135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add token schema and validation

Browse Source
This commit is contained in:
Oliver Gorwits
2018-10-21 17:31:52 +01:00
parent fb4e5c0793
commit f01bc6a695
8 changed files with 80 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/App/Netdisco/DB.pm
View File

@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
); );
our # try to hide from kwalitee our # try to hide from kwalitee
$VERSION = 53; # schema version used for upgrades, keep as integer $VERSION = 54; # schema version used for upgrades, keep as integer
use Path::Class; use Path::Class;
use File::ShareDir 'dist_dir'; use File::ShareDir 'dist_dir';

4
lib/App/Netdisco/DB/Result/User.pm
View File

@@ -14,6 +14,10 @@ __PACKAGE__->add_columns(
{ data_type => "varchar", is_nullable => 0, size => 50 }, { data_type => "varchar", is_nullable => 0, size => 50 },
"password", "password",
{ data_type => "text", is_nullable => 1 }, { data_type => "text", is_nullable => 1 },
"token",
{ data_type => "text", is_nullable => 1 },
"token_from",
{ data_type => "integer", is_nullable => 1 },
"creation", "creation",
{ {
data_type => "timestamp", data_type => "timestamp",

21
lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
View File

@@ -53,6 +53,27 @@ sub get_user_details {
return $user; return $user;
} }
sub validate_api_token {
my ($self, $token) = @_;
return unless defined $token;
my $settings = $self->realm_settings;
my $database = schema($settings->{schema_name})
or die "No database connection";
my $users_table = $settings->{users_resultset} || 'User';
my $token_column = $settings->{users_token_column} || 'token';
my $user = try {
$database->resultset($users_table)->find({ $token_column => $token });
};
return $user->username
if $user and $user->in_storage and $user->token_from
and $user->token_from > (time - setting('api_token_lifetime'));
return undef;
}
sub get_user_roles { sub get_user_roles {
my ($self, $username) = @_; my ($self, $username) = @_;
return unless defined $username; return unless defined $username;

18
lib/App/Netdisco/Web/AuthN.pm
View File

@@ -36,6 +36,14 @@ hook 'before' => sub {
session(logged_in_user => $user); session(logged_in_user => $user);
session(logged_in_user_realm => 'users'); session(logged_in_user_realm => 'users');
} }
elsif (setting('api_token_lifetime')
and index(request->path,uri_for('/api/')->path) == 0) {
my $user = $provider->validate_api_token(param('token'))
or return;
session(logged_in_user => $user);
session(logged_in_user_realm => 'users');
}
elsif (setting('no_auth')) { elsif (setting('no_auth')) {
session(logged_in_user => 'guest'); session(logged_in_user => 'guest');
session(logged_in_user_realm => 'users'); session(logged_in_user_realm => 'users');
@@ -56,16 +64,16 @@ post '/login' => sub {
my $mode = (request->is_ajax ? 'WebData' my $mode = (request->is_ajax ? 'WebData'
: request->header('Authorization') ? 'API' : request->header('Authorization') ? 'API'
: 'WebUI'); : 'WebUI');
# get authN data from request (HTTP BasicAuth or URL params) # get authN data from request (HTTP BasicAuth or URL params)
my $authheader = request->header('Authorization'); my $authheader = request->header('Authorization');
my ($u, $p) = (param('username'), param('password'));
if (defined $authheader and $authheader =~ /^Basic (.*)$/) { if (defined $authheader and $authheader =~ /^Basic (.*)$/) {
($u, $p) = split(m/:/, (MIME::Base64::decode($1) || ":")); my ($u, $p) = split(m/:/, (MIME::Base64::decode($1) || ":"));
params->{username} = $u;
params->{password} = $p;
} }
# test authN # test authN
my ($success, $realm) = authenticate_user( $u, $p ); my ($success, $realm) = authenticate_user(param('username'),param('password'));
if ($success) { if ($success) {
my $user = schema('netdisco')->resultset('User') my $user = schema('netdisco')->resultset('User')
@@ -92,7 +100,7 @@ post '/login' => sub {
$user->update({ $user->update({
token_from => time, token_from => time,
token => \'md5(random()::text)', token => \'md5(random()::text)',
}); })->discard_changes();
} }
return 'token:'. $user->token; return 'token:'. $user->token;
} }

2
lib/App/Netdisco/Worker/Plugin/Delete.pm
View File

@@ -8,7 +8,7 @@ use App::Netdisco::Util::Device 'delete_device';
register_worker({ phase => 'check' }, sub { register_worker({ phase => 'check' }, sub {
return Status->error('Missing device (-d).') return Status->error('Missing device (-d).')
unless defined shift->device; unless shift->device;
return Status->done('Delete is able to run'); return Status->done('Delete is able to run');
}); });

32
lib/App/Netdisco/Worker/Plugin/SetUserToken.pm Normal file
View File

@@ -0,0 +1,32 @@
package App::Netdisco::Worker::Plugin::SetUserToken;
use Dancer ':syntax';
use Dancer::Plugin::DBIC 'schema';
use App::Netdisco::Worker::Plugin;
use aliased 'App::Netdisco::Worker::Status';
register_worker({ phase => 'check' }, sub {
return Status->error('Missing user (-e).')
unless shift->extra;
return Status->done('SetUserToken is able to run');
});
register_worker({ phase => 'main' }, sub {
my ($job, $workerconf) = @_;
my $username = $job->extra;
my $user = schema('netdisco')->resultset('User')
->find({ username => $username });
return Status->error("No such user")
unless $user and $user->in_storage;
$user->update({ token_from => time, token => \'md5(random()::text)' })
->discard_changes();
return Status->done(
sprintf 'Set token for user %s: %s', $username, $user->token);
});
true;

1
share/config.yml
View File

@@ -400,6 +400,7 @@ worker_plugins:
- 'Power' - 'Power'
- 'Psql' - 'Psql'
- 'Renumber' - 'Renumber'
- 'SetUserToken'
- 'Show' - 'Show'
- 'Stats' - 'Stats'
- 'Vlan' - 'Vlan'

7
share/schema_versions/App-Netdisco-DB-53-54-PostgreSQL.sql Normal file
View File

@@ -0,0 +1,7 @@
BEGIN;
ALTER TABLE users ADD COLUMN "token" text;
ALTER TABLE users ADD COLUMN "token_from" integer;
COMMIT;