From 0d0438135cfd94c04b47520fbfc0c04c6afb1b85 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sat, 5 Sep 2020 12:09:49 +0200 Subject: [PATCH] Add route for Basic HTTP auth --- login.go | 59 ++++++++++++++++++++++++++++++++++++++++++-------------- main.go | 1 + 2 files changed, 46 insertions(+), 14 deletions(-) diff --git a/login.go b/login.go index 4ddc935..c094d27 100644 --- a/login.go +++ b/login.go @@ -1,31 +1,38 @@ package main import ( + "fmt" "html/template" "log" "net/http" + + "gopkg.in/ldap.v2" ) +func login(login string, password string) ([]*ldap.EntryAttribute, error) { + conn, err := myLDAP.Connect() + if err != nil || conn == nil { + return nil, err + } else if err := conn.ServiceBind(); err != nil { + return nil, err + } else if dn, err := conn.SearchDN(login); err != nil { + return nil, err + } else if err := conn.Bind(dn, password); err != nil { + return nil, err + } else if entries, err := conn.GetEntry(dn); err != nil { + return nil, err + } else { + return entries, nil + } +} + func tryLogin(w http.ResponseWriter, r *http.Request) { if r.Method != "POST" { displayTmpl(w, "login.html", map[string]interface{}{}) return } - conn, err := myLDAP.Connect() - if err != nil || conn == nil { - log.Println(err) - displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()}) - } else if err := conn.ServiceBind(); err != nil { - log.Println(err) - displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()}) - } else if dn, err := conn.SearchDN(r.PostFormValue("login")); err != nil { - log.Println(err) - displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()}) - } else if err := conn.Bind(dn, r.PostFormValue("password")); err != nil { - log.Println(err) - displayTmplError(w, http.StatusUnauthorized, "login.html", map[string]interface{}{"error": err.Error()}) - } else if entries, err := conn.GetEntry(dn); err != nil { + if entries, err := login(r.PostFormValue("login"), r.PostFormValue("password")); err != nil { log.Println(err) displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()}) } else { @@ -42,3 +49,27 @@ func tryLogin(w http.ResponseWriter, r *http.Request) { displayTmpl(w, "message.html", map[string]interface{}{"details": template.HTML(`Login ok

Here are the information we have about you:` + cnt + "")}) } } + +func httpBasicAuth(w http.ResponseWriter, r *http.Request) { + if user, pass, ok := r.BasicAuth(); ok { + if entries, err := login(user, pass); err != nil { + w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`) + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte(err.Error())) + } else { + w.WriteHeader(http.StatusOK) + for _, e := range entries { + for _, v := range e.Values { + if e.Name != "userPassword" { + w.Write([]byte(fmt.Sprintf("%s: %s", e.Name, v))) + } + } + } + + } + } else { + w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`) + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte("Please login")) + } +} diff --git a/main.go b/main.go index 766af5c..7d084bd 100644 --- a/main.go +++ b/main.go @@ -131,6 +131,7 @@ func main() { // Register handlers http.HandleFunc(fmt.Sprintf("%s/", *baseURL), changePassword) + http.HandleFunc(fmt.Sprintf("%s/auth", *baseURL), httpBasicAuth) http.HandleFunc(fmt.Sprintf("%s/login", *baseURL), tryLogin) http.HandleFunc(fmt.Sprintf("%s/change", *baseURL), changePassword) http.HandleFunc(fmt.Sprintf("%s/reset", *baseURL), resetPassword)