mirrors/homebox
1
0
Fork 1
mirror of https://github.com/hay-kot/homebox.git synced 2025-08-05 09:10:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

header_sso: generate a random secret password password when auto-registering new users logging in by header sso

Browse source
This commit is contained in:
verybadsoldier 2023-04-24 21:32:17 +02:00
parent b32bd95896
commit 3a443969e4
2 changed files with 59 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

38
backend/app/api/handlers/v1/v1_ctrl_auth.go
View file

@ -7,6 +7,7 @@ import (
"time" "time"
"github.com/hay-kot/homebox/backend/internal/core/services" "github.com/hay-kot/homebox/backend/internal/core/services"
"github.com/hay-kot/homebox/backend/internal/helper"
"github.com/hay-kot/homebox/backend/internal/sys/validate" "github.com/hay-kot/homebox/backend/internal/sys/validate"
"github.com/hay-kot/safeserve/errchain" "github.com/hay-kot/safeserve/errchain"
"github.com/hay-kot/safeserve/server" "github.com/hay-kot/safeserve/server"
@ -116,20 +117,23 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
if err != nil { if err != nil {
// user not found -> create it // user not found -> create it
var username = r.Header.Get("Remote-Name") var username = r.Header.Get("Remote-Name")
/* TODO: decide how to handle group information provided by HTTP header
// if groups are provided, they will be comma-separated. take only the first group // if groups are provided, they will be comma-separated. take only the first group
var groups = r.Header.Get("Remote-Groups") var groups = r.Header.Get("Remote-Groups")
var groupArr = strings.Split(groups, ",") var groupArr = strings.Split(groups, ",")
groupTok := "" groupTok := ""
if len(groupArr) > 0 { if len(groupArr) > 0 {
groupTok = groupArr[0] groupTok = groupArr[0]
} }
*/
// Use a randomly generatd password. Not meant to be used as login. Only a dummy.
regData := services.UserRegistration { regData := services.UserRegistration {
GroupToken: groupTok, GroupToken: "", // don't set group for now
Name : username, Name : username,
Email : email, Email : email,
Password : "", Password : helper.GenerateRandomPassword(64, 12, 5, 5),
} }
_, err := ctrl.svc.User.RegisterUser(r.Context(), regData) _, err := ctrl.svc.User.RegisterUser(r.Context(), regData)
@ -140,7 +144,7 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
} }
// login as user with provided password // login as user with provided password
newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email)) newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email), false)
if err != nil { if err != nil {
return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError) return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
@ -154,28 +158,6 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
} }
} }
func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) error {
var username = r.Header.Get("Remote-Email")
if username == "" {
return validate.NewRequestError(errors.New("authentication failed. not SSO header found"), http.StatusInternalServerError)
}
newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(username))
if err != nil {
return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
}
return server.Respond(w, http.StatusOK, TokenResponse{
Token: "Bearer " + newToken.Raw,
ExpiresAt: newToken.ExpiresAt,
AttachmentToken: newToken.AttachmentToken,
})
}
}
// HandleAuthLogout godoc // HandleAuthLogout godoc
// //
// @Summary User Logout // @Summary User Logout

49
backend/internal/helper/password.go Normal file
View file

@ -0,0 +1,49 @@
package helper
import (
"math/rand"
"strings"
)
var (
lowerCharSet = "abcdedfghijklmnopqrst"
upperCharSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
specialCharSet = "!@#$%&*"
numberSet = "0123456789"
allCharSet = lowerCharSet + upperCharSet + specialCharSet + numberSet
)
//from:
//https://golangbyexample.com/generate-random-password-golang/
func GenerateRandomPassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string {
var password strings.Builder
//Set special character
for i := 0; i < minSpecialChar; i++ {
random := rand.Intn(len(specialCharSet))
password.WriteString(string(specialCharSet[random]))
}
//Set numeric
for i := 0; i < minNum; i++ {
random := rand.Intn(len(numberSet))
password.WriteString(string(numberSet[random]))
}
//Set uppercase
for i := 0; i < minUpperCase; i++ {
random := rand.Intn(len(upperCharSet))
password.WriteString(string(upperCharSet[random]))
}
remainingLength := passwordLength - minSpecialChar - minNum - minUpperCase
for i := 0; i < remainingLength; i++ {
random := rand.Intn(len(allCharSet))
password.WriteString(string(allCharSet[random]))
}
inRune := []rune(password.String())
rand.Shuffle(len(inRune), func(i, j int) {
inRune[i], inRune[j] = inRune[j], inRune[i]
})
return string(inRune)
}