Skip to content

Commit

Permalink
feat(api): signin register (#6110)
Browse files Browse the repository at this point in the history
  • Loading branch information
fsamin authored Mar 25, 2022
1 parent 3c0a76c commit 64f3b87
Showing 63 changed files with 597 additions and 399 deletions.
2 changes: 1 addition & 1 deletion .build/go.mk
Original file line number Diff line number Diff line change
@@ -88,7 +88,7 @@ $(GO_GOJUNIT):

GO_COBERTURA = ${GOPATH}/bin/gocover-cobertura
$(GO_COBERTURA):
go get -u github.com/t-yuki/gocover-cobertura
go get -u github.com/richardlt/gocover-cobertura

GO_XUTOOLS = ${GOPATH}/bin/xutools
$(GO_XUTOOLS):
2 changes: 1 addition & 1 deletion cli/Makefile
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ $(GO_GOJUNIT):
go get -u github.com/jstemmer/go-junit-report

$(GO_COBERTURA):
go get -u github.com/t-yuki/gocover-cobertura
go get -u github.com/richardlt/gocover-cobertura

$(TARGET_DIR):
@mkdir -p $(TARGET_DIR)
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-archive/go.mod
Original file line number Diff line number Diff line change
@@ -58,6 +58,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
Original file line number Diff line number Diff line change
@@ -55,6 +55,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-download/go.mod
Original file line number Diff line number Diff line change
@@ -58,6 +58,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-group-tmpl/go.mod
Original file line number Diff line number Diff line change
@@ -55,6 +55,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-kafka-publish/go.mod
Original file line number Diff line number Diff line change
@@ -101,6 +101,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/spf13/cobra v1.1.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-marathon/go.mod
Original file line number Diff line number Diff line change
@@ -79,6 +79,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/spf13/cobra v1.1.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-npm-audit-parser/go.mod
Original file line number Diff line number Diff line change
@@ -55,6 +55,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-ssh-cmd/go.mod
Original file line number Diff line number Diff line change
@@ -56,6 +56,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-tmpl/go.mod
Original file line number Diff line number Diff line change
@@ -55,6 +55,7 @@ require (
github.com/sguiheux/go-coverage v0.0.0-20190710153556-287b082a7197 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
1 change: 1 addition & 0 deletions contrib/grpcplugins/action/plugin-venom/go.mod
Original file line number Diff line number Diff line change
@@ -86,6 +86,7 @@ require (
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d // indirect
github.com/spf13/afero v1.8.1 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/ulikunitz/xz v0.5.9 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
2 changes: 1 addition & 1 deletion engine/Makefile
Original file line number Diff line number Diff line change
@@ -59,7 +59,7 @@ $(GO_GOJUNIT):
go get -u github.com/jstemmer/go-junit-report

$(GO_COBERTURA):
go get -u github.com/t-yuki/gocover-cobertura
go get -u github.com/richardlt/gocover-cobertura

$(GO_XUTOOLS):
go get -u github.com/richardlt/xutools
1 change: 0 additions & 1 deletion engine/api/api_routes.go
Original file line number Diff line number Diff line change
@@ -432,7 +432,6 @@ func (api *API) InitRouter() {
r.Handle("/ws", ScopeNone(), r.GET(api.getWebsocketHandler))

// Engine µServices
r.Handle("/services/register", Scope(sdk.AuthConsumerScopeService), r.POST(api.postServiceRegisterHandler, MaintenanceAware()))
r.Handle("/services/heartbeat", Scope(sdk.AuthConsumerScopeService), r.POST(api.postServiceHearbeatHandler))
r.Handle("/services/{type}", Scope(sdk.AuthConsumerScopeService), r.GET(api.getServiceHandler))

11 changes: 9 additions & 2 deletions engine/api/application_deployment_test.go
Original file line number Diff line number Diff line change
@@ -297,8 +297,15 @@ func Test_postApplicationDeploymentStrategyConfigHandlerAsProvider(t *testing.T)
localConsumer, err := authentication.LoadConsumerByTypeAndUserID(context.TODO(), api.mustDB(), sdk.ConsumerLocal, u.ID, authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)

_, jws, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), sdk.RandomString(10), 0, localConsumer, u.GetGroupIDs(),
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeProject))
consumerOpts := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Description: sdk.RandomString(10),
Duration: 0,
GroupIDs: u.GetGroupIDs(),
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeProject),
}

_, jws, err := builtin.NewConsumer(context.TODO(), db, consumerOpts, localConsumer)
require.NoError(t, err)

pkey := sdk.RandomString(10)
12 changes: 10 additions & 2 deletions engine/api/application_test.go
Original file line number Diff line number Diff line change
@@ -36,8 +36,16 @@ func Test_postApplicationMetadataHandler_AsProvider(t *testing.T) {
u, _ := assets.InsertAdminUser(t, db)
localConsumer, err := authentication.LoadConsumerByTypeAndUserID(context.TODO(), api.mustDB(), sdk.ConsumerLocal, u.ID, authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)
_, jws, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), sdk.RandomString(10), 0, localConsumer, u.GetGroupIDs(),
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeProject))

consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Description: sdk.RandomString(10),
Duration: 0,
GroupIDs: u.GetGroupIDs(),
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeProject),
}

_, jws, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)

pkey := sdk.RandomString(10)
4 changes: 2 additions & 2 deletions engine/api/auth.go
Original file line number Diff line number Diff line change
@@ -133,8 +133,8 @@ func (api *API) postAuthSigninHandler() service.Handler {
defer tx.Rollback() // nolint

var signupDone bool
initToken, hasInitToken := req["init_token"]
hasInitToken = hasInitToken && initToken != ""
initToken := req.String("init_token")
hasInitToken := initToken != ""

// Check if a consumer exists for consumer type and external user identifier
consumer, err := authentication.LoadConsumerByTypeAndUserExternalID(ctx, tx, consumerType, userInfo.ExternalID,
66 changes: 61 additions & 5 deletions engine/api/auth_builtin.go
Original file line number Diff line number Diff line change
@@ -3,6 +3,7 @@ package api
import (
"context"
"encoding/base64"
"encoding/json"
"net/http"
"time"

@@ -12,6 +13,7 @@ import (
"github.com/ovh/cds/engine/service"
"github.com/ovh/cds/sdk"
"github.com/ovh/cds/sdk/jws"
cdslog "github.com/ovh/cds/sdk/log"
)

func (api *API) postAuthBuiltinSigninHandler() service.Handler {
@@ -43,13 +45,18 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {
defer tx.Rollback() // nolint

// Check if a consumer exists for consumer type and external user identifier
consumer, err := authentication.LoadConsumerByID(ctx, tx, userInfo.ExternalID)
consumer, err := authentication.LoadConsumerByID(ctx, tx, userInfo.ExternalID, authentication.LoadConsumerOptions.WithAuthentifiedUser)
if err != nil {
return sdk.NewError(sdk.ErrForbidden, err)
}

token, err := req.StringE("token")
if err != nil {
return err
}

// Check the Token validity againts the IAT attribute
if _, err := builtin.CheckSigninConsumerTokenIssuedAt(ctx, req["token"], consumer); err != nil {
if _, err := builtin.CheckSigninConsumerTokenIssuedAt(ctx, token, consumer); err != nil {
return sdk.NewError(sdk.ErrForbidden, err)
}

@@ -72,6 +79,54 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {
return err
}

// Set those values (has it would be done in api.authOptionalMiddleware)
ctx = context.WithValue(ctx, contextConsumer, consumer)
ctx = context.WithValue(ctx, cdslog.AuthUserID, consumer.AuthentifiedUserID)
SetTracker(w, cdslog.AuthUserID, consumer.AuthentifiedUserID)
ctx = context.WithValue(ctx, cdslog.AuthConsumerID, consumer.ID)
SetTracker(w, cdslog.AuthConsumerID, consumer.ID)

ctx = context.WithValue(ctx, contextSession, session)
ctx = context.WithValue(ctx, cdslog.AuthSessionID, session.ID)
SetTracker(w, cdslog.AuthSessionID, session.ID)
ctx = context.WithValue(ctx, cdslog.AuthSessionIAT, session.Created.Unix())
SetTracker(w, cdslog.AuthSessionIAT, session.Created.Unix())
ctx = context.WithValue(ctx, contextSession, session)

var driverManifest *sdk.AuthDriverManifest
if authDriver, ok := api.AuthenticationDrivers[consumer.Type]; ok {
m := authDriver.GetManifest()
driverManifest = &m
}
if driverManifest == nil {
return sdk.WrapError(sdk.ErrUnauthorized, "consumer driver (%s) was not found", consumer.Type)
}
ctx = context.WithValue(ctx, contextDriverManifest, driverManifest)

// If the Signin has a *service* Payload, we have to perform the service registration
srvInput, has := req["service"]
var srv sdk.Service
if has {
btes, err := json.Marshal(srvInput)
if err != nil {
return sdk.NewError(sdk.ErrWrongRequest, err)
}

if err := sdk.JSONUnmarshal(btes, &srv); err != nil {
return sdk.NewError(sdk.ErrWrongRequest, err)
}

ctx = context.WithValue(ctx, cdslog.AuthServiceName, srv.Name)
SetTracker(w, cdslog.AuthServiceName, srv.Name)

if err := api.serviceRegister(ctx, tx, &srv); err != nil {
return err
}
} else {
ctx = context.WithValue(ctx, cdslog.AuthUsername, consumer.AuthentifiedUser.Username)
SetTracker(w, cdslog.AuthUsername, consumer.AuthentifiedUser.Username)
}

// Set a cookie with the jwt token
api.SetCookie(w, service.JWTCookieName, jwt, session.ExpireAt, true)

@@ -82,9 +137,10 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {

// Prepare http response
resp := sdk.AuthConsumerSigninResponse{
Token: jwt,
User: usr,
APIURL: api.Config.URL.API,
Token: jwt,
User: usr,
APIURL: api.Config.URL.API,
Service: &srv,
}

if err := tx.Commit(); err != nil {
20 changes: 15 additions & 5 deletions engine/api/auth_builtin_test.go
Original file line number Diff line number Diff line change
@@ -16,10 +16,14 @@ import (
"github.com/stretchr/testify/require"
)

func AuthentififyBuiltinConsumer(t *testing.T, api *API, jwsToken string) string {
func AuthentififyBuiltinConsumer(t *testing.T, api *API, jwsToken string, srv *sdk.Service) string {
uri := api.Router.GetRoute("POST", api.postAuthBuiltinSigninHandler, nil)
require.NotEmpty(t, uri)
btes, err := json.Marshal(sdk.AuthConsumerSigninRequest{"token": jwsToken})
reqSignin := sdk.AuthConsumerSigninRequest{"token": jwsToken}
if srv != nil {
reqSignin["service"] = srv
}
btes, err := json.Marshal(reqSignin)
require.NoError(t, err)

t.Logf("signin with jws : %s", jwsToken)
@@ -49,8 +53,14 @@ func Test_postAuthBuiltinSigninHandler(t *testing.T) {
localConsumer, err := authentication.LoadConsumerByTypeAndUserID(context.TODO(), api.mustDB(), sdk.ConsumerLocal, usr.ID, authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)

_, jws, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), sdk.RandomString(10), 0, localConsumer, usr.GetGroupIDs(),
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeProject))
consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Description: sdk.RandomString(10),
Duration: 0,
GroupIDs: usr.GetGroupIDs(),
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeProject),
}
_, jws, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)
AuthentififyBuiltinConsumer(t, api, jws)
AuthentififyBuiltinConsumer(t, api, jws, nil)
}
12 changes: 10 additions & 2 deletions engine/api/auth_consumer.go
Original file line number Diff line number Diff line change
@@ -84,8 +84,16 @@ func (api *API) postConsumerByUserHandler() service.Handler {
}

// Create the new built in consumer from request data
newConsumer, token, err := builtin.NewConsumer(ctx, tx, reqData.Name, reqData.Description, reqData.ValidityPeriods.Latest().Duration,
consumer, reqData.GroupIDs, reqData.ScopeDetails)
consumerOpts := builtin.NewConsumerOptions{
Name: reqData.Name,
Description: reqData.Description,
Duration: reqData.ValidityPeriods.Latest().Duration,
GroupIDs: reqData.GroupIDs,
Scopes: reqData.ScopeDetails,
ServiceName: reqData.ServiceName,
ServiceType: reqData.ServiceType,
}
newConsumer, token, err := builtin.NewConsumer(ctx, tx, consumerOpts, consumer)
if err != nil {
return err
}
42 changes: 32 additions & 10 deletions engine/api/auth_consumer_test.go
Original file line number Diff line number Diff line change
@@ -25,8 +25,13 @@ func Test_getConsumersByUserHandler(t *testing.T) {
authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)

consumer, _, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), "", 0, localConsumer, nil,
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser))
consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Description: sdk.RandomString(10),
Duration: 0,
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser),
}
consumer, _, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)

uri := api.Router.GetRoute(http.MethodGet, api.getConsumersByUserHandler, map[string]string{
@@ -112,8 +117,13 @@ func Test_deleteConsumerByUserHandler(t *testing.T) {
localConsumer, err := authentication.LoadConsumerByTypeAndUserID(context.TODO(), db, sdk.ConsumerLocal, u.ID,
authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)
newConsumer, _, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), "", 0, localConsumer, nil,
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeAccessToken))
consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Description: sdk.RandomString(10),
Duration: 0,
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeAccessToken),
}
newConsumer, _, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)
cs, err := authentication.LoadConsumersByUserID(context.TODO(), db, u.ID)
require.NoError(t, err)
@@ -152,8 +162,14 @@ func Test_postConsumerRegenByUserHandler(t *testing.T) {
api.Router.Mux.ServeHTTP(rec, req)
require.Equal(t, http.StatusForbidden, rec.Code)

builtinConsumer, signinToken1, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), "", 0, localConsumer, nil,
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser, sdk.AuthConsumerScopeAccessToken))
consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Description: sdk.RandomString(10),
Duration: 0,
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser, sdk.AuthConsumerScopeAccessToken),
}

builtinConsumer, signinToken1, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)
session, err := authentication.NewSession(context.TODO(), db, builtinConsumer, 5*time.Minute)
require.NoError(t, err, "cannot create session")
@@ -297,8 +313,11 @@ func Test_getSessionsByUserHandler(t *testing.T) {
authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)

consumer, _, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), "", 0, localConsumer, nil,
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser))
consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser),
}
consumer, _, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)
s2, err := authentication.NewSession(context.TODO(), db, consumer, time.Second)
require.NoError(t, err)
@@ -330,8 +349,11 @@ func Test_deleteSessionByUserHandler(t *testing.T) {
authentication.LoadConsumerOptions.WithAuthentifiedUser)
require.NoError(t, err)

consumer, _, err := builtin.NewConsumer(context.TODO(), db, sdk.RandomString(10), "", 0, localConsumer, nil,
sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser))
consumerOptions := builtin.NewConsumerOptions{
Name: sdk.RandomString(10),
Scopes: sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeUser),
}
consumer, _, err := builtin.NewConsumer(context.TODO(), db, consumerOptions, localConsumer)
require.NoError(t, err)
s2, err := authentication.NewSession(context.TODO(), db, consumer, time.Second)
require.NoError(t, err)
Loading

0 comments on commit 64f3b87

Please sign in to comment.