diff --git a/backend/app/api/handlers/v1/v1_ctrl_auth.go b/backend/app/api/handlers/v1/v1_ctrl_auth.go index a4f03db..d51f0ef 100644 --- a/backend/app/api/handlers/v1/v1_ctrl_auth.go +++ b/backend/app/api/handlers/v1/v1_ctrl_auth.go @@ -7,6 +7,7 @@ import ( "time" "github.com/hay-kot/homebox/backend/internal/core/services" + "github.com/hay-kot/homebox/backend/internal/helper" "github.com/hay-kot/homebox/backend/internal/sys/validate" "github.com/hay-kot/safeserve/errchain" "github.com/hay-kot/safeserve/server" @@ -116,20 +117,23 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc { if err != nil { // user not found -> create it var username = r.Header.Get("Remote-Name") - + + /* TODO: decide how to handle group information provided by HTTP header // if groups are provided, they will be comma-separated. take only the first group var groups = r.Header.Get("Remote-Groups") - var groupArr = strings.Split(groups, ",") + var groupArr = strings.Split(groups, ",") groupTok := "" if len(groupArr) > 0 { groupTok = groupArr[0] } - + */ + + // Use a randomly generatd password. Not meant to be used as login. Only a dummy. regData := services.UserRegistration { - GroupToken: groupTok, + GroupToken: "", // don't set group for now Name : username, Email : email, - Password : "", + Password : helper.GenerateRandomPassword(64, 12, 5, 5), } _, err := ctrl.svc.User.RegisterUser(r.Context(), regData) @@ -140,7 +144,7 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc { } // login as user with provided password - newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email)) + newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email), false) if err != nil { return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError) @@ -154,28 +158,6 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc { } } -func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) error { - var username = r.Header.Get("Remote-Email") - - if username == "" { - return validate.NewRequestError(errors.New("authentication failed. not SSO header found"), http.StatusInternalServerError) - } - - newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(username)) - - if err != nil { - return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError) - } - - return server.Respond(w, http.StatusOK, TokenResponse{ - Token: "Bearer " + newToken.Raw, - ExpiresAt: newToken.ExpiresAt, - AttachmentToken: newToken.AttachmentToken, - }) - } -} - // HandleAuthLogout godoc // // @Summary User Logout diff --git a/backend/internal/helper/password.go b/backend/internal/helper/password.go new file mode 100644 index 0000000..9234ca4 --- /dev/null +++ b/backend/internal/helper/password.go @@ -0,0 +1,49 @@ +package helper + +import ( + "math/rand" + "strings" +) + +var ( + lowerCharSet = "abcdedfghijklmnopqrst" + upperCharSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + specialCharSet = "!@#$%&*" + numberSet = "0123456789" + allCharSet = lowerCharSet + upperCharSet + specialCharSet + numberSet +) + +//from: +//https://golangbyexample.com/generate-random-password-golang/ +func GenerateRandomPassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string { + var password strings.Builder + + //Set special character + for i := 0; i < minSpecialChar; i++ { + random := rand.Intn(len(specialCharSet)) + password.WriteString(string(specialCharSet[random])) + } + + //Set numeric + for i := 0; i < minNum; i++ { + random := rand.Intn(len(numberSet)) + password.WriteString(string(numberSet[random])) + } + + //Set uppercase + for i := 0; i < minUpperCase; i++ { + random := rand.Intn(len(upperCharSet)) + password.WriteString(string(upperCharSet[random])) + } + + remainingLength := passwordLength - minSpecialChar - minNum - minUpperCase + for i := 0; i < remainingLength; i++ { + random := rand.Intn(len(allCharSet)) + password.WriteString(string(allCharSet[random])) + } + inRune := []rune(password.String()) + rand.Shuffle(len(inRune), func(i, j int) { + inRune[i], inRune[j] = inRune[j], inRune[i] + }) + return string(inRune) +} \ No newline at end of file