Add route for Basic HTTP auth
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
nemunaire 2020-09-05 12:09:49 +02:00
parent ee30a37c41
commit 0d0438135c
2 changed files with 46 additions and 14 deletions

View File

@ -1,31 +1,38 @@
package main package main
import ( import (
"fmt"
"html/template" "html/template"
"log" "log"
"net/http" "net/http"
"gopkg.in/ldap.v2"
) )
func login(login string, password string) ([]*ldap.EntryAttribute, error) {
conn, err := myLDAP.Connect()
if err != nil || conn == nil {
return nil, err
} else if err := conn.ServiceBind(); err != nil {
return nil, err
} else if dn, err := conn.SearchDN(login); err != nil {
return nil, err
} else if err := conn.Bind(dn, password); err != nil {
return nil, err
} else if entries, err := conn.GetEntry(dn); err != nil {
return nil, err
} else {
return entries, nil
}
}
func tryLogin(w http.ResponseWriter, r *http.Request) { func tryLogin(w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" { if r.Method != "POST" {
displayTmpl(w, "login.html", map[string]interface{}{}) displayTmpl(w, "login.html", map[string]interface{}{})
return return
} }
conn, err := myLDAP.Connect() if entries, err := login(r.PostFormValue("login"), r.PostFormValue("password")); err != nil {
if err != nil || conn == nil {
log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()})
} else if err := conn.ServiceBind(); err != nil {
log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()})
} else if dn, err := conn.SearchDN(r.PostFormValue("login")); err != nil {
log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()})
} else if err := conn.Bind(dn, r.PostFormValue("password")); err != nil {
log.Println(err)
displayTmplError(w, http.StatusUnauthorized, "login.html", map[string]interface{}{"error": err.Error()})
} else if entries, err := conn.GetEntry(dn); err != nil {
log.Println(err) log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()}) displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()})
} else { } else {
@ -42,3 +49,27 @@ func tryLogin(w http.ResponseWriter, r *http.Request) {
displayTmpl(w, "message.html", map[string]interface{}{"details": template.HTML(`Login ok<br><br>Here are the information we have about you:` + cnt + "</ul>")}) displayTmpl(w, "message.html", map[string]interface{}{"details": template.HTML(`Login ok<br><br>Here are the information we have about you:` + cnt + "</ul>")})
} }
} }
func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
if user, pass, ok := r.BasicAuth(); ok {
if entries, err := login(user, pass); err != nil {
w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(err.Error()))
} else {
w.WriteHeader(http.StatusOK)
for _, e := range entries {
for _, v := range e.Values {
if e.Name != "userPassword" {
w.Write([]byte(fmt.Sprintf("%s: %s", e.Name, v)))
}
}
}
}
} else {
w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Please login"))
}
}

View File

@ -131,6 +131,7 @@ func main() {
// Register handlers // Register handlers
http.HandleFunc(fmt.Sprintf("%s/", *baseURL), changePassword) http.HandleFunc(fmt.Sprintf("%s/", *baseURL), changePassword)
http.HandleFunc(fmt.Sprintf("%s/auth", *baseURL), httpBasicAuth)
http.HandleFunc(fmt.Sprintf("%s/login", *baseURL), tryLogin) http.HandleFunc(fmt.Sprintf("%s/login", *baseURL), tryLogin)
http.HandleFunc(fmt.Sprintf("%s/change", *baseURL), changePassword) http.HandleFunc(fmt.Sprintf("%s/change", *baseURL), changePassword)
http.HandleFunc(fmt.Sprintf("%s/reset", *baseURL), resetPassword) http.HandleFunc(fmt.Sprintf("%s/reset", *baseURL), resetPassword)