Use gin-gonic instead of httprouter
This commit is contained in:
parent
7c719d9fd5
commit
a203cdc36a
22 changed files with 1631 additions and 1355 deletions
34
auth_krb5.go
34
auth_krb5.go
|
|
@ -1,17 +1,15 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/jcmturner/gokrb5/v8/client"
|
||||
"github.com/jcmturner/gokrb5/v8/config"
|
||||
"github.com/jcmturner/gokrb5/v8/iana/etypeID"
|
||||
"github.com/jcmturner/gokrb5/v8/krberror"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
)
|
||||
|
||||
func parseETypes(s []string, w bool) []int32 {
|
||||
|
|
@ -37,10 +35,11 @@ func parseETypes(s []string, w bool) []int32 {
|
|||
return eti
|
||||
}
|
||||
|
||||
func checkAuthKrb5(w http.ResponseWriter, _ httprouter.Params, body []byte) (interface{}, error) {
|
||||
func checkAuthKrb5(c *gin.Context) {
|
||||
var lf loginForm
|
||||
if err := json.Unmarshal(body, &lf); err != nil {
|
||||
return nil, err
|
||||
if err := c.ShouldBindJSON(&lf); err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
found := false
|
||||
|
|
@ -52,7 +51,8 @@ func checkAuthKrb5(w http.ResponseWriter, _ httprouter.Params, body []byte) (int
|
|||
}
|
||||
|
||||
if !userExists(lf.Login) && !found {
|
||||
return nil, fmt.Errorf("You are not allowed to log you in this way. Please use OpenID Connect.")
|
||||
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "You are not allowed to log you in this way. Please use OpenID Connect."})
|
||||
return
|
||||
}
|
||||
|
||||
cnf := config.New()
|
||||
|
|
@ -62,17 +62,21 @@ func checkAuthKrb5(w http.ResponseWriter, _ httprouter.Params, body []byte) (int
|
|||
cnf.LibDefaults.DefaultTktEnctypeIDs = parseETypes(cnf.LibDefaults.DefaultTktEnctypes, cnf.LibDefaults.AllowWeakCrypto)
|
||||
cnf.LibDefaults.PermittedEnctypeIDs = parseETypes(cnf.LibDefaults.PermittedEnctypes, cnf.LibDefaults.AllowWeakCrypto)
|
||||
|
||||
c := client.NewWithPassword(lf.Login, "CRI.EPITA.FR", lf.Password, cnf)
|
||||
if err := c.Login(); err != nil {
|
||||
cl := client.NewWithPassword(lf.Login, "CRI.EPITA.FR", lf.Password, cnf)
|
||||
if err := cl.Login(); err != nil {
|
||||
if errk, ok := err.(krberror.Krberror); ok {
|
||||
if errk.RootCause == krberror.NetworkingError {
|
||||
return nil, errors.New(`{"status": "Authentication system unavailable, please retry."}`)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Authentication system unavailable, please retry."})
|
||||
return
|
||||
} else if errk.RootCause == krberror.KDCError {
|
||||
return nil, errors.New(`{"status": "Invalid username or password"}`)
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": "Invalid username or password"})
|
||||
return
|
||||
}
|
||||
}
|
||||
return nil, err
|
||||
} else {
|
||||
return completeAuth(w, lf.Login, lf.Login+"@epita.fr", "", "", "", nil)
|
||||
log.Println("Unable to login through Kerberos: unknown error:", err)
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": "Invalid credentials (unknown error)."})
|
||||
return
|
||||
}
|
||||
|
||||
completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", "", nil)
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue