Stephen D Marshall
committed by
GitHub Enterprise
GitHub Enterprise
parent
7f14cc2751
commit
c8de2df2cf
153
internal/htpasswd/htpasswd.go
Normal file
153
internal/htpasswd/htpasswd.go
Normal file
@@ -0,0 +1,153 @@
|
||||
/*
|
||||
© Copyright IBM Corporation 2020
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
//This is a developer only configuration and not recommended for production usage.
|
||||
|
||||
package htpasswd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type mapHtPasswd map[string]string
|
||||
|
||||
func encryptPassword(password string) (string, error) {
|
||||
passwordBytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(passwordBytes), nil
|
||||
}
|
||||
|
||||
// SetPassword sets encrypted password for the user into htpasswd file
|
||||
func SetPassword(user string, password string, isTest bool) error {
|
||||
|
||||
if len(strings.TrimSpace(user)) == 0 || len(strings.TrimSpace(password)) == 0 {
|
||||
return fmt.Errorf("UserId or Password are empty")
|
||||
}
|
||||
|
||||
passwords := mapHtPasswd(map[string]string{})
|
||||
|
||||
// Read the password file
|
||||
err := passwords.ReadHtPasswordFile(isTest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
pwd, err := encryptPassword(password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Set the new password
|
||||
passwords[user] = pwd
|
||||
|
||||
// Update the password file
|
||||
return passwords.updateHtPasswordFile(isTest)
|
||||
}
|
||||
|
||||
// GetBytes return the Bytes representation of the htpassword file
|
||||
func (htpfile mapHtPasswd) GetBytes() (passwordBytes []byte) {
|
||||
passwordBytes = []byte{}
|
||||
for name, hash := range htpfile {
|
||||
passwordBytes = append(passwordBytes, []byte(name+":"+hash+"\n")...)
|
||||
}
|
||||
return passwordBytes
|
||||
}
|
||||
|
||||
// ReadHtPasswordFile parses the htpasswd file
|
||||
func (htpfile mapHtPasswd) ReadHtPasswordFile(isTest bool) error {
|
||||
|
||||
file := "/etc/mqm/mq.htpasswd"
|
||||
if isTest {
|
||||
file = "my.htpasswd"
|
||||
}
|
||||
|
||||
pwdsBytes, err := ioutil.ReadFile(file)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
lines := strings.Split(string(pwdsBytes), "\n")
|
||||
for _, line := range lines {
|
||||
line = strings.TrimSpace(line)
|
||||
if len(line) == 0 {
|
||||
continue
|
||||
}
|
||||
parts := strings.Split(line, ":")
|
||||
if len(parts) != 2 {
|
||||
continue
|
||||
}
|
||||
for i, part := range parts {
|
||||
parts[i] = strings.TrimSpace(part)
|
||||
}
|
||||
htpfile[parts[0]] = parts[1]
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (htpfile mapHtPasswd) updateHtPasswordFile(isTest bool) error {
|
||||
|
||||
file := "/etc/mqm/mq.htpasswd"
|
||||
if isTest {
|
||||
file = "my.htpasswd"
|
||||
}
|
||||
return ioutil.WriteFile(file, htpfile.GetBytes(), 0660)
|
||||
}
|
||||
|
||||
// AuthenticateUser verifies if the given user password match with htpasswrd
|
||||
func AuthenticateUser(user string, password string, isTest bool) (bool, bool, error) {
|
||||
passwords := mapHtPasswd(map[string]string{})
|
||||
|
||||
if len(strings.TrimSpace(user)) == 0 || len(strings.TrimSpace(password)) == 0 {
|
||||
return false, false, fmt.Errorf("UserId or Password are empty")
|
||||
}
|
||||
|
||||
err := passwords.ReadHtPasswordFile(isTest)
|
||||
if err != nil {
|
||||
return false, false, err
|
||||
}
|
||||
|
||||
ok := false
|
||||
value, found := passwords[user]
|
||||
|
||||
if !found {
|
||||
return found, ok, fmt.Errorf("User not found in the mq.htpasswd file")
|
||||
}
|
||||
|
||||
err = bcrypt.CompareHashAndPassword([]byte(value), []byte(password))
|
||||
return found, err == nil, err
|
||||
}
|
||||
|
||||
// ValidateUser validates the given user
|
||||
func ValidateUser(user string, isTest bool) (bool, error) {
|
||||
passwords := mapHtPasswd(map[string]string{})
|
||||
|
||||
if len(strings.TrimSpace(user)) == 0 {
|
||||
return false, fmt.Errorf("Userid is empty for AuthenticateUser")
|
||||
}
|
||||
|
||||
err := passwords.ReadHtPasswordFile(isTest)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
_, found := passwords[strings.TrimSpace(user)]
|
||||
return found, nil
|
||||
}
|
||||
62
internal/htpasswd/htpasswd_test.go
Normal file
62
internal/htpasswd/htpasswd_test.go
Normal file
@@ -0,0 +1,62 @@
|
||||
/*
|
||||
© Copyright IBM Corporation 2020
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
package htpasswd
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
// TestCheckUser verifies Htpassword's use
|
||||
func TestCheckUser(t *testing.T) {
|
||||
err := SetPassword("guest", "guestpw", true)
|
||||
if err != nil {
|
||||
t.Fatalf("htpassword test failed due to error:%s\n", err.Error())
|
||||
}
|
||||
found, ok, err := AuthenticateUser("guest", "guestpw", true)
|
||||
if err != nil {
|
||||
t.Fatalf("htpassword test1 failed as user could not be found:%s\n", err.Error())
|
||||
}
|
||||
if found == false || ok == false {
|
||||
t.Fatalf("htpassword test1 failed as user could not be found:%v, ok:%v\n", found, ok)
|
||||
}
|
||||
|
||||
found, ok, err = AuthenticateUser("myguest", "guestpw", true)
|
||||
if err == nil {
|
||||
t.Fatalf("htpassword test2 failed as no error received for non-existing user\n")
|
||||
}
|
||||
if found == true || ok == true {
|
||||
t.Fatalf("htpassword test2 failed for non-existing user found :%v, ok:%v\n", found, ok)
|
||||
}
|
||||
|
||||
found, ok, err = AuthenticateUser("guest", "guest", true)
|
||||
if err == nil {
|
||||
t.Fatalf("htpassword test3 failed as incorrect password of user did not return error\n")
|
||||
}
|
||||
|
||||
if found == false || ok == true {
|
||||
t.Fatalf("htpassword test3 failed for existing user with incorrect passwored found :%v, ok:%v\n", found, ok)
|
||||
}
|
||||
|
||||
found, err = ValidateUser("guest", true)
|
||||
if err != nil || found == false {
|
||||
t.Fatalf("htpassword test4 failed as user could not be found:%v, ok:%v\n", found, ok)
|
||||
}
|
||||
|
||||
found, err = ValidateUser("myguest", true)
|
||||
if err != nil || found == true {
|
||||
t.Fatalf("htpassword test5 failed as non-existing user returned to be found:%v, ok:%v\n", found, ok)
|
||||
}
|
||||
}
|
||||
1
internal/htpasswd/my.htpasswd
Normal file
1
internal/htpasswd/my.htpasswd
Normal file
@@ -0,0 +1 @@
|
||||
guest:$2y$05$ifFP0nCmFed6.m4iB9CHRuHFps2YeeuwopmOvszWt0GRnN59p8qxW
|
||||
Reference in New Issue
Block a user