Skip to content

Commit

Permalink
Add quirk for token versionning
Browse files Browse the repository at this point in the history
  • Loading branch information
@efortin
efortin committed Jun 3, 2020
1 parent 78bfb9f commit ab20640
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 7 deletions.
2 changes: 1 addition & 1 deletion Version
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.6.1
1.6.2
25 changes: 20 additions & 5 deletions internal/services/tokenissuer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,19 @@ type TokenIssuer struct {
Tenant string
}

func (issuer *TokenIssuer) GenerateUserToken(groups []string, username string, email string, hasAdminAccess bool, hasApplicationAccess bool, hasOpsAccess bool) (*string, error) {
func (issuer *TokenIssuer) GenerateUserToken(groups []string, username string, email string, hasAdminAccess bool, hasApplicationAccess bool, hasOpsAccess bool, beta bool) (*string, error) {

var auths = GetUserNamespaces(groups)

duration, err := time.ParseDuration(issuer.TokenDuration)
current := time.Now().Add(duration)
url, _ := url.Parse(issuer.PublicApiServerURL)

if beta && (hasAdminAccess || hasApplicationAccess || hasOpsAccess) {
utils.Log.Info().Msgf("The user %s will have transversal access ( admin: %v, application: %v, ops: %v )", username, hasAdminAccess, hasApplicationAccess, hasOpsAccess)
auths = []*types.Project{}
}

// Create the Claims
claims := types.AuthJWTClaims{
Auths: auths,
Expand All @@ -60,7 +65,7 @@ func (issuer *TokenIssuer) GenerateUserToken(groups []string, username string, e
return &signedToken, err
}

func (issuer *TokenIssuer) baseGenerateToken(auth types.Auth) (*string, error) {
func (issuer *TokenIssuer) baseGenerateToken(auth types.Auth, beta bool) (*string, error) {

userDN, mail, err := ldap.AuthenticateUser(auth.Username, auth.Password)
if err != nil {
Expand All @@ -72,7 +77,7 @@ func (issuer *TokenIssuer) baseGenerateToken(auth types.Auth) (*string, error) {
utils.TokenCounter.WithLabelValues("token_error").Inc()
return nil, err
}
token, err := issuer.GenerateUserToken(groups, auth.Username, *mail, ldap.HasAdminAccess(*userDN), ldap.HasApplicationAccess(*userDN), ldap.HasOpsAccess(*userDN))
token, err := issuer.GenerateUserToken(groups, auth.Username, *mail, ldap.HasAdminAccess(*userDN), ldap.HasApplicationAccess(*userDN), ldap.HasOpsAccess(*userDN), beta)

if err != nil {
utils.TokenCounter.WithLabelValues("token_error").Inc()
Expand All @@ -90,7 +95,12 @@ func (issuer *TokenIssuer) GenerateJWT(w http.ResponseWriter, r *http.Request) {
io.WriteString(w, "Basic Auth: Invalid credentials")
}

token, err := issuer.baseGenerateToken(*auth)
betaMode := false
if r.Header.Get("X-API-MODE") == "beta" {
betaMode = true
}

token, err := issuer.baseGenerateToken(*auth, betaMode)
if err == nil {
utils.Log.Info().Msgf("Granting token for user %v", auth.Username)
w.WriteHeader(http.StatusCreated)
Expand All @@ -107,6 +117,11 @@ func (issuer *TokenIssuer) GenerateJWT(w http.ResponseWriter, r *http.Request) {
func (issuer *TokenIssuer) GenerateConfig(w http.ResponseWriter, r *http.Request) {
err, auth := issuer.basicAuth(r)

betaMode := false
if r.Header.Get("X-API-MODE") == "beta" {
betaMode = true
}

if err != nil {
utils.Log.Info().Err(err)
utils.Log.Info().Msg(err.Error())
Expand All @@ -115,7 +130,7 @@ func (issuer *TokenIssuer) GenerateConfig(w http.ResponseWriter, r *http.Request

}

token, err := issuer.baseGenerateToken(*auth)
token, err := issuer.baseGenerateToken(*auth, betaMode)
if err == nil {
utils.Log.Info().Msgf("Granting token for user %v", auth.Username)
} else {
Expand Down
2 changes: 1 addition & 1 deletion internal/services/tokenissuer_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func TestECDSA(t *testing.T) {

t.Run("Generate a valid User token", func(t *testing.T) {

token, err := issuer.GenerateUserToken([]string{"DL_ns-development_admin", "DL_ns-devops-automation-integration_admin"}, "unit", "noreply@demo.com", true, true, false)
token, err := issuer.GenerateUserToken([]string{"DL_ns-development_admin", "DL_ns-devops-automation-integration_admin"}, "unit", "noreply@demo.com", true, true, false, false)
assert.Nil(t, err)
assert.NotNil(t, token)
utils.Log.Info().Msgf("The token is %s", *token)
Expand Down

0 comments on commit ab20640

Please sign in to comment.