mirrors/homebox
1
0
Fork 1
mirror of https://github.com/hay-kot/homebox.git synced 2025-08-05 09:10:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

adaptions to changes in main branch

Browse source
This commit is contained in:
verybadsoldier 2023-04-07 12:59:53 +02:00
parent 127316bda3
commit b497206573
3 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/app/api/handlers/v1/v1_ctrl_auth.go
View file

@ -89,7 +89,7 @@ func (ctrl *V1Controller) HandleAuthLogin() errchain.HandlerFunc {
} }
} }
func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc { func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) error { return func(w http.ResponseWriter, r *http.Request) error {
log.Info().Msg("Header SSO Login Attempt") log.Info().Msg("Header SSO Login Attempt")
if !ctrl.headerSSOEnabled { if !ctrl.headerSSOEnabled {
@ -109,13 +109,13 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc {
return validate.NewRequestError(errors.New("authentication failed. not SSO header found or empty"), http.StatusInternalServerError) return validate.NewRequestError(errors.New("authentication failed. not SSO header found or empty"), http.StatusInternalServerError)
} }
newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email)) newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email), false)
if err != nil { if err != nil {
return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError) return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
} }
return server.Respond(w, http.StatusOK, TokenResponse{ return server.JSON(w, http.StatusOK, TokenResponse{
Token: "Bearer " + newToken.Raw, Token: "Bearer " + newToken.Raw,
ExpiresAt: newToken.ExpiresAt, ExpiresAt: newToken.ExpiresAt,
AttachmentToken: newToken.AttachmentToken, AttachmentToken: newToken.AttachmentToken,

2
backend/app/api/routes.go
View file

@ -66,7 +66,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
r.Post(v1Base("/users/register"), chain.ToHandlerFunc(v1Ctrl.HandleUserRegistration())) r.Post(v1Base("/users/register"), chain.ToHandlerFunc(v1Ctrl.HandleUserRegistration()))
r.Post(v1Base("/users/login"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin())) r.Post(v1Base("/users/login"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin()))
r.server.Post(v1Base("/users/login-sso-header"), v1Ctrl.HandleSsoHeaderLogin()) r.Post(v1Base("/users/login-sso-header"), chain.ToHandlerFunc(v1Ctrl.HandleSsoHeaderLogin()))
userMW := []errchain.Middleware{ userMW := []errchain.Middleware{
a.mwAuthToken, a.mwAuthToken,

5
backend/internal/core/services/service_user.go
View file

@ -193,16 +193,15 @@ func (svc *UserService) Login(ctx context.Context, username, password string, ex
return svc.createSessionToken(ctx, usr.ID, extendedSession) return svc.createSessionToken(ctx, usr.ID, extendedSession)
} }
func (svc *UserService) LoginWithoutPassword(ctx context.Context, username string) (UserAuthTokenDetail, error) { func (svc *UserService) LoginWithoutPassword(ctx context.Context, username string, extendedSession bool) (UserAuthTokenDetail, error) {
usr, err := svc.repos.Users.GetOneEmail(ctx, username) usr, err := svc.repos.Users.GetOneEmail(ctx, username)
if err != nil { if err != nil {
// SECURITY: Perform hash to ensure response times are the same // SECURITY: Perform hash to ensure response times are the same
hasher.CheckPasswordHash("not-a-real-password", "not-a-real-password") hasher.CheckPasswordHash("not-a-real-password", "not-a-real-password")
return UserAuthTokenDetail{}, ErrorInvalidLogin return UserAuthTokenDetail{}, ErrorInvalidLogin
} }
return svc.createSessionToken(ctx, usr.ID) return svc.createSessionToken(ctx, usr.ID, extendedSession)
} }
func (svc *UserService) Logout(ctx context.Context, token string) error { func (svc *UserService) Logout(ctx context.Context, token string) error {