Init gist with regular urls via git CLI (http) (#501)
هذا الالتزام موجود في:
Thomas Miceli
@@ -1,4 +1,4 @@
|
||||
package auth
|
||||
package password
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
@@ -6,8 +6,9 @@ import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"golang.org/x/crypto/argon2"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/argon2"
|
||||
)
|
||||
|
||||
type argon2ID struct {
|
||||
@@ -1,11 +1,9 @@
|
||||
package password
|
||||
|
||||
import "github.com/thomiceli/opengist/internal/auth"
|
||||
|
||||
func HashPassword(code string) (string, error) {
|
||||
return auth.Argon2id.Hash(code)
|
||||
return Argon2id.Hash(code)
|
||||
}
|
||||
|
||||
func VerifyPassword(code, hashedCode string) (bool, error) {
|
||||
return auth.Argon2id.Verify(code, hashedCode)
|
||||
return Argon2id.Verify(code, hashedCode)
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package auth
|
||||
package totp
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
83
internal/auth/try_login.go
Normal file
83
internal/auth/try_login.go
Normal file
@@ -0,0 +1,83 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/thomiceli/opengist/internal/auth/ldap"
|
||||
passwordpkg "github.com/thomiceli/opengist/internal/auth/password"
|
||||
"github.com/thomiceli/opengist/internal/db"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
type AuthError struct {
|
||||
message string
|
||||
}
|
||||
|
||||
func (e AuthError) Error() string {
|
||||
return e.message
|
||||
}
|
||||
|
||||
func TryAuthentication(username, password string) (*db.User, error) {
|
||||
user, err := db.GetUserByUsername(username)
|
||||
if err != nil {
|
||||
if !errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
log.Error().Err(err).Msgf("Cannot get user by username %s", username)
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
if user.Password != "" {
|
||||
return tryDbLogin(user, password)
|
||||
} else {
|
||||
if ldap.Enabled() {
|
||||
return tryLdapLogin(username, password)
|
||||
}
|
||||
return nil, AuthError{"no authentication method available"}
|
||||
}
|
||||
}
|
||||
|
||||
func tryDbLogin(user *db.User, password string) (*db.User, error) {
|
||||
if ok, err := passwordpkg.VerifyPassword(password, user.Password); !ok {
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Password verification failed")
|
||||
return nil, err
|
||||
}
|
||||
return nil, AuthError{"invalid password"}
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func tryLdapLogin(username, password string) (user *db.User, err error) {
|
||||
ok, err := ldap.Authenticate(username, password)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("LDAP authentication failed")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !ok {
|
||||
return nil, AuthError{"invalid LDAP credentials"}
|
||||
}
|
||||
|
||||
if user, err = db.GetUserByUsername(username); err != nil {
|
||||
if !errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
log.Error().Err(err).Msgf("Cannot get user by username %s", username)
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
user = &db.User{
|
||||
Username: username,
|
||||
}
|
||||
if err = user.Create(); err != nil {
|
||||
log.Warn().Err(err).Msg("Cannot create user after LDAP authentication")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
المرجع في مشكلة جديدة
حظر مستخدم