diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-09-15 14:43:55 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-09-15 14:43:55 +0200 |
commit | f8f417906ad9026cdf2ae6ac18a918cd4069312a (patch) | |
tree | 63d15d5ffe9b61bfb6c6ea441b75ed792eff8a7e | |
parent | 9c21c2e799449ae303ed764ba1677366d0571e8d (diff) | |
download | guichet-f8f417906ad9026cdf2ae6ac18a918cd4069312a.tar.gz guichet-f8f417906ad9026cdf2ae6ac18a918cd4069312a.zip |
Implemented new authentication
-rw-r--r-- | api.go | 32 |
1 files changed, 21 insertions, 11 deletions
@@ -2,9 +2,9 @@ package main import ( //"context" - //"errors" + "errors" "fmt" - //garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" + garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" "github.com/go-ldap/ldap/v3" //"github.com/gorilla/mux" "log" @@ -12,12 +12,12 @@ import ( "strings" ) -func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { +func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) { username, password, ok := r.BasicAuth() if !ok { w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) http.Error(w, "Unauthorized", http.StatusUnauthorized) - return nil + return nil, errors.New("Missing or invalid 'Authenticate: Basic' field") } user_dn := buildUserDN(username) @@ -31,14 +31,14 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { if l == nil { log.Println(l) http.Error(w, "Internal server error", http.StatusInternalServerError) - return nil + return nil, errors.New("Unable to open LDAP connection") } err := l.Bind(login_info.DN, login_info.Password) if err != nil { w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) http.Error(w, "Unauthorized", http.StatusUnauthorized) - return nil + return nil, errors.New("Unable to bind this user+password combination on the LDAP server") } loginStatus := &LoginStatus{ @@ -73,13 +73,13 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { if err != nil { log.Println(err) http.Error(w, "Internal server error", http.StatusInternalServerError) - return nil + return nil, errors.New("Unable to search essential information about the logged user on LDAP") } if len(sr.Entries) != 1 { log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN)) http.Error(w, "Internal server error", http.StatusInternalServerError) - return nil + return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)") } loginStatus.UserEntry = sr.Entries[0] @@ -99,16 +99,26 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { } } - return loginStatus + return loginStatus, nil +} + +func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { + login, err := checkLoginAPI(w, r) + if err != nil { + return nil, nil, err + } + keyPair, err := checkS3(login) + return login, keyPair, err } func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) { - login, s3key, err := checkLoginAndS3(w, r) + login, s3key, err := checkLoginAndS3API(w, r) if err != nil { log.Println(err) return } - log.Println(login,s3key) + + log.Println(login, s3key) return } |