aboutsummaryrefslogtreecommitdiffstats
path: root/bridge/core/auth/credential.go
diff options
context:
space:
mode:
authorMichael Muré <batolettre@gmail.com>2020-02-12 18:32:01 +0100
committerMichael Muré <batolettre@gmail.com>2020-02-12 23:37:57 +0100
commit34083de0df5187caed3f788c1dcedf7196180206 (patch)
tree62f550b068f7dea989cfd232385181b5f6eba105 /bridge/core/auth/credential.go
parent9f3618d886d461ea806468a8c690a4a303d66d9b (diff)
downloadgit-bug-34083de0df5187caed3f788c1dcedf7196180206.tar.gz
auth: refactor and introduce Login and LoginPassword, salt IDs
Diffstat (limited to 'bridge/core/auth/credential.go')
-rw-r--r--bridge/core/auth/credential.go46
1 files changed, 43 insertions, 3 deletions
diff --git a/bridge/core/auth/credential.go b/bridge/core/auth/credential.go
index 6dcac09f..86cf737e 100644
--- a/bridge/core/auth/credential.go
+++ b/bridge/core/auth/credential.go
@@ -1,6 +1,8 @@
package auth
import (
+ "crypto/rand"
+ "encoding/base64"
"errors"
"fmt"
"regexp"
@@ -16,6 +18,7 @@ const (
configKeyKind = "kind"
configKeyTarget = "target"
configKeyCreateTime = "createtime"
+ configKeySalt = "salt"
configKeyPrefixMeta = "meta."
MetaKeyLogin = "login"
@@ -26,6 +29,7 @@ type CredentialKind string
const (
KindToken CredentialKind = "token"
+ KindLogin CredentialKind = "login"
KindLoginPassword CredentialKind = "login-password"
)
@@ -37,9 +41,10 @@ func NewErrMultipleMatchCredential(matching []entity.Id) *entity.ErrMultipleMatc
type Credential interface {
ID() entity.Id
- Target() string
Kind() CredentialKind
+ Target() string
CreateTime() time.Time
+ Salt() []byte
Validate() error
Metadata() map[string]string
@@ -47,7 +52,7 @@ type Credential interface {
SetMetadata(key string, value string)
// Return all the specific properties of the credential that need to be saved into the configuration.
- // This does not include Target, Kind, CreateTime and Metadata.
+ // This does not include Target, Kind, CreateTime, Metadata or Salt.
toConfig() map[string]string
}
@@ -108,15 +113,23 @@ func loadFromConfig(rawConfigs map[string]string, id entity.Id) (Credential, err
}
var cred Credential
+ var err error
switch CredentialKind(configs[configKeyKind]) {
case KindToken:
- cred = NewTokenFromConfig(configs)
+ cred, err = NewTokenFromConfig(configs)
+ case KindLogin:
+ cred, err = NewLoginFromConfig(configs)
case KindLoginPassword:
+ cred, err = NewLoginPasswordFromConfig(configs)
default:
return nil, fmt.Errorf("unknown credential type %s", configs[configKeyKind])
}
+ if err != nil {
+ return nil, fmt.Errorf("loading credential: %v", err)
+ }
+
return cred, nil
}
@@ -134,6 +147,23 @@ func metaFromConfig(configs map[string]string) map[string]string {
return result
}
+func makeSalt() []byte {
+ result := make([]byte, 16)
+ _, err := rand.Read(result)
+ if err != nil {
+ panic(err)
+ }
+ return result
+}
+
+func saltFromConfig(configs map[string]string) ([]byte, error) {
+ val, ok := configs[configKeySalt]
+ if !ok {
+ return nil, fmt.Errorf("no credential salt found")
+ }
+ return base64.StdEncoding.DecodeString(val)
+}
+
// List load all existing credentials
func List(repo repository.RepoConfig, opts ...Option) ([]Credential, error) {
rawConfigs, err := repo.GlobalConfig().ReadAll(configKeyPrefix + ".")
@@ -211,6 +241,16 @@ func Store(repo repository.RepoConfig, cred Credential) error {
return err
}
+ // Salt
+ if len(cred.Salt()) != 16 {
+ panic("credentials need to be salted")
+ }
+ encoded := base64.StdEncoding.EncodeToString(cred.Salt())
+ err = repo.GlobalConfig().StoreString(prefix+configKeySalt, encoded)
+ if err != nil {
+ return err
+ }
+
// Metadata
for key, val := range cred.Metadata() {
err := repo.GlobalConfig().StoreString(prefix+configKeyPrefixMeta+key, val)