aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2023-09-15 14:43:55 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2023-09-15 14:43:55 +0200
commitf8f417906ad9026cdf2ae6ac18a918cd4069312a (patch)
tree63d15d5ffe9b61bfb6c6ea441b75ed792eff8a7e
parent9c21c2e799449ae303ed764ba1677366d0571e8d (diff)
downloadguichet-f8f417906ad9026cdf2ae6ac18a918cd4069312a.tar.gz
guichet-f8f417906ad9026cdf2ae6ac18a918cd4069312a.zip
Implemented new authentication
-rw-r--r--api.go32
1 files changed, 21 insertions, 11 deletions
diff --git a/api.go b/api.go
index 1007914..9f3ef7b 100644
--- a/api.go
+++ b/api.go
@@ -2,9 +2,9 @@ package main
import (
//"context"
- //"errors"
+ "errors"
"fmt"
- //garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
+ garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
"github.com/go-ldap/ldap/v3"
//"github.com/gorilla/mux"
"log"
@@ -12,12 +12,12 @@ import (
"strings"
)
-func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
+func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) {
username, password, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
- return nil
+ return nil, errors.New("Missing or invalid 'Authenticate: Basic' field")
}
user_dn := buildUserDN(username)
@@ -31,14 +31,14 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
if l == nil {
log.Println(l)
http.Error(w, "Internal server error", http.StatusInternalServerError)
- return nil
+ return nil, errors.New("Unable to open LDAP connection")
}
err := l.Bind(login_info.DN, login_info.Password)
if err != nil {
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
- return nil
+ return nil, errors.New("Unable to bind this user+password combination on the LDAP server")
}
loginStatus := &LoginStatus{
@@ -73,13 +73,13 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
if err != nil {
log.Println(err)
http.Error(w, "Internal server error", http.StatusInternalServerError)
- return nil
+ return nil, errors.New("Unable to search essential information about the logged user on LDAP")
}
if len(sr.Entries) != 1 {
log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
http.Error(w, "Internal server error", http.StatusInternalServerError)
- return nil
+ return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)")
}
loginStatus.UserEntry = sr.Entries[0]
@@ -99,16 +99,26 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus {
}
}
- return loginStatus
+ return loginStatus, nil
+}
+
+func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
+ login, err := checkLoginAPI(w, r)
+ if err != nil {
+ return nil, nil, err
+ }
+ keyPair, err := checkS3(login)
+ return login, keyPair, err
}
func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
- login, s3key, err := checkLoginAndS3(w, r)
+ login, s3key, err := checkLoginAndS3API(w, r)
if err != nil {
log.Println(err)
return
}
- log.Println(login,s3key)
+
+ log.Println(login, s3key)
return
}