diff --git a/auth/auth.go b/auth/auth.go index 02d3ad37..4fceb0fd 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -235,7 +235,7 @@ func HandleHeadlessSSO(w http.ResponseWriter, r *http.Request) { } } if err = netcache.Del(stateStr); err != nil { - logger.Log(0, "failed to remove node SSO cache entry", err.Error()) + logger.Log(0, "failed to remove SSO cache entry", err.Error()) } if err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, "")); err != nil { logger.Log(0, "write close:", err.Error()) diff --git a/auth/headless_callback.go b/auth/headless_callback.go new file mode 100644 index 00000000..665b6c4f --- /dev/null +++ b/auth/headless_callback.go @@ -0,0 +1,93 @@ +package auth + +import ( + "bytes" + "fmt" + "net/http" + + "github.com/gravitl/netmaker/logger" + "github.com/gravitl/netmaker/logic" + "github.com/gravitl/netmaker/logic/pro/netcache" + "github.com/gravitl/netmaker/models" + "github.com/gravitl/netmaker/servercfg" +) + +// HandleHeadlessSSOCallback - handle OAuth callback for headless logins such as Netmaker CLI +func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) { + functions := getCurrentAuthFunctions() + if functions == nil { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("bad conf")) + logger.Log(0, "Missing Oauth config in HandleHeadlessSSOCallback") + return + } + state, code := getStateAndCode(r) + + userClaims, err := functions[get_user_info].(func(string, string) (*OAuthUser, error))(state, code) + if err != nil { + logger.Log(0, "error when getting user info from callback:", err.Error()) + http.Redirect(w, r, servercfg.GetFrontendURL()+"/login?oauth=callback-error", http.StatusTemporaryRedirect) + return + } + + if code == "" || state == "" { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("Wrong params")) + logger.Log(0, "Missing params in HandleHeadlessSSOCallback") + return + } + + // all responses should be in html format from here on out + w.Header().Add("content-type", "text/html; charset=utf-8") + + // retrieve machinekey from state cache + reqKeyIf, machineKeyFoundErr := netcache.Get(state) + if machineKeyFoundErr != nil { + logger.Log(0, "requested machine state key expired before authorisation completed -", machineKeyFoundErr.Error()) + response := returnErrTemplate("", "requested machine state key expired before authorisation completed", state, reqKeyIf) + w.WriteHeader(http.StatusInternalServerError) + w.Write(response) + return + } + + _, err = logic.GetUser(userClaims.getUserName()) + if err != nil { // user must not exists, so try to make one + if err = addUser(userClaims.getUserName()); err != nil { + logger.Log(1, "could not create new user: ", userClaims.getUserName()) + return + } + } + newPass, fetchErr := fetchPassValue("") + if fetchErr != nil { + return + } + jwt, jwtErr := logic.VerifyAuthRequest(models.UserAuthParams{ + UserName: userClaims.getUserName(), + Password: newPass, + }) + if jwtErr != nil { + logger.Log(1, "could not parse jwt for user", userClaims.getUserName()) + return + } + + logger.Log(1, "headless SSO login by user:", userClaims.getUserName()) + + // Send OK to user in the browser + var response bytes.Buffer + if err := ssoCallbackTemplate.Execute(&response, ssoCallbackTemplateConfig{ + User: userClaims.getUserName(), + Verb: "Authenticated", + }); err != nil { + logger.Log(0, "Could not render SSO callback template ", err.Error()) + response := returnErrTemplate(userClaims.getUserName(), "Could not render SSO callback template", state, reqKeyIf) + w.WriteHeader(http.StatusInternalServerError) + w.Write(response) + } else { + w.WriteHeader(http.StatusOK) + w.Write(response.Bytes()) + } + reqKeyIf.Pass = fmt.Sprintf("JWT: %s", jwt) + if err = netcache.Set(state, reqKeyIf); err != nil { + logger.Log(0, "failed to set netcache for user", reqKeyIf.User, "-", err.Error()) + } +} diff --git a/auth/nodecallback.go b/auth/nodecallback.go index 8385a1bd..d1c8a0c5 100644 --- a/auth/nodecallback.go +++ b/auth/nodecallback.go @@ -122,86 +122,6 @@ func HandleNodeSSOCallback(w http.ResponseWriter, r *http.Request) { } } -// HandleHeadlessSSOCallback - handle OAuth callback for headless logins such as Netmaker CLI -func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) { - functions := getCurrentAuthFunctions() - if functions == nil { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("bad conf")) - logger.Log(0, "Missing Oauth config in HandleHeadlessSSOCallback") - return - } - state, code := getStateAndCode(r) - - userClaims, err := functions[get_user_info].(func(string, string) (*OAuthUser, error))(state, code) - if err != nil { - logger.Log(0, "error when getting user info from callback:", err.Error()) - http.Redirect(w, r, servercfg.GetFrontendURL()+"/login?oauth=callback-error", http.StatusTemporaryRedirect) - return - } - - if code == "" || state == "" { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("Wrong params")) - logger.Log(0, "Missing params in HandleHeadlessSSOCallback") - return - } - - // all responses should be in html format from here on out - w.Header().Add("content-type", "text/html; charset=utf-8") - - // retrieve machinekey from state cache - reqKeyIf, machineKeyFoundErr := netcache.Get(state) - if machineKeyFoundErr != nil { - logger.Log(0, "requested machine state key expired before authorisation completed -", machineKeyFoundErr.Error()) - response := returnErrTemplate("", "requested machine state key expired before authorisation completed", state, reqKeyIf) - w.WriteHeader(http.StatusInternalServerError) - w.Write(response) - return - } - - _, err = logic.GetUser(userClaims.getUserName()) - if err != nil { // user must not exists, so try to make one - if err = addUser(userClaims.getUserName()); err != nil { - logger.Log(1, "could not create new user: ", userClaims.getUserName()) - return - } - } - newPass, fetchErr := fetchPassValue("") - if fetchErr != nil { - return - } - jwt, jwtErr := logic.VerifyAuthRequest(models.UserAuthParams{ - UserName: userClaims.getUserName(), - Password: newPass, - }) - if jwtErr != nil { - logger.Log(1, "could not parse jwt for user", userClaims.getUserName()) - return - } - - logger.Log(1, "headless SSO login by user:", userClaims.getUserName()) - - // Send OK to user in the browser - var response bytes.Buffer - if err := ssoCallbackTemplate.Execute(&response, ssoCallbackTemplateConfig{ - User: userClaims.getUserName(), - Verb: "Authenticated", - }); err != nil { - logger.Log(0, "Could not render SSO callback template ", err.Error()) - response := returnErrTemplate(userClaims.getUserName(), "Could not render SSO callback template", state, reqKeyIf) - w.WriteHeader(http.StatusInternalServerError) - w.Write(response) - } else { - w.WriteHeader(http.StatusOK) - w.Write(response.Bytes()) - } - reqKeyIf.Pass = fmt.Sprintf("JWT: %s", jwt) - if err = netcache.Set(state, reqKeyIf); err != nil { - logger.Log(0, "failed to set netcache for user", reqKeyIf.User, "-", err.Error()) - } -} - func setNetcache(ncache *netcache.CValue, state string) error { if ncache == nil { return fmt.Errorf("cache miss") diff --git a/cli/functions/http_client.go b/cli/functions/http_client.go index cde0644e..e7f48e2b 100644 --- a/cli/functions/http_client.go +++ b/cli/functions/http_client.go @@ -35,7 +35,7 @@ func ssoLogin(endpoint string) string { if err != nil { log.Fatal("error reading from server: ", err.Error()) } - fmt.Printf("Please visit:\n %s \n to authenticate", string(msg)) + fmt.Printf("Please visit:\n %s \n to authenticate\n", string(msg)) done := make(chan struct{}) defer close(done) go func() { @@ -56,7 +56,6 @@ func ssoLogin(endpoint string) string { return } if strings.Contains(string(msg), "JWT: ") { - // Access was granted authToken = strings.TrimPrefix(string(msg), "JWT: ") } else { logger.Log(0, "Message from server:", string(msg))