zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 17:29:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Oauth user logic cleanup (#2877)

Browse Source 
* additionl logs for oauth user flow

* add more debug logs

* add more debug logs

* add set auth secret

* fix fetch pass

* make sure auth secret is set only once

* make sure auth secret is set only once
This commit is contained in:
Abhishek K
2024-04-08 20:07:48 +05:30
committed by GitHub
parent b7c8b738d7
commit d3beb7e523
3 changed files with 44 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
auth/auth.go
View File

@@ -32,7 +32,6 @@ const (
github_provider_name = "github" github_provider_name = "github"
oidc_provider_name = "oidc" oidc_provider_name = "oidc"
verify_user = "verifyuser" verify_user = "verifyuser"
auth_key = "netmaker_auth"
user_signin_length = 16 user_signin_length = 16
node_signin_length = 64 node_signin_length = 64
headless_signin_length = 32 headless_signin_length = 32
@@ -75,10 +74,10 @@ func InitializeAuthProvider() string {
if functions == nil { if functions == nil {
return "" return ""
} }
var _, err = FetchPassValue(logic.RandomString(64)) logger.Log(0, "setting oauth secret")
var err = logic.SetAuthSecret(logic.RandomString(64))
if err != nil { if err != nil {
logger.Log(0, err.Error()) logger.FatalLog("failed to set auth_secret", err.Error())
return ""
} }
var authInfo = servercfg.GetAuthProviderInfo() var authInfo = servercfg.GetAuthProviderInfo()
var serverConn = servercfg.GetAPIHost() var serverConn = servercfg.GetAPIHost()
@@ -248,6 +247,7 @@ func addUser(email string) error {
} // generate random password to adapt to current model } // generate random password to adapt to current model
var newPass, fetchErr = FetchPassValue("") var newPass, fetchErr = FetchPassValue("")
if fetchErr != nil { if fetchErr != nil {
slog.Error("failed to get password", "error", err.Error())
return fetchErr return fetchErr
} }
var newUser = models.User{ var newUser = models.User{
@@ -255,6 +255,7 @@ func addUser(email string) error {
Password: newPass, Password: newPass,
} }
if !hasSuperAdmin { // must be first attempt, create a superadmin if !hasSuperAdmin { // must be first attempt, create a superadmin
logger.Log(0, "creating superadmin")
if err = logic.CreateSuperAdmin(&newUser); err != nil { if err = logic.CreateSuperAdmin(&newUser); err != nil {
slog.Error("error creating super admin from user", "email", email, "error", err) slog.Error("error creating super admin from user", "email", email, "error", err)
} else { } else {
@@ -264,7 +265,7 @@ func addUser(email string) error {
// TODO: add ability to add users with preemptive permissions // TODO: add ability to add users with preemptive permissions
newUser.IsAdmin = false newUser.IsAdmin = false
if err = logic.CreateUser(&newUser); err != nil { if err = logic.CreateUser(&newUser); err != nil {
logger.Log(1, "error creating user,", email, "; user not added") logger.Log(0, "error creating user,", email, "; user not added", "error", err.Error())
} else { } else {
logger.Log(0, "user created from ", email) logger.Log(0, "user created from ", email)
} }
@@ -277,20 +278,12 @@ func FetchPassValue(newValue string) (string, error) {
type valueHolder struct { type valueHolder struct {
Value string `json:"value" bson:"value"` Value string `json:"value" bson:"value"`
} }
var b64NewValue = base64.StdEncoding.EncodeToString([]byte(newValue)) newValueHolder := valueHolder{}
var newValueHolder = &valueHolder{ var currentValue, err = logic.FetchAuthSecret()
Value: b64NewValue,
}
var data, marshalErr = json.Marshal(newValueHolder)
if marshalErr != nil {
return "", marshalErr
}
var currentValue, err = logic.FetchAuthSecret(auth_key, string(data))
if err != nil { if err != nil {
return "", err return "", err
} }
var unmarshErr = json.Unmarshal([]byte(currentValue), newValueHolder) var unmarshErr = json.Unmarshal([]byte(currentValue), &newValueHolder)
if unmarshErr != nil { if unmarshErr != nil {
return "", unmarshErr return "", unmarshErr
} }

1
auth/google.go
View File

@@ -91,6 +91,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
} }
user, err := logic.GetUser(content.Email) user, err := logic.GetUser(content.Email)
if err != nil { if err != nil {
logger.Log(0, "error fetching user: ", err.Error())
handleOauthUserNotFound(w) handleOauthUserNotFound(w)
return return
} }

42
logic/auth.go
View File

@@ -1,6 +1,7 @@
package logic package logic
import ( import (
"encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@@ -15,6 +16,10 @@ import (
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
) )
const (
auth_key = "netmaker_auth"
)
// HasSuperAdmin - checks if server has an superadmin/owner // HasSuperAdmin - checks if server has an superadmin/owner
func HasSuperAdmin() (bool, error) { func HasSuperAdmin() (bool, error) {
@@ -96,12 +101,14 @@ func CreateUser(user *models.User) error {
} }
var err = ValidateUser(user) var err = ValidateUser(user)
if err != nil { if err != nil {
logger.Log(0, "failed to validate user", err.Error())
return err return err
} }
// encrypt that password so we never see it again // encrypt that password so we never see it again
hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 5) hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 5)
if err != nil { if err != nil {
logger.Log(0, "error encrypting pass", err.Error())
return err return err
} }
// set password to encrypted password // set password to encrypted password
@@ -109,6 +116,7 @@ func CreateUser(user *models.User) error {
tokenString, _ := CreateUserJWT(user.UserName, user.IsSuperAdmin, user.IsAdmin) tokenString, _ := CreateUserJWT(user.UserName, user.IsSuperAdmin, user.IsAdmin)
if tokenString == "" { if tokenString == "" {
logger.Log(0, "failed to generate token", err.Error())
return err return err
} }
@@ -117,10 +125,12 @@ func CreateUser(user *models.User) error {
// connect db // connect db
data, err := json.Marshal(user) data, err := json.Marshal(user)
if err != nil { if err != nil {
logger.Log(0, "failed to marshal", err.Error())
return err return err
} }
err = database.Insert(user.UserName, string(data), database.USERS_TABLE_NAME) err = database.Insert(user.UserName, string(data), database.USERS_TABLE_NAME)
if err != nil { if err != nil {
logger.Log(0, "failed to insert user", err.Error())
return err return err
} }
@@ -279,15 +289,31 @@ func DeleteUser(user string) (bool, error) {
return true, nil return true, nil
} }
// FetchAuthSecret - manages secrets for oauth func SetAuthSecret(secret string) error {
func FetchAuthSecret(key string, secret string) (string, error) { type valueHolder struct {
var record, err = database.FetchRecord(database.GENERATED_TABLE_NAME, key) Value string `json:"value" bson:"value"`
if err != nil {
if err = database.Insert(key, secret, database.GENERATED_TABLE_NAME); err != nil {
return "", err
} else {
return secret, nil
} }
record, err := FetchAuthSecret()
if err == nil {
v := valueHolder{}
json.Unmarshal([]byte(record), &v)
if v.Value != "" {
return nil
}
}
var b64NewValue = base64.StdEncoding.EncodeToString([]byte(secret))
newValueHolder := valueHolder{
Value: b64NewValue,
}
d, _ := json.Marshal(newValueHolder)
return database.Insert(auth_key, string(d), database.GENERATED_TABLE_NAME)
}
// FetchAuthSecret - manages secrets for oauth
func FetchAuthSecret() (string, error) {
var record, err = database.FetchRecord(database.GENERATED_TABLE_NAME, auth_key)
if err != nil {
return "", err
} }
return record, nil return record, nil
} }