Refactor functions

tknie · Oct 31, 2024 · 9315a71 · 9315a71
1 parent ca33487
commit 9315a71
Show file tree

Hide file tree

Showing 11 changed files with 43 additions and 38 deletions.
diff --git a/auth/authenthicate.go b/auth/authenthicate.go
@@ -22,19 +22,24 @@ import (
 // DefaultRoles default roles set for users
 var DefaultRoles = []string{}
 
-// Authenticate authenticate user and password
+// Authenticate authenticate using user and password adding roles to the principal
+// The principal interface need to be implemented to add roles corresponding to the
+// defined system. If system does not provide roles the DefaultRoles will be added
+// to principal instance
 func (service *AuthenticationServer) Authenticate(principal PrincipalInterface, user, passwd string) error {
 	log.Log.Debugf("Authenticate: %p -> %d", service, service.AuthMethod)
 	switch service.AuthMethod {
 	case FileMethod:
 		log.Log.Debugf("Password file service user %s", user)
-		roles, err := CheckPasswordFileUser(user, passwd)
-		principal.AddRoles(strings.Split(roles, ","))
+		roles, err := callPasswordFileUserAuthenticate(user, passwd)
+		if err == nil {
+			principal.AddRoles(strings.Split(roles, ","))
+		}
 		return err
 	case SystemMethod:
 		log.Log.Debugf("System service name %s", service.Module)
 		principal.AddRoles(DefaultRoles)
-		return SystemAuthenticate(service.Module, user, passwd)
+		return callSystemAuthenticate(service.Module, user, passwd)
 	case LDAPMethod:
 		principal.AddRoles(DefaultRoles)
 		return service.authLDAPRealm(user, passwd)
@@ -44,21 +49,21 @@ func (service *AuthenticationServer) Authenticate(principal PrincipalInterface,
 	case SQLDatabaseMethod:
 		principal.AddRoles(DefaultRoles)
 		log.Log.Debugf("SQL database service name %s", service.Module)
-		return PerDatabase(service.Module, user, passwd)
+		return callDatabaseAuthenticate(service.Module, user, passwd)
 	case PluginMethod:
 		log.Log.Debugf("Plugin database service name %s", service.Module)
-		return CallbackAuthenticate(service, principal, user, passwd)
+		return callbackPluginAuthenticate(service, principal, user, passwd)
 	case CallbackMethod:
 		log.Log.Debugf("Plugin database service name %s", service.Module)
-		return CallbackAuthenticate(service, principal, user, passwd)
+		return callbackPluginAuthenticate(service, principal, user, passwd)
 	default:
-		log.Log.Debugf("Unknown service name %s", service.AuthMethod.Method())
+		log.Log.Debugf("Unknown service name %s", service.AuthMethod)
 	}
 	return errors.New("Authentication method error")
 }
 
-// Method used authorization method
-func (authMethod Method) Method() string {
+// Method used authorization method string info
+func (authMethod Method) String() string {
 	switch authMethod {
 	case SystemMethod:
 		return "System"

diff --git a/auth/basicauth.go b/auth/basicauth.go
@@ -71,7 +71,7 @@ func BasicAuth(user string, pass string) (PrincipalInterface, error) {
 			}
 			return principal, nil
 		}
-		log.Log.Debugf("Authorization(%s/%p) refused for user %s: %v", s.AuthMethod.Method(), s, user, err)
+		log.Log.Debugf("Authorization(%s/%p) refused for user %s: %v", s.AuthMethod, s, user, err)
 		if saveErr == nil {
 			saveErr = err
 		}

diff --git a/auth/callback.go b/auth/callback.go
@@ -51,8 +51,8 @@ func CallbackInit(auth *AuthenticationServer) error {
 	return errors.New(auth.Layer + " callback not found")
 }
 
-// CallbackAuthenticate authenticate user and password to callback
-func CallbackAuthenticate(auth *AuthenticationServer, principal PrincipalInterface, userName, passwd string) error {
+// callbackPluginAuthenticate authenticate user and password to callback
+func callbackPluginAuthenticate(auth *AuthenticationServer, principal PrincipalInterface, userName, passwd string) error {
 	principal.AddRoles(DefaultRoles)
 	if c, ok := callbackMap[auth.Layer]; ok {
 		return c.Authenticate(principal, userName, passwd)

diff --git a/auth/database.go b/auth/database.go
@@ -31,8 +31,8 @@ func RegisterDatabaseForAuth(layer, URL, query string) {
 	listAuthDatabase = append(listAuthDatabase, &authDatabase{layer, URL, query, true})
 }
 
-// PerDatabase authenticate user and password to database
-func PerDatabase(dbName, userName, passwd string) error {
+// callDatabaseAuthenticate authenticate user and password to database
+func callDatabaseAuthenticate(dbName, userName, passwd string) error {
 	log.Log.Debugf("Check %d auth databases", len(listAuthDatabase))
 	for _, ad := range listAuthDatabase {
 		adaptURL := os.ExpandEnv(ad.URL)

diff --git a/auth/database_test.go b/auth/database_test.go
@@ -42,11 +42,11 @@ func TestDatabasePostgresAuth(t *testing.T) {
 
 	RegisterDatabaseForAuth("pgx", pg, "SELECT 1")
 
-	err = PerDatabase("bitgarten", "admin", postgresPassword)
+	err = callDatabaseAuthenticate("bitgarten", "admin", postgresPassword)
 	if !assert.NoError(t, err) {
 		fmt.Println("Unwantend error:", err)
 	}
-	err = PerDatabase("bitgarten", "admin", "xxx")
+	err = callDatabaseAuthenticate("bitgarten", "admin", "xxx")
 	assert.Error(t, err)
 	assert.Equal(t, "password authentication failed for user", err.Error())
 
@@ -68,11 +68,11 @@ func TestDatabaseMySQLAuth(t *testing.T) {
 
 	RegisterDatabaseForAuth("mysql", mysql, "SELECT 1")
 
-	err = PerDatabase("Bitgarten", "admin", mysqlPassword)
+	err = callDatabaseAuthenticate("Bitgarten", "admin", mysqlPassword)
 	if !assert.NoError(t, err) {
 		fmt.Println("Unwantend error:", err)
 	}
-	err = PerDatabase("Bitgarten", "admin", "xxx")
+	err = callDatabaseAuthenticate("Bitgarten", "admin", "xxx")
 	assert.Error(t, err)
 	assert.Equal(t, "password authentication failed for user", err.Error())
 

diff --git a/auth/nopam.go b/auth/nopam.go
@@ -18,7 +18,7 @@ import (
 	"errors"
 )
 
-// SystemAuthenticate authenticate user and password
-func SystemAuthenticate(serviceName, userName, passwd string) error {
+// callSystemAuthenticate authenticate user and password
+func callSystemAuthenticate(serviceName, userName, passwd string) error {
 	return errors.New("Not supported")
 }
diff --git a/auth/pam.go b/auth/pam.go
@@ -21,8 +21,8 @@ import (
 	"github.com/tknie/pam"
 )
 
-// SystemAuthenticate authenticate user and password
-func SystemAuthenticate(pamName, userName, passwd string) error {
+// callSystemAuthenticate authenticate user and password
+func callSystemAuthenticate(pamName, userName, passwd string) error {
 	log.Log.Debugf("Call PAM service=" + pamName)
 	t, err := pam.StartFunc(pamName, userName, func(s pam.Style, msg string) (string, error) {
 		switch s {

diff --git a/auth/passwdfile.go b/auth/passwdfile.go
@@ -386,14 +386,14 @@ func (rfs *PasswordFileStruct) FlushUserToPasswordFile() error {
 	return err
 }
 
-// CheckPasswordFileUser auth user and password for default realm
-func CheckPasswordFileUser(u, password string) (string, error) {
+// callPasswordFileUserAuthenticate auth user and password for default realm
+func callPasswordFileUserAuthenticate(u, password string) (string, error) {
 	if len(passwordFileMap) == 0 {
 		log.Log.Debugf("Init of file realm not done")
 		return "", fmt.Errorf("init file realm not done")
 	}
 	for _, realm := range passwordFileMap {
-		roles, err := realm.CheckPasswordFileUser(u, password)
+		roles, err := realm.callPasswordFileUserAuthenticate(u, password)
 		if err == nil {
 			return roles, err
 		}
@@ -404,8 +404,8 @@ func CheckPasswordFileUser(u, password string) (string, error) {
 	return "", errors.New("User not defined")
 }
 
-// CheckPasswordFileUser auth user and password for default realm
-func (rfs *PasswordFileStruct) CheckPasswordFileUser(u, password string) (string, error) {
+// callPasswordFileUserAuthenticate auth user and password for default realm
+func (rfs *PasswordFileStruct) callPasswordFileUserAuthenticate(u, password string) (string, error) {
 	user := strings.ToLower(u)
 	if em, ok := rfs.loginMap.Load(user); ok {
 		e := em.(*loginEntry)

diff --git a/auth/passwdfile_test.go b/auth/passwdfile_test.go
@@ -45,18 +45,18 @@ func TestRealmUnix(t *testing.T) {
 	assert.Equal(t, "SHA512", le.enc)
 	assert.Equal(t, ", admin, job", le.roles)
 	assert.Equal(t, "c12834f1031f6497214f27d4432f26517ad494156cb88d512bdb1dc4b57db2d692a3dfa269a19b0a0a2a0fd7d6a2a885e33c839c93c206da30a187392847ed27", le.password)
-	roles, err := rfs.CheckPasswordFileUser("admin", "Test123")
+	roles, err := rfs.callPasswordFileUserAuthenticate("admin", "Test123")
 	assert.Nil(t, err)
 	assert.Equal(t, ", admin, job", roles)
-	roles, err = rfs.CheckPasswordFileUser("[email protected]", "testpass")
+	roles, err = rfs.callPasswordFileUserAuthenticate("[email protected]", "testpass")
 	assert.Nil(t, err)
 	assert.Equal(t, ", xxx", roles)
-	_, err = rfs.CheckPasswordFileUser("md5user", "test333")
+	_, err = rfs.callPasswordFileUserAuthenticate("md5user", "test333")
 	assert.Error(t, err)
-	roles, err = rfs.CheckPasswordFileUser("md5user", "Test123")
+	roles, err = rfs.callPasswordFileUserAuthenticate("md5user", "Test123")
 	assert.Nil(t, err)
 	assert.Equal(t, ", user", roles)
-	roles, err = rfs.CheckPasswordFileUser("yyy", "xxx")
+	roles, err = rfs.callPasswordFileUserAuthenticate("yyy", "xxx")
 	assert.Error(t, err, "xx")
 	assert.Equal(t, "", roles)
 }
@@ -87,10 +87,10 @@ func TestRealmWindows(t *testing.T) {
 	assert.Equal(t, "SHA512", le.enc)
 	assert.Equal(t, ", admin, job", le.roles)
 	assert.Equal(t, "c12834f1031f6497214f27d4432f26517ad494156cb88d512bdb1dc4b57db2d692a3dfa269a19b0a0a2a0fd7d6a2a885e33c839c93c206da30a187392847ed27", le.password)
-	roles, err := rfs.CheckPasswordFileUser("admin", "Test123")
+	roles, err := rfs.callPasswordFileUserAuthenticate("admin", "Test123")
 	assert.Nil(t, err)
 	assert.Equal(t, ", admin, job", roles)
-	roles, err = rfs.CheckPasswordFileUser("admin", "testpass")
+	roles, err = rfs.callPasswordFileUserAuthenticate("admin", "testpass")
 	assert.Error(t, err)
 	assert.Equal(t, "password mismatch", err.Error())
 	assert.Empty(t, roles)

diff --git a/auth/windows.go b/auth/windows.go
@@ -43,7 +43,7 @@ func validateUser(userName, passwd string) error {
 	return lastError
 }
 
-// SystemAuthenticate authenticate user and password
-func SystemAuthenticate(serviceName, userName, passwd string) error {
+// callSystemAuthenticate authenticate user and password
+func callSystemAuthenticate(serviceName, userName, passwd string) error {
 	return validateUser(userName, passwd)
 }
diff --git a/auth/windows_test.go b/auth/windows_test.go
@@ -21,6 +21,6 @@ import (
 )
 
 func TestWindowsLogin(t *testing.T) {
-	err := SystemAuthenticate("", "adatest@EUR", "XXXXYYYwrongPassword")
+	err := callSystemAuthenticate("", "adatest@EUR", "XXXXYYYwrongPassword")
 	assert.NoError(t, err)
 }