feat: use caldav tokens for caldav basic auth
This commit is contained in:
parent
390cc74acd
commit
7ab3f2f190
GPG Key ID:
F40E70337AB24C9B
|
|
@ -0,0 +1,68 @@
|
|||
// Vikunja is a to-do list application to facilitate your life.
|
||||
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public Licensee for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public Licensee
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package caldav
|
||||
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
"errors"
|
||||
"github.com/labstack/echo/v4"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
func BasicAuth(username, password string, c echo.Context) (bool, error) {
|
||||
creds := &user.Login{
|
||||
Username: username,
|
||||
Password: password,
|
||||
}
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
u, err := user.CheckUserCredentials(s, creds)
|
||||
if err != nil && !user.IsErrWrongUsernameOrPassword(err) {
|
||||
log.Errorf("Error during basic auth for caldav: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
c.Set("userBasicAuth", u)
|
||||
return true, nil
|
||||
}
|
||||
|
||||
tokens, err := user.GetCaldavTokens(u)
|
||||
if err != nil {
|
||||
log.Errorf("Error while getting tokens for caldav auth: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// Looping over all tokens until we find one that matches
|
||||
for _, token := range tokens {
|
||||
err = bcrypt.CompareHashAndPassword([]byte(token.Token), []byte(password))
|
||||
if err != nil {
|
||||
if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
|
||||
continue
|
||||
}
|
||||
log.Errorf("Error while verifying tokens for caldav auth: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
c.Set("userBasicAuth", u)
|
||||
return true, nil
|
||||
}
|
||||
|
||||
return false, nil
|
||||
}
|
||||
|
|
@ -75,7 +75,6 @@ import (
|
|||
apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
|
||||
"code.vikunja.io/api/pkg/routes/caldav"
|
||||
_ "code.vikunja.io/api/pkg/swagger" // To generate swagger docs
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
"code.vikunja.io/api/pkg/version"
|
||||
"code.vikunja.io/web"
|
||||
"code.vikunja.io/web/handler"
|
||||
|
|
@ -193,7 +192,7 @@ func RegisterRoutes(e *echo.Echo) {
|
|||
if config.ServiceEnableCaldav.GetBool() {
|
||||
// Caldav routes
|
||||
wkg := e.Group("/.well-known")
|
||||
wkg.Use(middleware.BasicAuth(caldavBasicAuth))
|
||||
wkg.Use(middleware.BasicAuth(caldav.BasicAuth))
|
||||
wkg.Any("/caldav", caldav.PrincipalHandler)
|
||||
wkg.Any("/caldav/", caldav.PrincipalHandler)
|
||||
c := e.Group("/dav")
|
||||
|
|
@ -663,7 +662,7 @@ func registerMigrations(m *echo.Group) {
|
|||
func registerCalDavRoutes(c *echo.Group) {
|
||||
|
||||
// Basic auth middleware
|
||||
c.Use(middleware.BasicAuth(caldavBasicAuth))
|
||||
c.Use(middleware.BasicAuth(caldav.BasicAuth))
|
||||
|
||||
// THIS is the entry point for caldav clients, otherwise lists will show up double
|
||||
c.Any("", caldav.EntryHandler)
|
||||
|
|
@ -675,26 +674,3 @@ func registerCalDavRoutes(c *echo.Group) {
|
|||
c.Any("/lists/:list/", caldav.ListHandler)
|
||||
c.Any("/lists/:list/:task", caldav.TaskHandler) // Mostly used for editing
|
||||
}
|
||||
|
||||
func caldavBasicAuth(username, password string, c echo.Context) (bool, error) {
|
||||
creds := &user.Login{
|
||||
Username: username,
|
||||
Password: password,
|
||||
}
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
u, err := user.CheckUserCredentials(s, creds)
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
log.Errorf("Error during basic auth for caldav: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if err := s.Commit(); err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
// Save the user in echo context for later use
|
||||
c.Set("userBasicAuth", u)
|
||||
return true, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import "code.vikunja.io/api/pkg/db"
|
|||
|
||||
func GenerateNewCaldavToken(u *User) (token *Token, err error) {
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
t, err := generateHashedToken(s, u, TokenCaldavAuth)
|
||||
if err != nil {
|
||||
|
|
@ -30,8 +31,8 @@ func GenerateNewCaldavToken(u *User) (token *Token, err error) {
|
|||
}
|
||||
|
||||
func GetCaldavTokens(u *User) (tokens []*Token, err error) {
|
||||
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
t, err := getTokensForKind(s, u, TokenCaldavAuth)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -321,7 +321,7 @@ func CheckUserCredentials(s *xorm.Session, u *Login) (*User, error) {
|
|||
if IsErrWrongUsernameOrPassword(err) {
|
||||
handleFailedPassword(user)
|
||||
}
|
||||
return nil, err
|
||||
return user, err
|
||||
}
|
||||
|
||||
return user, nil
|
||||
|
|
|
|||
Loading…
Reference in New Issue