add token schema and validation

2018-10-21 17:31:52 +01:00
parent fb4e5c0793
commit f01bc6a695
8 changed files with 80 additions and 7 deletions
--- a/lib/App/Netdisco/DB.pm
+++ b/lib/App/Netdisco/DB.pm
@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
 );

 our # try to hide from kwalitee
-  $VERSION = 53; # schema version used for upgrades, keep as integer
+  $VERSION = 54; # schema version used for upgrades, keep as integer

 use Path::Class;
 use File::ShareDir 'dist_dir';
--- a/lib/App/Netdisco/DB/Result/User.pm
+++ b/lib/App/Netdisco/DB/Result/User.pm
@@ -14,6 +14,10 @@ __PACKAGE__->add_columns(
  { data_type => "varchar", is_nullable => 0, size => 50 },
  "password",
  { data_type => "text", is_nullable => 1 },
+  "token",
+  { data_type => "text", is_nullable => 1 },
+  "token_from",
+  { data_type => "integer", is_nullable => 1 },
  "creation",
  {
    data_type     => "timestamp",
--- a/lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
+++ b/lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
@@ -53,6 +53,27 @@ sub get_user_details {
    return $user;
 }

+sub validate_api_token {
+    my ($self, $token) = @_;
+    return unless defined $token;
+
+    my $settings = $self->realm_settings;
+    my $database = schema($settings->{schema_name})
+        or die "No database connection";
+
+    my $users_table  = $settings->{users_resultset}    || 'User';
+    my $token_column = $settings->{users_token_column} || 'token';
+
+    my $user = try {
+      $database->resultset($users_table)->find({ $token_column => $token });
+    };
+
+    return $user->username
+      if $user and $user->in_storage and $user->token_from
+        and $user->token_from > (time - setting('api_token_lifetime'));
+    return undef;
+}
+
 sub get_user_roles {
    my ($self, $username) = @_;
    return unless defined $username;
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -36,6 +36,14 @@ hook 'before' => sub {
            session(logged_in_user => $user);
            session(logged_in_user_realm => 'users');
        }
+        elsif (setting('api_token_lifetime')
+          and index(request->path,uri_for('/api/')->path) == 0) {
+
+            my $user = $provider->validate_api_token(param('token'))
+              or return;
+            session(logged_in_user => $user);
+            session(logged_in_user_realm => 'users');
+        }
        elsif (setting('no_auth')) {
            session(logged_in_user => 'guest');
            session(logged_in_user_realm => 'users');
@@ -56,16 +64,16 @@ post '/login' => sub {
    my $mode = (request->is_ajax ? 'WebData'
                                 : request->header('Authorization') ? 'API'
                                                                    : 'WebUI');
-
    # get authN data from request (HTTP BasicAuth or URL params)
    my $authheader = request->header('Authorization');
-    my ($u, $p) = (param('username'), param('password'));
    if (defined $authheader and $authheader =~ /^Basic (.*)$/) {
-        ($u, $p) = split(m/:/, (MIME::Base64::decode($1) || ":"));
+        my ($u, $p) = split(m/:/, (MIME::Base64::decode($1) || ":"));
+        params->{username} = $u;
+        params->{password} = $p;
    }

    # test authN
-    my ($success, $realm) = authenticate_user( $u, $p );
+    my ($success, $realm) = authenticate_user(param('username'),param('password'));

    if ($success) {
        my $user = schema('netdisco')->resultset('User')
@@ -92,7 +100,7 @@ post '/login' => sub {
              $user->update({
                token_from => time,
                token => \'md5(random()::text)',
-              });
+              })->discard_changes();
            }
            return 'token:'. $user->token;
        }
--- a/lib/App/Netdisco/Worker/Plugin/Delete.pm
+++ b/lib/App/Netdisco/Worker/Plugin/Delete.pm
@@ -8,7 +8,7 @@ use App::Netdisco::Util::Device 'delete_device';

 register_worker({ phase => 'check' }, sub {
  return Status->error('Missing device (-d).')
-    unless defined shift->device;
+    unless shift->device;
  return Status->done('Delete is able to run');
 });

--- a/lib/App/Netdisco/Worker/Plugin/SetUserToken.pm
+++ b/lib/App/Netdisco/Worker/Plugin/SetUserToken.pm
@@ -0,0 +1,32 @@
+package App::Netdisco::Worker::Plugin::SetUserToken;
+
+use Dancer ':syntax';
+use Dancer::Plugin::DBIC 'schema';
+
+use App::Netdisco::Worker::Plugin;
+use aliased 'App::Netdisco::Worker::Status';
+
+register_worker({ phase => 'check' }, sub {
+  return Status->error('Missing user (-e).')
+    unless shift->extra;
+  return Status->done('SetUserToken is able to run');
+});
+
+register_worker({ phase => 'main' }, sub {
+  my ($job, $workerconf) = @_;
+  my $username = $job->extra;
+
+  my $user = schema('netdisco')->resultset('User')
+    ->find({ username => $username });
+
+  return Status->error("No such user")
+    unless $user and $user->in_storage;
+
+  $user->update({ token_from => time, token => \'md5(random()::text)' })
+    ->discard_changes();
+
+  return Status->done(
+    sprintf 'Set token for user %s: %s', $username, $user->token);
+});
+
+true;
--- a/share/config.yml
+++ b/share/config.yml
@@ -400,6 +400,7 @@ worker_plugins:
  - 'Power'
  - 'Psql'
  - 'Renumber'
+  - 'SetUserToken'
  - 'Show'
  - 'Stats'
  - 'Vlan'
--- a/share/schema_versions/App-Netdisco-DB-53-54-PostgreSQL.sql
+++ b/share/schema_versions/App-Netdisco-DB-53-54-PostgreSQL.sql
@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE users ADD COLUMN "token" text;
+
+ALTER TABLE users ADD COLUMN "token_from" integer;
+
+COMMIT;