Finally all working well

jmpsec · Oct 31, 2019 · 740e1b5 · 740e1b5
1 parent 328efb2
commit 740e1b5
Show file tree

Hide file tree

Showing 13 changed files with 20 additions and 21 deletions.
diff --git a/cmd/admin/handlers-post.go b/cmd/admin/handlers-post.go
@@ -1232,7 +1232,7 @@ func usersPOSTHandler(w http.ResponseWriter, r *http.Request) {
 							}
 						}
 						if newUser.Admin {
-							token, exp, err := adminUsers.CreateToken(newUser.Username, adminLevel, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
+							token, exp, err := adminUsers.CreateToken(newUser.Username, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
 							if err != nil {
 								responseMessage = "error creating token"
 								responseCode = http.StatusInternalServerError
@@ -1287,7 +1287,7 @@ func usersPOSTHandler(w http.ResponseWriter, r *http.Request) {
 						}
 					}
 					if u.Admin {
-						token, exp, err := adminUsers.CreateToken(u.Username, adminLevel, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
+						token, exp, err := adminUsers.CreateToken(u.Username, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
 						if err != nil {
 							responseMessage = "error creating token"
 							responseCode = http.StatusInternalServerError

diff --git a/cmd/admin/handlers-tokens.go b/cmd/admin/handlers-tokens.go
@@ -102,7 +102,7 @@ func tokensPOSTHandler(w http.ResponseWriter, r *http.Request) {
 					return
 				}
 				if user.Admin {
-					token, exp, err := adminUsers.CreateToken(user.Username, "admin", jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
+					token, exp, err := adminUsers.CreateToken(user.Username, jwtConfig.HoursToExpire, jwtConfig.JWTSecret)
 					if err != nil {
 						adminErrorResponse(w, "error creating token", http.StatusInternalServerError, err)
 						return

diff --git a/cmd/admin/main.go b/cmd/admin/main.go
@@ -189,22 +189,19 @@ func init() {
 		if err != nil {
 			log.Fatalf("Error loading %s - %s", *samlFlag, err)
 		}
-		return
 	}
 	// Load configuration for Headers if enabled
 	if adminConfig.Auth == settings.AuthHeaders {
 		headersConfig, err = loadHeaders(*headersFlag)
 		if err != nil {
 			log.Fatalf("Error loading %s - %s", *headersFlag, err)
 		}
-		return
 	}
 	// Load JWT configuration
 	jwtConfig, err = loadJWTConfiguration(*jwtFlag)
 	if err != nil {
 		log.Fatalf("Error loading %s - %s", *jwtFlag, err)
 	}
-	return
 }
 
 // Go go!

diff --git a/cmd/admin/static/js/users.js b/cmd/admin/static/js/users.js
@@ -74,6 +74,8 @@ function showAPIToken(_token, _exp, _username) {
 }
 
 function refreshUserToken() {
+  $("#refreshTokenButton").prop("disabled", true);
+  $("#refreshTokenButton").html('<i class="fa fa-cog fa-spin fa-2x fa-fw"></i>');
   var _csrftoken = $("#csrftoken").val();
   var _username = $("#user_token_username").val();
 
@@ -85,5 +87,7 @@ function refreshUserToken() {
     console.log(data);
     $("#user_api_token").val(data.token);
     $("#user_token_expiration").val(data.exp_ts);
+    $("#refreshTokenButton").prop("disabled", false);
+    $("#refreshTokenButton").text('Refresh');
   });
 }
diff --git a/cmd/admin/templates/users.html b/cmd/admin/templates/users.html
@@ -155,7 +155,7 @@ <h4 class="modal-title">API Token</h4>
                     </div>
                   </div>
                   <div class="modal-footer">
-                    <button type="button" class="btn btn-primary" onclick="refreshUserToken();">Refresh</button>
+                    <button id="refreshTokenButton" type="button" class="btn btn-primary" onclick="refreshUserToken();">Refresh</button>
                     <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
                   </div>
                 </div>

diff --git a/cmd/api/auth.go b/cmd/api/auth.go
@@ -50,12 +50,14 @@ func handlerAuthCheck(h http.Handler) http.Handler {
 			// Set middleware values
 			s := make(contextValue)
 			s["user"] = usernameAPI
-			s["level"] = adminLevel
 			ctx := context.WithValue(r.Context(), contextKey(contextAPI), s)
 			// Access granted
 			h.ServeHTTP(w, r.WithContext(ctx))
 		case settings.AuthJWT:
+			// Set middleware values
+			//utils.DebugHTTPDump(r, true, true)
 			token := extractHeaderToken(r)
+			log.Printf("Using token [%s]", token)
 			if token == "" {
 				http.Redirect(w, r, forbiddenPath, http.StatusForbidden)
 				return
@@ -73,7 +75,6 @@ func handlerAuthCheck(h http.Handler) http.Handler {
 			// Set middleware values
 			s := make(contextValue)
 			s["user"] = claims.Username
-			s["level"] = claims.Level
 			ctx := context.WithValue(r.Context(), contextKey(contextAPI), s)
 			// Access granted
 			h.ServeHTTP(w, r.WithContext(ctx))

diff --git a/cmd/api/handlers-environments.go b/cmd/api/handlers-environments.go
@@ -23,7 +23,7 @@ func apiEnvironmentHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return
@@ -51,7 +51,7 @@ func apiEnvironmentsHandler(w http.ResponseWriter, r *http.Request) {
 	utils.DebugHTTPDump(r, settingsmgr.DebugHTTP(settings.ServiceAPI), false)
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return

diff --git a/cmd/api/handlers-nodes.go b/cmd/api/handlers-nodes.go
@@ -23,7 +23,7 @@ func apiNodeHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return
@@ -51,7 +51,7 @@ func apiNodesHandler(w http.ResponseWriter, r *http.Request) {
 	utils.DebugHTTPDump(r, settingsmgr.DebugHTTP(settings.ServiceAPI), false)
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return

diff --git a/cmd/api/handlers-platforms.go b/cmd/api/handlers-platforms.go
@@ -14,7 +14,7 @@ func apiPlatformsHandler(w http.ResponseWriter, r *http.Request) {
 	utils.DebugHTTPDump(r, settingsmgr.DebugHTTP(settings.ServiceAPI), false)
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return

diff --git a/cmd/api/handlers-queries.go b/cmd/api/handlers-queries.go
@@ -25,7 +25,7 @@ func apiQueryShowHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return
@@ -53,7 +53,7 @@ func apiQueriesRunHandler(w http.ResponseWriter, r *http.Request) {
 	utils.DebugHTTPDump(r, settingsmgr.DebugHTTP(settings.ServiceAPI), false)
 	// Get context data and check access
 	ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
-	if !checkAdminLevel(ctx["level"]) {
+	if !apiUsers.IsAdmin(ctx["user"]) {
 		log.Printf("attempt to use API by user %s", ctx["user"])
 		apiErrorResponse(w, "no access", http.StatusForbidden, nil)
 		return

diff --git a/deploy/provision.sh b/deploy/provision.sh
@@ -190,7 +190,7 @@ _P_INT_PORT="9002"
 _P_PUB_PORT="8444"
 _P_HOST="$ALL_HOST"
 _P_AUTH="jwt"
-_P_LOGGING="db"
+_P_LOGGING="none"
 
 # Default admin credentials with random password
 _ADMIN_USER="admin"

diff --git a/go.mod b/go.mod
@@ -19,7 +19,6 @@ require (
 	github.com/jmpsec/osctrl/pkg/types v0.1.9
 	github.com/jmpsec/osctrl/pkg/users v0.1.9
 	github.com/jmpsec/osctrl/pkg/utils v0.1.9
-	github.com/jmpsec/osctrl/plugins/logging_dispatcher v0.0.0-00010101000000-000000000000 // indirect
 	github.com/mattn/go-runewidth v0.0.4 // indirect
 	github.com/olekukonko/tablewriter v0.0.1
 	github.com/russellhaering/goxmldsig v0.0.0-20180430223755-7acd5e4a6ef7 // indirect

diff --git a/pkg/users/users.go b/pkg/users/users.go
@@ -29,7 +29,6 @@ type AdminUser struct {
 // TokenClaims to hold user claims when using JWT
 type TokenClaims struct {
 	Username string `json:"username"`
-	Level    string `json:"level"`
 	jwt.StandardClaims
 }
 
@@ -83,12 +82,11 @@ func (m *UserManager) CheckLoginCredentials(username, password string) (bool, Ad
 }
 
 // CreateToken to create a new JWT token for a given user
-func (m *UserManager) CreateToken(username, level string, expireHours int, jwtSecret string) (string, time.Time, error) {
+func (m *UserManager) CreateToken(username string, expireHours int, jwtSecret string) (string, time.Time, error) {
 	expirationTime := time.Now().Add(time.Hour * time.Duration(expireHours))
 	// Create the JWT claims, which includes the username, level and expiry time
 	claims := &TokenClaims{
 		Username: username,
-		Level:    level,
 		StandardClaims: jwt.StandardClaims{
 			// In JWT, the expiry time is expressed as unix milliseconds
 			ExpiresAt: expirationTime.Unix(),