RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/authentication/file_user_provider_database.go

227 lines
5.2 KiB
Go
Raw Normal View History

feat(authentication): file password algorithms (#3848) This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 10:51:59 +00:00
package authentication
import (
"fmt"
"os"
"sync"
"github.com/asaskevich/govalidator"
"github.com/go-crypt/crypt"
feat(authentication): file provider hot reload (#4188) This adds hot reloading to the file auth provider.
2022-10-17 11:31:23 +00:00
yaml "gopkg.in/yaml.v3"
feat(authentication): file password algorithms (#3848) This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 10:51:59 +00:00
)
// NewFileUserDatabase creates a new FileUserDatabase.
func NewFileUserDatabase(filePath string) (database *FileUserDatabase) {
return &FileUserDatabase{
RWMutex: &sync.RWMutex{},
Path: filePath,
Users: map[string]DatabaseUserDetails{},
}
}
// FileUserDatabase is a user details database that is concurrency safe database and can be reloaded.
type FileUserDatabase struct {
*sync.RWMutex
Path string
Users map[string]DatabaseUserDetails
}
// Save the database to disk.
func (m *FileUserDatabase) Save() (err error) {
m.RLock()
defer m.RUnlock()
if err = m.ToDatabaseModel().Write(m.Path); err != nil {
return err
}
return nil
}
// Load the database from disk.
func (m *FileUserDatabase) Load() (err error) {
yml := &DatabaseModel{Users: map[string]UserDetailsModel{}}
if err = yml.Read(m.Path); err != nil {
return fmt.Errorf("error reading the authentication database: %w", err)
}
m.Lock()
defer m.Unlock()
if err = yml.ReadToFileUserDatabase(m); err != nil {
return fmt.Errorf("error decoding the authentication database: %w", err)
}
return nil
}
// GetUserDetails get a DatabaseUserDetails given a username as a value type where the username must be the users actual
// username.
func (m *FileUserDatabase) GetUserDetails(username string) (user DatabaseUserDetails, err error) {
m.RLock()
defer m.RUnlock()
if details, ok := m.Users[username]; ok {
return details, nil
}
return user, ErrUserNotFound
}
// SetUserDetails sets the DatabaseUserDetails for a given user.
func (m *FileUserDatabase) SetUserDetails(username string, details *DatabaseUserDetails) {
if details == nil {
return
}
m.Lock()
m.Users[username] = *details
m.Unlock()
}
// ToDatabaseModel converts the FileUserDatabase into the DatabaseModel for saving.
func (m *FileUserDatabase) ToDatabaseModel() (model *DatabaseModel) {
model = &DatabaseModel{
Users: map[string]UserDetailsModel{},
}
m.RLock()
for user, details := range m.Users {
model.Users[user] = details.ToUserDetailsModel()
}
m.RUnlock()
return model
}
// DatabaseUserDetails is the model of user details in the file database.
type DatabaseUserDetails struct {
Username string
Digest crypt.Digest
Disabled bool
DisplayName string
Email string
Groups []string
}
// ToUserDetails converts DatabaseUserDetails into a *UserDetails given a username.
func (m DatabaseUserDetails) ToUserDetails() (details *UserDetails) {
return &UserDetails{
Username: m.Username,
DisplayName: m.DisplayName,
Emails: []string{m.Email},
Groups: m.Groups,
}
}
// ToUserDetailsModel converts DatabaseUserDetails into a UserDetailsModel.
func (m DatabaseUserDetails) ToUserDetailsModel() (model UserDetailsModel) {
return UserDetailsModel{
HashedPassword: m.Digest.Encode(),
DisplayName: m.DisplayName,
Email: m.Email,
Groups: m.Groups,
}
}
// DatabaseModel is the model of users file database.
type DatabaseModel struct {
Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
}
// ReadToFileUserDatabase reads the DatabaseModel into a FileUserDatabase.
func (m *DatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error) {
users := map[string]DatabaseUserDetails{}
var udm *DatabaseUserDetails
for user, details := range m.Users {
if udm, err = details.ToDatabaseUserDetailsModel(user); err != nil {
return fmt.Errorf("failed to parse hash for user '%s': %w", user, err)
}
users[user] = *udm
}
db.Users = users
return nil
}
// Read a DatabaseModel from disk.
func (m *DatabaseModel) Read(filePath string) (err error) {
var (
content []byte
ok bool
)
if content, err = os.ReadFile(filePath); err != nil {
return fmt.Errorf("failed to read the '%s' file: %w", filePath, err)
}
feat(authentication): file provider hot reload (#4188) This adds hot reloading to the file auth provider.
2022-10-17 11:31:23 +00:00
if len(content) == 0 {
return ErrNoContent
}
feat(authentication): file password algorithms (#3848) This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 10:51:59 +00:00
if err = yaml.Unmarshal(content, m); err != nil {
return fmt.Errorf("could not parse the YAML database: %w", err)
}
if ok, err = govalidator.ValidateStruct(m); err != nil {
return fmt.Errorf("could not validate the schema: %w", err)
}
if !ok {
return fmt.Errorf("the schema is invalid")
}
return nil
}
// Write a DatabaseModel to disk.
func (m *DatabaseModel) Write(fileName string) (err error) {
var (
data []byte
)
if data, err = yaml.Marshal(m); err != nil {
return err
}
return os.WriteFile(fileName, data, fileAuthenticationMode)
}
// UserDetailsModel is the model of user details in the file database.
type UserDetailsModel struct {
HashedPassword string `yaml:"password" valid:"required"`
DisplayName string `yaml:"displayname" valid:"required"`
Email string `yaml:"email"`
Groups []string `yaml:"groups"`
}
// ToDatabaseUserDetailsModel converts a UserDetailsModel into a *DatabaseUserDetails.
func (m UserDetailsModel) ToDatabaseUserDetailsModel(username string) (model *DatabaseUserDetails, err error) {
var d crypt.Digest
if d, err = crypt.Decode(m.HashedPassword); err != nil {
return nil, err
}
return &DatabaseUserDetails{
Username: username,
Digest: d,
DisplayName: m.DisplayName,
Email: m.Email,
Groups: m.Groups,
}, nil
}