oc-auth OAUTH2
This commit is contained in:
@@ -6,13 +6,13 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
"oc-auth/conf"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
oclib "cloud.o-forge.io/core/oc-lib"
|
||||
"github.com/coocood/freecache"
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
"github.com/i-core/rlog"
|
||||
@@ -88,25 +88,23 @@ func (cli *Client) Authenticate(ctx context.Context, username string, password s
|
||||
}
|
||||
var cancel context.CancelFunc
|
||||
ctx, cancel = context.WithCancel(ctx)
|
||||
fmt.Println("Connect", ctx, username, password)
|
||||
logger := oclib.GetLogger()
|
||||
logger.Debug().Msgf("LDAP authenticate user: %s", username)
|
||||
cn, ok := <-cli.connect(ctx)
|
||||
cancel()
|
||||
if !ok {
|
||||
return false, errConnectionTimeout
|
||||
}
|
||||
defer cn.Close()
|
||||
fmt.Println("findBasicUserDetails", cn, username, password)
|
||||
// Find a user DN by his or her username.
|
||||
details, err := cli.findBasicUserDetails(cn, username, []string{"dn"})
|
||||
if err != nil || details == nil {
|
||||
return false, err
|
||||
}
|
||||
fmt.Println(details)
|
||||
a := details["dn"]
|
||||
fmt.Println(a)
|
||||
log.Println("Binding DN:", a[0], "with password:", password)
|
||||
logger.Debug().Msgf("Binding DN: %s", a[0])
|
||||
if err := cn.Bind(a[0], password); err != nil {
|
||||
fmt.Println(err)
|
||||
logger.Error().Msg("LDAP bind failed: " + err.Error())
|
||||
if err == errInvalidCredentials {
|
||||
return false, nil
|
||||
}
|
||||
@@ -283,13 +281,15 @@ func (cli *Client) connect(ctx context.Context) <-chan conn {
|
||||
|
||||
cn, err := cli.connector.Connect(ctx, addr)
|
||||
if err != nil {
|
||||
fmt.Println("Failed to create a LDAP connection", "address", addr, err)
|
||||
log := oclib.GetLogger()
|
||||
log.Error().Msgf("Failed to create LDAP connection to %s: %v", addr, err)
|
||||
return
|
||||
}
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
cn.Close()
|
||||
fmt.Println("a LDAP connection is cancelled", "address", addr)
|
||||
log := oclib.GetLogger()
|
||||
log.Debug().Msgf("LDAP connection cancelled: %s", addr)
|
||||
return
|
||||
case ch <- cn:
|
||||
}
|
||||
@@ -303,7 +303,8 @@ func (cli *Client) connect(ctx context.Context) <-chan conn {
|
||||
}
|
||||
|
||||
func (cli *Client) findRoles(cn conn, attrs ...string) (map[string]LDAPRoles, error) {
|
||||
fmt.Println("cli", cli.BindDN, cli.BindPass)
|
||||
logger := oclib.GetLogger()
|
||||
logger.Debug().Msg("Finding LDAP roles")
|
||||
if cli.BindDN != "" {
|
||||
// We need to login to a LDAP server with a service account for retrieving user data.
|
||||
if err := cn.Bind(cli.BindDN, cli.BindPass); err != nil {
|
||||
@@ -311,7 +312,7 @@ func (cli *Client) findRoles(cn conn, attrs ...string) (map[string]LDAPRoles, er
|
||||
}
|
||||
}
|
||||
entries, err := cn.SearchRoles(attrs...)
|
||||
fmt.Println("entries", entries)
|
||||
logger.Debug().Msgf("Found %d LDAP role entries", len(entries))
|
||||
if err != nil {
|
||||
return map[string]LDAPRoles{}, err
|
||||
}
|
||||
@@ -344,7 +345,7 @@ func (cli *Client) findRoles(cn conn, attrs ...string) (map[string]LDAPRoles, er
|
||||
if claims[appID].Members[role] == nil {
|
||||
claims[appID].Members[role] = []string{}
|
||||
}
|
||||
fmt.Println("entry", entry)
|
||||
logger.Debug().Msgf("Processing role entry: %v", entry["dn"])
|
||||
memberDNs, ok := entry["member"]
|
||||
for _, memberDN := range memberDNs {
|
||||
if !ok || memberDN == "" {
|
||||
@@ -376,7 +377,8 @@ func (cli *Client) findRoles(cn conn, attrs ...string) (map[string]LDAPRoles, er
|
||||
|
||||
// findBasicUserDetails finds user's LDAP attributes that were specified. It returns nil if no such user.
|
||||
func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string) (map[string][]string, error) {
|
||||
fmt.Println("Second woth : ", cli.BindDN, cli.BindPass)
|
||||
logger := oclib.GetLogger()
|
||||
logger.Debug().Msgf("Finding LDAP user details for: %s", username)
|
||||
if cli.BindDN != "" {
|
||||
// We need to login to a LDAP server with a service account for retrieving user data.
|
||||
if err := cn.Bind(cli.BindDN, cli.BindPass); err != nil {
|
||||
@@ -389,7 +391,7 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
|
||||
}
|
||||
if len(entries) == 0 {
|
||||
// We didn't find the user.
|
||||
fmt.Println("user not found")
|
||||
logger.Debug().Msgf("LDAP user not found: %s", username)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
@@ -470,13 +472,14 @@ func (c *ldapConn) SearchRoles(attrs ...string) ([]map[string][]string, error) {
|
||||
|
||||
// searchEntries executes a LDAP query, and returns a result as entries where each entry is mapping of LDAP attributes.
|
||||
func (c *ldapConn) searchEntries(baseDN, query string, attrs []string) ([]map[string][]string, error) {
|
||||
fmt.Println(baseDN, query, attrs)
|
||||
log := oclib.GetLogger()
|
||||
log.Debug().Msgf("LDAP search: baseDN=%s query=%s", baseDN, query)
|
||||
req := ldap.NewSearchRequest(baseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, query, attrs, nil)
|
||||
res, err := c.Search(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
fmt.Println(res.Entries)
|
||||
log.Debug().Msgf("LDAP search returned %d entries", len(res.Entries))
|
||||
|
||||
var entries []map[string][]string
|
||||
for _, v := range res.Entries {
|
||||
|
||||
Reference in New Issue
Block a user