mirror of
https://github.com/hay-kot/homebox.git
synced 2025-08-03 08:10:28 +00:00
header_sso: generate a random secret password password when auto-registering new users logging in by header sso
This commit is contained in:
verybadsoldier
parent
b32bd95896
commit
3a443969e4
2 changed files with 59 additions and 28 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/hay-kot/homebox/backend/internal/core/services"
|
||||
"github.com/hay-kot/homebox/backend/internal/helper"
|
||||
"github.com/hay-kot/homebox/backend/internal/sys/validate"
|
||||
"github.com/hay-kot/safeserve/errchain"
|
||||
"github.com/hay-kot/safeserve/server"
|
||||
|
|
@ -116,20 +117,23 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
|
|||
if err != nil {
|
||||
// user not found -> create it
|
||||
var username = r.Header.Get("Remote-Name")
|
||||
|
||||
|
||||
/* TODO: decide how to handle group information provided by HTTP header
|
||||
// if groups are provided, they will be comma-separated. take only the first group
|
||||
var groups = r.Header.Get("Remote-Groups")
|
||||
var groupArr = strings.Split(groups, ",")
|
||||
var groupArr = strings.Split(groups, ",")
|
||||
groupTok := ""
|
||||
if len(groupArr) > 0 {
|
||||
groupTok = groupArr[0]
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
// Use a randomly generatd password. Not meant to be used as login. Only a dummy.
|
||||
regData := services.UserRegistration {
|
||||
GroupToken: groupTok,
|
||||
GroupToken: "", // don't set group for now
|
||||
Name : username,
|
||||
Email : email,
|
||||
Password : "",
|
||||
Password : helper.GenerateRandomPassword(64, 12, 5, 5),
|
||||
}
|
||||
|
||||
_, err := ctrl.svc.User.RegisterUser(r.Context(), regData)
|
||||
|
|
@ -140,7 +144,7 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
|
|||
}
|
||||
|
||||
// login as user with provided password
|
||||
newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email))
|
||||
newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email), false)
|
||||
|
||||
if err != nil {
|
||||
return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
|
||||
|
|
@ -154,28 +158,6 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
|
|||
}
|
||||
}
|
||||
|
||||
func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) error {
|
||||
var username = r.Header.Get("Remote-Email")
|
||||
|
||||
if username == "" {
|
||||
return validate.NewRequestError(errors.New("authentication failed. not SSO header found"), http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(username))
|
||||
|
||||
if err != nil {
|
||||
return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
return server.Respond(w, http.StatusOK, TokenResponse{
|
||||
Token: "Bearer " + newToken.Raw,
|
||||
ExpiresAt: newToken.ExpiresAt,
|
||||
AttachmentToken: newToken.AttachmentToken,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// HandleAuthLogout godoc
|
||||
//
|
||||
// @Summary User Logout
|
||||
|
|
|
|||
49
backend/internal/helper/password.go
Normal file
49
backend/internal/helper/password.go
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
package helper
|
||||
|
||||
import (
|
||||
"math/rand"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var (
|
||||
lowerCharSet = "abcdedfghijklmnopqrst"
|
||||
upperCharSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
specialCharSet = "!@#$%&*"
|
||||
numberSet = "0123456789"
|
||||
allCharSet = lowerCharSet + upperCharSet + specialCharSet + numberSet
|
||||
)
|
||||
|
||||
//from:
|
||||
//https://golangbyexample.com/generate-random-password-golang/
|
||||
func GenerateRandomPassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string {
|
||||
var password strings.Builder
|
||||
|
||||
//Set special character
|
||||
for i := 0; i < minSpecialChar; i++ {
|
||||
random := rand.Intn(len(specialCharSet))
|
||||
password.WriteString(string(specialCharSet[random]))
|
||||
}
|
||||
|
||||
//Set numeric
|
||||
for i := 0; i < minNum; i++ {
|
||||
random := rand.Intn(len(numberSet))
|
||||
password.WriteString(string(numberSet[random]))
|
||||
}
|
||||
|
||||
//Set uppercase
|
||||
for i := 0; i < minUpperCase; i++ {
|
||||
random := rand.Intn(len(upperCharSet))
|
||||
password.WriteString(string(upperCharSet[random]))
|
||||
}
|
||||
|
||||
remainingLength := passwordLength - minSpecialChar - minNum - minUpperCase
|
||||
for i := 0; i < remainingLength; i++ {
|
||||
random := rand.Intn(len(allCharSet))
|
||||
password.WriteString(string(allCharSet[random]))
|
||||
}
|
||||
inRune := []rune(password.String())
|
||||
rand.Shuffle(len(inRune), func(i, j int) {
|
||||
inRune[i], inRune[j] = inRune[j], inRune[i]
|
||||
})
|
||||
return string(inRune)
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue