From 9315a7174f1022af52009978f1b0a4ba01e6e522 Mon Sep 17 00:00:00 2001 From: "Thorsten A. Knieling" Date: Thu, 31 Oct 2024 21:23:54 +0100 Subject: [PATCH] Refactor functions --- auth/authenthicate.go | 25 +++++++++++++++---------- auth/basicauth.go | 2 +- auth/callback.go | 4 ++-- auth/database.go | 4 ++-- auth/database_test.go | 8 ++++---- auth/nopam.go | 4 ++-- auth/pam.go | 4 ++-- auth/passwdfile.go | 10 +++++----- auth/passwdfile_test.go | 14 +++++++------- auth/windows.go | 4 ++-- auth/windows_test.go | 2 +- 11 files changed, 43 insertions(+), 38 deletions(-) diff --git a/auth/authenthicate.go b/auth/authenthicate.go index 7e1c5ef..27c2f2c 100644 --- a/auth/authenthicate.go +++ b/auth/authenthicate.go @@ -22,19 +22,24 @@ import ( // DefaultRoles default roles set for users var DefaultRoles = []string{} -// Authenticate authenticate user and password +// Authenticate authenticate using user and password adding roles to the principal +// The principal interface need to be implemented to add roles corresponding to the +// defined system. If system does not provide roles the DefaultRoles will be added +// to principal instance func (service *AuthenticationServer) Authenticate(principal PrincipalInterface, user, passwd string) error { log.Log.Debugf("Authenticate: %p -> %d", service, service.AuthMethod) switch service.AuthMethod { case FileMethod: log.Log.Debugf("Password file service user %s", user) - roles, err := CheckPasswordFileUser(user, passwd) - principal.AddRoles(strings.Split(roles, ",")) + roles, err := callPasswordFileUserAuthenticate(user, passwd) + if err == nil { + principal.AddRoles(strings.Split(roles, ",")) + } return err case SystemMethod: log.Log.Debugf("System service name %s", service.Module) principal.AddRoles(DefaultRoles) - return SystemAuthenticate(service.Module, user, passwd) + return callSystemAuthenticate(service.Module, user, passwd) case LDAPMethod: principal.AddRoles(DefaultRoles) return service.authLDAPRealm(user, passwd) @@ -44,21 +49,21 @@ func (service *AuthenticationServer) Authenticate(principal PrincipalInterface, case SQLDatabaseMethod: principal.AddRoles(DefaultRoles) log.Log.Debugf("SQL database service name %s", service.Module) - return PerDatabase(service.Module, user, passwd) + return callDatabaseAuthenticate(service.Module, user, passwd) case PluginMethod: log.Log.Debugf("Plugin database service name %s", service.Module) - return CallbackAuthenticate(service, principal, user, passwd) + return callbackPluginAuthenticate(service, principal, user, passwd) case CallbackMethod: log.Log.Debugf("Plugin database service name %s", service.Module) - return CallbackAuthenticate(service, principal, user, passwd) + return callbackPluginAuthenticate(service, principal, user, passwd) default: - log.Log.Debugf("Unknown service name %s", service.AuthMethod.Method()) + log.Log.Debugf("Unknown service name %s", service.AuthMethod) } return errors.New("Authentication method error") } -// Method used authorization method -func (authMethod Method) Method() string { +// Method used authorization method string info +func (authMethod Method) String() string { switch authMethod { case SystemMethod: return "System" diff --git a/auth/basicauth.go b/auth/basicauth.go index bf3fc76..2b09483 100644 --- a/auth/basicauth.go +++ b/auth/basicauth.go @@ -71,7 +71,7 @@ func BasicAuth(user string, pass string) (PrincipalInterface, error) { } return principal, nil } - log.Log.Debugf("Authorization(%s/%p) refused for user %s: %v", s.AuthMethod.Method(), s, user, err) + log.Log.Debugf("Authorization(%s/%p) refused for user %s: %v", s.AuthMethod, s, user, err) if saveErr == nil { saveErr = err } diff --git a/auth/callback.go b/auth/callback.go index 765d608..fc44d88 100644 --- a/auth/callback.go +++ b/auth/callback.go @@ -51,8 +51,8 @@ func CallbackInit(auth *AuthenticationServer) error { return errors.New(auth.Layer + " callback not found") } -// CallbackAuthenticate authenticate user and password to callback -func CallbackAuthenticate(auth *AuthenticationServer, principal PrincipalInterface, userName, passwd string) error { +// callbackPluginAuthenticate authenticate user and password to callback +func callbackPluginAuthenticate(auth *AuthenticationServer, principal PrincipalInterface, userName, passwd string) error { principal.AddRoles(DefaultRoles) if c, ok := callbackMap[auth.Layer]; ok { return c.Authenticate(principal, userName, passwd) diff --git a/auth/database.go b/auth/database.go index 5f01326..64e8c79 100644 --- a/auth/database.go +++ b/auth/database.go @@ -31,8 +31,8 @@ func RegisterDatabaseForAuth(layer, URL, query string) { listAuthDatabase = append(listAuthDatabase, &authDatabase{layer, URL, query, true}) } -// PerDatabase authenticate user and password to database -func PerDatabase(dbName, userName, passwd string) error { +// callDatabaseAuthenticate authenticate user and password to database +func callDatabaseAuthenticate(dbName, userName, passwd string) error { log.Log.Debugf("Check %d auth databases", len(listAuthDatabase)) for _, ad := range listAuthDatabase { adaptURL := os.ExpandEnv(ad.URL) diff --git a/auth/database_test.go b/auth/database_test.go index d4c4a72..00895ae 100644 --- a/auth/database_test.go +++ b/auth/database_test.go @@ -42,11 +42,11 @@ func TestDatabasePostgresAuth(t *testing.T) { RegisterDatabaseForAuth("pgx", pg, "SELECT 1") - err = PerDatabase("bitgarten", "admin", postgresPassword) + err = callDatabaseAuthenticate("bitgarten", "admin", postgresPassword) if !assert.NoError(t, err) { fmt.Println("Unwantend error:", err) } - err = PerDatabase("bitgarten", "admin", "xxx") + err = callDatabaseAuthenticate("bitgarten", "admin", "xxx") assert.Error(t, err) assert.Equal(t, "password authentication failed for user", err.Error()) @@ -68,11 +68,11 @@ func TestDatabaseMySQLAuth(t *testing.T) { RegisterDatabaseForAuth("mysql", mysql, "SELECT 1") - err = PerDatabase("Bitgarten", "admin", mysqlPassword) + err = callDatabaseAuthenticate("Bitgarten", "admin", mysqlPassword) if !assert.NoError(t, err) { fmt.Println("Unwantend error:", err) } - err = PerDatabase("Bitgarten", "admin", "xxx") + err = callDatabaseAuthenticate("Bitgarten", "admin", "xxx") assert.Error(t, err) assert.Equal(t, "password authentication failed for user", err.Error()) diff --git a/auth/nopam.go b/auth/nopam.go index 9dd130b..2a2b223 100644 --- a/auth/nopam.go +++ b/auth/nopam.go @@ -18,7 +18,7 @@ import ( "errors" ) -// SystemAuthenticate authenticate user and password -func SystemAuthenticate(serviceName, userName, passwd string) error { +// callSystemAuthenticate authenticate user and password +func callSystemAuthenticate(serviceName, userName, passwd string) error { return errors.New("Not supported") } diff --git a/auth/pam.go b/auth/pam.go index b697126..816c1ac 100644 --- a/auth/pam.go +++ b/auth/pam.go @@ -21,8 +21,8 @@ import ( "github.com/tknie/pam" ) -// SystemAuthenticate authenticate user and password -func SystemAuthenticate(pamName, userName, passwd string) error { +// callSystemAuthenticate authenticate user and password +func callSystemAuthenticate(pamName, userName, passwd string) error { log.Log.Debugf("Call PAM service=" + pamName) t, err := pam.StartFunc(pamName, userName, func(s pam.Style, msg string) (string, error) { switch s { diff --git a/auth/passwdfile.go b/auth/passwdfile.go index e3400f0..80b1167 100644 --- a/auth/passwdfile.go +++ b/auth/passwdfile.go @@ -386,14 +386,14 @@ func (rfs *PasswordFileStruct) FlushUserToPasswordFile() error { return err } -// CheckPasswordFileUser auth user and password for default realm -func CheckPasswordFileUser(u, password string) (string, error) { +// callPasswordFileUserAuthenticate auth user and password for default realm +func callPasswordFileUserAuthenticate(u, password string) (string, error) { if len(passwordFileMap) == 0 { log.Log.Debugf("Init of file realm not done") return "", fmt.Errorf("init file realm not done") } for _, realm := range passwordFileMap { - roles, err := realm.CheckPasswordFileUser(u, password) + roles, err := realm.callPasswordFileUserAuthenticate(u, password) if err == nil { return roles, err } @@ -404,8 +404,8 @@ func CheckPasswordFileUser(u, password string) (string, error) { return "", errors.New("User not defined") } -// CheckPasswordFileUser auth user and password for default realm -func (rfs *PasswordFileStruct) CheckPasswordFileUser(u, password string) (string, error) { +// callPasswordFileUserAuthenticate auth user and password for default realm +func (rfs *PasswordFileStruct) callPasswordFileUserAuthenticate(u, password string) (string, error) { user := strings.ToLower(u) if em, ok := rfs.loginMap.Load(user); ok { e := em.(*loginEntry) diff --git a/auth/passwdfile_test.go b/auth/passwdfile_test.go index b94f23e..9a0ce80 100644 --- a/auth/passwdfile_test.go +++ b/auth/passwdfile_test.go @@ -45,18 +45,18 @@ func TestRealmUnix(t *testing.T) { assert.Equal(t, "SHA512", le.enc) assert.Equal(t, ", admin, job", le.roles) assert.Equal(t, "c12834f1031f6497214f27d4432f26517ad494156cb88d512bdb1dc4b57db2d692a3dfa269a19b0a0a2a0fd7d6a2a885e33c839c93c206da30a187392847ed27", le.password) - roles, err := rfs.CheckPasswordFileUser("admin", "Test123") + roles, err := rfs.callPasswordFileUserAuthenticate("admin", "Test123") assert.Nil(t, err) assert.Equal(t, ", admin, job", roles) - roles, err = rfs.CheckPasswordFileUser("tkn@domain.com", "testpass") + roles, err = rfs.callPasswordFileUserAuthenticate("tkn@domain.com", "testpass") assert.Nil(t, err) assert.Equal(t, ", xxx", roles) - _, err = rfs.CheckPasswordFileUser("md5user", "test333") + _, err = rfs.callPasswordFileUserAuthenticate("md5user", "test333") assert.Error(t, err) - roles, err = rfs.CheckPasswordFileUser("md5user", "Test123") + roles, err = rfs.callPasswordFileUserAuthenticate("md5user", "Test123") assert.Nil(t, err) assert.Equal(t, ", user", roles) - roles, err = rfs.CheckPasswordFileUser("yyy", "xxx") + roles, err = rfs.callPasswordFileUserAuthenticate("yyy", "xxx") assert.Error(t, err, "xx") assert.Equal(t, "", roles) } @@ -87,10 +87,10 @@ func TestRealmWindows(t *testing.T) { assert.Equal(t, "SHA512", le.enc) assert.Equal(t, ", admin, job", le.roles) assert.Equal(t, "c12834f1031f6497214f27d4432f26517ad494156cb88d512bdb1dc4b57db2d692a3dfa269a19b0a0a2a0fd7d6a2a885e33c839c93c206da30a187392847ed27", le.password) - roles, err := rfs.CheckPasswordFileUser("admin", "Test123") + roles, err := rfs.callPasswordFileUserAuthenticate("admin", "Test123") assert.Nil(t, err) assert.Equal(t, ", admin, job", roles) - roles, err = rfs.CheckPasswordFileUser("admin", "testpass") + roles, err = rfs.callPasswordFileUserAuthenticate("admin", "testpass") assert.Error(t, err) assert.Equal(t, "password mismatch", err.Error()) assert.Empty(t, roles) diff --git a/auth/windows.go b/auth/windows.go index 4c95c0d..c12044d 100644 --- a/auth/windows.go +++ b/auth/windows.go @@ -43,7 +43,7 @@ func validateUser(userName, passwd string) error { return lastError } -// SystemAuthenticate authenticate user and password -func SystemAuthenticate(serviceName, userName, passwd string) error { +// callSystemAuthenticate authenticate user and password +func callSystemAuthenticate(serviceName, userName, passwd string) error { return validateUser(userName, passwd) } diff --git a/auth/windows_test.go b/auth/windows_test.go index 79de310..87e7dc7 100644 --- a/auth/windows_test.go +++ b/auth/windows_test.go @@ -21,6 +21,6 @@ import ( ) func TestWindowsLogin(t *testing.T) { - err := SystemAuthenticate("", "adatest@EUR", "XXXXYYYwrongPassword") + err := callSystemAuthenticate("", "adatest@EUR", "XXXXYYYwrongPassword") assert.NoError(t, err) }