vikunja
/
vikunja
6
43
Fork 71
Code Issues 150 Pull Requests 13 Packages Releases 32 Activity

feat: add caldav tokens (#1065)
continuous-integration/drone/push Build is passing Details 

# Description

This PR adds API routes to create and manage caldav tokens. These tokens can be used instead of a user password - required for users who are using external auth providers and don't have a password.

Fixes #842

Frontend: vikunja/frontend#1186

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: vikunja/api#1065
This commit is contained in:
konrad 2022-03-30 18:25:56 +00:00
parent 726a517bec
commit e4b50e84a4
13 changed files with 697 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
pkg/routes/api/v1/user_caldav_token.go Normal file
View File

@ -0,0 +1,112 @@
// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public Licensee as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public Licensee for more details.
//
// You should have received a copy of the GNU Affero General Public Licensee
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package v1
import (
"net/http"
"strconv"
"code.vikunja.io/api/pkg/models"
"code.vikunja.io/api/pkg/user"
"code.vikunja.io/web/handler"
"github.com/labstack/echo/v4"
)
// GenerateCaldavToken is the handler to create a caldav token
// @Summary Generate a caldav token
// @Description Generates a caldav token which can be used for the caldav api. It is not possible to see the token again after it was generated.
// @tags user
// @Accept json
// @Produce json
// @Security JWTKeyAuth
// @Success 200 {object} user.Token
// @Failure 400 {object} web.HTTPError "Something's invalid."
// @Failure 404 {object} web.HTTPError "User does not exist."
// @Failure 500 {object} models.Message "Internal server error."
// @Router /user/settings/token/caldav [put]
func GenerateCaldavToken(c echo.Context) (err error) {
u, err := user.GetCurrentUser(c)
if err != nil {
return handler.HandleHTTPError(err, c)
}
token, err := user.GenerateNewCaldavToken(u)
if err != nil {
return handler.HandleHTTPError(err, c)
}
return c.JSON(http.StatusCreated, token)
}
// GetCaldavTokens is the handler to return a list of all caldav tokens for the current user
// @Summary Returns the caldav tokens for the current user
// @Description Return the IDs and created dates of all caldav tokens for the current user.
// @tags user
// @Accept json
// @Produce json
// @Security JWTKeyAuth
// @Success 200 {array} user.Token
// @Failure 400 {object} web.HTTPError "Something's invalid."
// @Failure 404 {object} web.HTTPError "User does not exist."
// @Failure 500 {object} models.Message "Internal server error."
// @Router /user/settings/token/caldav [get]
func GetCaldavTokens(c echo.Context) error {
u, err := user.GetCurrentUser(c)
if err != nil {
return handler.HandleHTTPError(err, c)
}
tokens, err := user.GetCaldavTokens(u)
if err != nil {
return handler.HandleHTTPError(err, c)
}
return c.JSON(http.StatusCreated, tokens)
}
// DeleteCaldavToken is the handler to delete a caldv token
// @Summary Delete a caldav token by id
// @tags user
// @Accept json
// @Produce json
// @Security JWTKeyAuth
// @Param id path int true "Token ID"
// @Success 200 {object} models.Message
// @Failure 400 {object} web.HTTPError "Something's invalid."
// @Failure 404 {object} web.HTTPError "User does not exist."
// @Failure 500 {object} models.Message "Internal server error."
// @Router /user/settings/token/caldav/{id} [get]
func DeleteCaldavToken(c echo.Context) error {
u, err := user.GetCurrentUser(c)
if err != nil {
return handler.HandleHTTPError(err, c)
}
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
if err != nil {
return handler.HandleHTTPError(err, c)
}
err = user.DeleteCaldavTokenByID(u, id)
if err != nil {
return handler.HandleHTTPError(err, c)
}
return c.JSON(http.StatusOK, &models.Message{Message: "The token was deleted successfully."})
}

70
pkg/routes/caldav/auth.go Normal file
View File

@ -0,0 +1,70 @@
// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public Licensee as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public Licensee for more details.
//
// You should have received a copy of the GNU Affero General Public Licensee
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package caldav
import (
"errors"
"code.vikunja.io/api/pkg/db"
"code.vikunja.io/api/pkg/log"
"code.vikunja.io/api/pkg/user"
"github.com/labstack/echo/v4"
"golang.org/x/crypto/bcrypt"
)
func BasicAuth(username, password string, c echo.Context) (bool, error) {
creds := &user.Login{
Username: username,
Password: password,
}
s := db.NewSession()
defer s.Close()
u, err := user.CheckUserCredentials(s, creds)
if err != nil && !user.IsErrWrongUsernameOrPassword(err) {
log.Errorf("Error during basic auth for caldav: %v", err)
return false, nil
}
if err == nil {
c.Set("userBasicAuth", u)
return true, nil
}
tokens, err := user.GetCaldavTokens(u)
if err != nil {
log.Errorf("Error while getting tokens for caldav auth: %v", err)
return false, nil
}
// Looping over all tokens until we find one that matches
for _, token := range tokens {
err = bcrypt.CompareHashAndPassword([]byte(token.Token), []byte(password))
if err != nil {
if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
continue
}
log.Errorf("Error while verifying tokens for caldav auth: %v", err)
return false, nil
}
c.Set("userBasicAuth", u)
return true, nil
}
return false, nil
}

31
pkg/routes/routes.go
View File

@ -75,7 +75,6 @@ import (
apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
"code.vikunja.io/api/pkg/routes/caldav"
_ "code.vikunja.io/api/pkg/swagger" // To generate swagger docs
"code.vikunja.io/api/pkg/user"
"code.vikunja.io/api/pkg/version"
"code.vikunja.io/web"
"code.vikunja.io/web/handler"
@ -194,7 +193,7 @@ func RegisterRoutes(e *echo.Echo) {
if config.ServiceEnableCaldav.GetBool() {
// Caldav routes
wkg := e.Group("/.well-known")
wkg.Use(middleware.BasicAuth(caldavBasicAuth))
wkg.Use(middleware.BasicAuth(caldav.BasicAuth))
wkg.Any("/caldav", caldav.PrincipalHandler)
wkg.Any("/caldav/", caldav.PrincipalHandler)
c := e.Group("/dav")
@ -323,6 +322,9 @@ func registerAPIRoutes(a *echo.Group) {
u.POST("/export/request", apiv1.RequestUserDataExport)
u.POST("/export/download", apiv1.DownloadUserDataExport)
u.GET("/timezones", apiv1.GetAvailableTimezones)
u.PUT("/settings/token/caldav", apiv1.GenerateCaldavToken)
u.GET("/settings/token/caldav", apiv1.GetCaldavTokens)
u.DELETE("/settings/token/caldav/:id", apiv1.DeleteCaldavToken)
if config.ServiceEnableTotp.GetBool() {
u.GET("/settings/totp", apiv1.UserTOTP)
@ -663,7 +665,7 @@ func registerMigrations(m *echo.Group) {
func registerCalDavRoutes(c *echo.Group) {
// Basic auth middleware
c.Use(middleware.BasicAuth(caldavBasicAuth))
c.Use(middleware.BasicAuth(caldav.BasicAuth))
// THIS is the entry point for caldav clients, otherwise lists will show up double
c.Any("", caldav.EntryHandler)
@ -675,26 +677,3 @@ func registerCalDavRoutes(c *echo.Group) {
c.Any("/lists/:list/", caldav.ListHandler)
c.Any("/lists/:list/:task", caldav.TaskHandler) // Mostly used for editing
}
func caldavBasicAuth(username, password string, c echo.Context) (bool, error) {
creds := &user.Login{
Username: username,
Password: password,
}
s := db.NewSession()
defer s.Close()
u, err := user.CheckUserCredentials(s, creds)
if err != nil {
_ = s.Rollback()
log.Errorf("Error during basic auth for caldav: %v", err)
return false, nil
}
if err := s.Commit(); err != nil {
return false, err
}
// Save the user in echo context for later use
c.Set("userBasicAuth", u)
return true, nil
}

161
pkg/swagger/docs.go
View File

@ -7026,6 +7026,153 @@ var doc = `{
}
}
},
"/user/settings/token/caldav": {
"get": {
"security": [
{
"JWTKeyAuth": []
}
],
"description": "Return the IDs and created dates of all caldav tokens for the current user.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "Returns the caldav tokens for the current user",
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "array",
"items": {
"$ref": "#/definitions/user.Token"
}
}
},
"400": {
"description": "Something's invalid.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"404": {
"description": "User does not exist.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"500": {
"description": "Internal server error.",
"schema": {
"$ref": "#/definitions/models.Message"
}
}
}
},
"put": {
"security": [
{
"JWTKeyAuth": []
}
],
"description": "Generates a caldav token which can be used for the caldav api. It is not possible to see the token again after it was generated.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "Generate a caldav token",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/user.Token"
}
},
"400": {
"description": "Something's invalid.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"404": {
"description": "User does not exist.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"500": {
"description": "Internal server error.",
"schema": {
"$ref": "#/definitions/models.Message"
}
}
}
}
},
"/user/settings/token/caldav/{id}": {
"get": {
"security": [
{
"JWTKeyAuth": []
}
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "Delete a caldav token by id",
"parameters": [
{
"type": "integer",
"description": "Token ID",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/models.Message"
}
},
"400": {
"description": "Something's invalid.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"404": {
"description": "User does not exist.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"500": {
"description": "Internal server error.",
"schema": {
"$ref": "#/definitions/models.Message"
}
}
}
}
},
"/user/settings/totp": {
"get": {
"security": [
@ -8918,6 +9065,20 @@ var doc = `{
}
}
},
"user.Token": {
"type": "object",
"properties": {
"created": {
"type": "string"
},
"id": {
"type": "integer"
},
"token": {
"type": "string"
}
}
},
"user.User": {
"type": "object",
"properties": {

161
pkg/swagger/swagger.json
View File

@ -7010,6 +7010,153 @@
}
}
},
"/user/settings/token/caldav": {
"get": {
"security": [
{
"JWTKeyAuth": []
}
],
"description": "Return the IDs and created dates of all caldav tokens for the current user.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "Returns the caldav tokens for the current user",
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "array",
"items": {
"$ref": "#/definitions/user.Token"
}
}
},
"400": {
"description": "Something's invalid.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"404": {
"description": "User does not exist.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"500": {
"description": "Internal server error.",
"schema": {
"$ref": "#/definitions/models.Message"
}
}
}
},
"put": {
"security": [
{
"JWTKeyAuth": []
}
],
"description": "Generates a caldav token which can be used for the caldav api. It is not possible to see the token again after it was generated.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "Generate a caldav token",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/user.Token"
}
},
"400": {
"description": "Something's invalid.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"404": {
"description": "User does not exist.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"500": {
"description": "Internal server error.",
"schema": {
"$ref": "#/definitions/models.Message"
}
}
}
}
},
"/user/settings/token/caldav/{id}": {
"get": {
"security": [
{
"JWTKeyAuth": []
}
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "Delete a caldav token by id",
"parameters": [
{
"type": "integer",
"description": "Token ID",
"name": "id",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/models.Message"
}
},
"400": {
"description": "Something's invalid.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"404": {
"description": "User does not exist.",
"schema": {
"$ref": "#/definitions/web.HTTPError"
}
},
"500": {
"description": "Internal server error.",
"schema": {
"$ref": "#/definitions/models.Message"
}
}
}
}
},
"/user/settings/totp": {
"get": {
"security": [
@ -8902,6 +9049,20 @@
}
}
},
"user.Token": {
"type": "object",
"properties": {
"created": {
"type": "string"
},
"id": {
"type": "integer"
},
"token": {
"type": "string"
}
}
},
"user.User": {
"type": "object",
"properties": {

104
pkg/swagger/swagger.yaml
View File

@ -1210,6 +1210,15 @@ definitions:
passcode:
type: string
type: object
user.Token:
properties:
created:
type: string
id:
type: integer
token:
type: string
type: object
user.User:
properties:
created:
@ -6079,6 +6088,101 @@ paths:
summary: Change general user settings of the current user.
tags:
- user
/user/settings/token/caldav:
get:
consumes:
- application/json
description: Return the IDs and created dates of all caldav tokens for the current
user.
produces:
- application/json
responses:
"200":
description: OK
schema:
items:
$ref: '#/definitions/user.Token'
type: array
"400":
description: Something's invalid.
schema:
$ref: '#/definitions/web.HTTPError'
"404":
description: User does not exist.
schema:
$ref: '#/definitions/web.HTTPError'
"500":
description: Internal server error.
schema:
$ref: '#/definitions/models.Message'
security:
- JWTKeyAuth: []
summary: Returns the caldav tokens for the current user
tags:
- user
put:
consumes:
- application/json
description: Generates a caldav token which can be used for the caldav api.
It is not possible to see the token again after it was generated.
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/user.Token'
"400":
description: Something's invalid.
schema:
$ref: '#/definitions/web.HTTPError'
"404":
description: User does not exist.
schema:
$ref: '#/definitions/web.HTTPError'
"500":
description: Internal server error.
schema:
$ref: '#/definitions/models.Message'
security:
- JWTKeyAuth: []
summary: Generate a caldav token
tags:
- user
/user/settings/token/caldav/{id}:
get:
consumes:
- application/json
parameters:
- description: Token ID
in: path
name: id
required: true
type: integer
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.Message'
"400":
description: Something's invalid.
schema:
$ref: '#/definitions/web.HTTPError'
"404":
description: User does not exist.
schema:
$ref: '#/definitions/web.HTTPError'
"500":
description: Internal server error.
schema:
$ref: '#/definitions/models.Message'
security:
- JWTKeyAuth: []
summary: Delete a caldav token by id
tags:
- user
/user/settings/totp:
get:
consumes:

40
pkg/user/caldav_token.go Normal file
View File

@ -0,0 +1,40 @@
// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public Licensee as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public Licensee for more details.
//
// You should have received a copy of the GNU Affero General Public Licensee
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package user
import "code.vikunja.io/api/pkg/db"
func GenerateNewCaldavToken(u *User) (token *Token, err error) {
s := db.NewSession()
defer s.Close()
return generateHashedToken(s, u, TokenCaldavAuth)
}
func GetCaldavTokens(u *User) (tokens []*Token, err error) {
s := db.NewSession()
defer s.Close()
return getTokensForKind(s, u, TokenCaldavAuth)
}
func DeleteCaldavTokenByID(u *User, id int64) error {
s := db.NewSession()
defer s.Close()
return removeTokenByID(s, u, TokenCaldavAuth, id)
}

2
pkg/user/delete.go
View File

@ -87,7 +87,7 @@ func notifyUsersScheduledForDeletion() {
// RequestDeletion creates a user deletion confirm token and sends a notification to the user
func RequestDeletion(s *xorm.Session, user *User) (err error) {
token, err := generateNewToken(s, user, TokenAccountDeletion)
token, err := generateToken(s, user, TokenAccountDeletion)
if err != nil {
return err
}

46
pkg/user/token.go
View File

@ -34,17 +34,19 @@ const (
TokenPasswordReset
TokenEmailConfirm
TokenAccountDeletion
TokenCaldavAuth
tokenSize = 64
)
// Token is a token a user can use to do things like verify their email or resetting their password
type Token struct {
ID int64 `xorm:"bigint autoincr not null unique pk"`
UserID int64 `xorm:"not null"`
Token string `xorm:"varchar(450) not null index"`
Kind TokenKind `xorm:"not null"`
Created time.Time `xorm:"created not null"`
ID int64 `xorm:"bigint autoincr not null unique pk" json:"id"`
UserID int64 `xorm:"not null" json:"-"`
Token string `xorm:"varchar(450) not null index" json:"-"`
ClearTextToken string `xorm:"-" json:"token"`
Kind TokenKind `xorm:"not null" json:"-"`
Created time.Time `xorm:"created not null" json:"created"`
}
// TableName returns the real table name for user tokens
@ -52,12 +54,28 @@ func (t *Token) TableName() string {
return "user_tokens"
}
func generateNewToken(s *xorm.Session, u *User, kind TokenKind) (token *Token, err error) {
token = &Token{
func genToken(u *User, kind TokenKind) *Token {
return &Token{
UserID: u.ID,
Kind: kind,
Token: utils.MakeRandomString(tokenSize),
}
}
func generateToken(s *xorm.Session, u *User, kind TokenKind) (token *Token, err error) {
token = genToken(u, kind)
_, err = s.Insert(token)
return
}
func generateHashedToken(s *xorm.Session, u *User, kind TokenKind) (token *Token, err error) {
token = genToken(u, kind)
token.ClearTextToken = token.Token
token.Token, err = HashPassword(token.ClearTextToken)
if err != nil {
return nil, err
}
_, err = s.Insert(token)
return
@ -74,12 +92,26 @@ func getToken(s *xorm.Session, token string, kind TokenKind) (t *Token, err erro
return
}
func getTokensForKind(s *xorm.Session, u *User, kind TokenKind) (tokens []*Token, err error) {
tokens = []*Token{}
err = s.Where("kind = ? AND user_id = ?", kind, u.ID).
Find(&tokens)
return
}
func removeTokens(s *xorm.Session, u *User, kind TokenKind) (err error) {
_, err = s.Where("user_id = ? AND kind = ?", u.ID, kind).
Delete(&Token{})
return
}
func removeTokenByID(s *xorm.Session, u *User, kind TokenKind, id int64) (err error) {
_, err = s.Where("id = ? AND user_id = ? AND kind = ?", id, u.ID, kind).
Delete(&Token{})
return
}
// RegisterTokenCleanupCron registers a cron function to clean up all password reset tokens older than 24 hours
func RegisterTokenCleanupCron() {
const logPrefix = "[User Token Cleanup Cron] "

2
pkg/user/update_email.go
View File

@ -63,7 +63,7 @@ func UpdateEmail(s *xorm.Session, update *EmailUpdate) (err error) {
}
update.User.Status = StatusEmailConfirmationRequired
token, err := generateNewToken(s, update.User, TokenEmailConfirm)
token, err := generateToken(s, update.User, TokenEmailConfirm)
if err != nil {
return
}

2
pkg/user/user.go
View File

@ -324,7 +324,7 @@ func CheckUserCredentials(s *xorm.Session, u *Login) (*User, error) {
if IsErrWrongUsernameOrPassword(err) {
handleFailedPassword(user)
}
return nil, err
return user, err
}
return user, nil

2
pkg/user/user_create.go
View File

@ -81,7 +81,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
}
user.Status = StatusEmailConfirmationRequired
token, err := generateNewToken(s, user, TokenEmailConfirm)
token, err := generateToken(s, user, TokenEmailConfirm)
if err != nil {
return nil, err
}

2
pkg/user/user_password_reset.go
View File

@ -112,7 +112,7 @@ func RequestUserPasswordResetTokenByEmail(s *xorm.Session, tr *PasswordTokenRequ
// RequestUserPasswordResetToken sends a user a password reset email.
func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
token, err := generateNewToken(s, user, TokenPasswordReset)
token, err := generateToken(s, user, TokenPasswordReset)
if err != nil {
return
}