loginsrv

Unnamed repository; edit this file 'description' to name the repository.
git clone git@jamesshield.xyz:repos/loginsrv.git
Log | Files | Refs | README | LICENSE

commit 9970b67d3a7355428278accfa6624500b01d31bd
parent d234785855cebab7a81b76fba046ac5c473b1291
Author: Sebastian Mancke <s.mancke@tarent.de>
Date:   Tue, 22 Nov 2016 22:26:27 +0100

finished htpasswd provider

Diffstat:
MREADME.md | 30++++++++++++++++++++++++++----
Ahtpasswd/backend.go | 44++++++++++++++++++++++++++++++++++++++++++++
Ahtpasswd/backend_test.go | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
Mmain.go | 4+++-
4 files changed, 125 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md @@ -14,10 +14,9 @@ Loginsrv provides a minimal endpoint for authentication. The login is performed ## Supported Provider The following providers (login backends) are supported. -- [OSIAM](http://osiam.org/) -OSIAM is a secure identity management solution providing REST based services for authentication and authorization. -It implements the multplie OAuth2 flows, as well as SCIM for managing the user data. -- Simple (user/password pairs by configuration) +- [Htpasswd](Htpasswd) +- [Osiam](#Osiam) +- [Simple](#Simple) (user/password pairs by configuration) ## Future Planed Features - Support for 3-leged-Oauth2 flow (OSIAM, Google, Facebook login) @@ -141,7 +140,24 @@ Set-Cookie: jwt_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.-5 ## Provider +### Htpasswd +Authentication against htpasswd file. MD5, SHA1 and Bcrypt are supported. But we recommend to only use bcrypt for security reasons (e.g. `htpasswd -B -C 15`). + +Parameters for the provider: + +| Parameter-Name | Description | +| ------------------|----------------------------| +| file | Path to the password file | + +Example: +``` +loginsrv -backend 'provider=htpasswd,file=users +``` + ### Osiam +[OSIAM](http://osiam.org/) is a secure identity management solution providing REST based services for authentication and authorization. +It implements the multplie OAuth2 flows, as well as SCIM for managing the user data. + To start loginsrv against the default osiam configuration on the same machine, use the following example. ``` loginsrv --jwt-secret=jwtsecret --text-logging -backend 'provider=osiam,endpoint=http://localhost:8080,clientId=example-client,clientSecret=secret' @@ -149,4 +165,10 @@ loginsrv --jwt-secret=jwtsecret --text-logging -backend 'provider=osiam,endpoint Then go to http://127.0.0.1:6789/login and login with `admin/koala`. +## Simple +Simple is a demo provider for testing only. It holds a user/password table in memory. +Example +``` +loginsrv -backend provider=simple,bob=secret +``` diff --git a/htpasswd/backend.go b/htpasswd/backend.go @@ -0,0 +1,44 @@ +package htpasswd + +import ( + "errors" + "github.com/tarent/loginsrv/login" +) + +const ProviderName = "htpasswd" + +func init() { + login.RegisterProvider( + &login.ProviderDescription{ + Name: ProviderName, + }, + BackendFactory) +} + +func BackendFactory(config map[string]string) (login.Backend, error) { + if f, exist := config["file"]; exist { + return NewBackend(f) + } + return nil, errors.New(`missing parameter "file" for htpasswd provider.`) +} + +// Backend is a htpasswd based authentication backend. +type Backend struct { + auth *Auth +} + +// NewBackend creates a new Backend and verifies the parameters. +func NewBackend(filename string) (*Backend, error) { + auth, err := NewAuth(filename) + return &Backend{ + auth, + }, err +} + +func (sb *Backend) Authenticate(username, password string) (bool, login.UserInfo, error) { + authenticated, err := sb.auth.Authenticate(username, password) + if authenticated && err == nil { + return authenticated, login.UserInfo{Username: username}, err + } + return false, login.UserInfo{}, err +} diff --git a/htpasswd/backend_test.go b/htpasswd/backend_test.go @@ -0,0 +1,52 @@ +package htpasswd + +import ( + "github.com/stretchr/testify/assert" + "github.com/tarent/loginsrv/login" + "testing" +) + +func TestSetup(t *testing.T) { + p, exist := login.GetProvider(ProviderName) + assert.True(t, exist) + assert.NotNil(t, p) + + file := writeTmpfile(testfile) + backend, err := p(map[string]string{ + "file": file, + }) + + assert.NoError(t, err) + assert.Equal(t, + file, + backend.(*Backend).auth.filename) +} + +func TestSetup_Error(t *testing.T) { + p, exist := login.GetProvider(ProviderName) + assert.True(t, exist) + assert.NotNil(t, p) + + _, err := p(map[string]string{}) + assert.Error(t, err) +} + +func TestSimpleBackend_Authenticate(t *testing.T) { + backend, err := NewBackend(writeTmpfile(testfile)) + assert.NoError(t, err) + + authenticated, userInfo, err := backend.Authenticate("bob-bcrypt", "secret") + assert.True(t, authenticated) + assert.Equal(t, "bob-bcrypt", userInfo.Username) + assert.NoError(t, err) + + authenticated, userInfo, err = backend.Authenticate("bob-bcrypt", "fooo") + assert.False(t, authenticated) + assert.Equal(t, "", userInfo.Username) + assert.NoError(t, err) + + authenticated, userInfo, err = backend.Authenticate("", "") + assert.False(t, authenticated) + assert.Equal(t, "", userInfo.Username) + assert.NoError(t, err) +} diff --git a/main.go b/main.go @@ -1,9 +1,11 @@ package main import ( - "github.com/tarent/loginsrv/login" + _ "github.com/tarent/loginsrv/htpasswd" _ "github.com/tarent/loginsrv/osiam" + "github.com/tarent/loginsrv/login" + "github.com/tarent/lib-compose/logging" "net/http" "os"