-
Notifications
You must be signed in to change notification settings - Fork 4
/
users-file.go
98 lines (79 loc) · 1.66 KB
/
users-file.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package usersfile
import (
"crypto/sha256"
"encoding/csv"
"encoding/hex"
"io"
"os"
"strings"
"time"
jwt "github.com/dgrijalva/jwt-go"
"github.com/mcluseau/autentigo/api"
"github.com/mcluseau/autentigo/auth"
)
var yesValues = map[string]bool{
"true": true,
"yes": true,
"1": true,
}
// New Authenticator with csv file backend
func New(filePath string) api.Authenticator {
return &usersFileAuth{
filePath: filePath,
}
}
type usersFileAuth struct {
filePath string
}
var _ api.Authenticator = usersFileAuth{}
func (a usersFileAuth) Authenticate(user, password string, expiresAt time.Time) (jwt.Claims, error) {
ba := sha256.Sum256([]byte(password))
passwordHash := hex.EncodeToString(ba[:])
f, err := os.Open(a.filePath)
if err != nil {
return nil, err
}
defer f.Close()
r := csv.NewReader(f)
r.Comma = ':'
for {
record, err := r.Read()
if err == io.EOF {
break
} else if err != nil {
return nil, err
}
if len(record) < 2 {
// record too short
continue
}
fileUser, hash := record[0], record[1]
if user != fileUser || hash != passwordHash {
continue
}
claims := auth.ExtraClaims{}
l := len(record)
switch {
case l >= 6:
claims.Groups = strings.Split(record[5], ",")
fallthrough
case l == 5:
claims.EmailVerified = yesValues[record[4]]
fallthrough
case l == 4:
claims.Email = record[3]
fallthrough
case l == 3:
claims.DisplayName = record[2]
}
return auth.Claims{
StandardClaims: jwt.StandardClaims{
IssuedAt: time.Now().Unix(),
ExpiresAt: expiresAt.Unix(),
Subject: user,
},
ExtraClaims: claims,
}, nil
}
return nil, api.ErrInvalidAuthentication
}