key, secret, database.GENERATED_TABLE_NAME); err != nil {
return "", err
}
}
return record, nil
}