2018-06-11 13:13:19 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/gorilla/mux"
|
2018-09-10 10:01:38 +00:00
|
|
|
httperror "github.com/portainer/libhttp/error"
|
2018-06-11 13:13:19 +00:00
|
|
|
"github.com/portainer/portainer"
|
|
|
|
"github.com/portainer/portainer/http/security"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
// ErrInvalidCredentials is an error raised when credentials for a user are invalid
|
|
|
|
ErrInvalidCredentials = portainer.Error("Invalid credentials")
|
|
|
|
// ErrAuthDisabled is an error raised when trying to access the authentication endpoints
|
|
|
|
// when the server has been started with the --no-auth flag
|
|
|
|
ErrAuthDisabled = portainer.Error("Authentication is disabled")
|
|
|
|
)
|
|
|
|
|
|
|
|
// Handler is the HTTP handler used to handle authentication operations.
|
|
|
|
type Handler struct {
|
|
|
|
*mux.Router
|
2018-07-23 04:57:38 +00:00
|
|
|
authDisabled bool
|
|
|
|
UserService portainer.UserService
|
|
|
|
CryptoService portainer.CryptoService
|
|
|
|
JWTService portainer.JWTService
|
|
|
|
LDAPService portainer.LDAPService
|
2018-12-30 16:02:22 +00:00
|
|
|
OAuthService portainer.OAuthService
|
2018-07-23 04:57:38 +00:00
|
|
|
SettingsService portainer.SettingsService
|
|
|
|
TeamService portainer.TeamService
|
|
|
|
TeamMembershipService portainer.TeamMembershipService
|
2018-06-11 13:13:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewHandler creates a handler to manage authentication operations.
|
|
|
|
func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, authDisabled bool) *Handler {
|
|
|
|
h := &Handler{
|
|
|
|
Router: mux.NewRouter(),
|
|
|
|
authDisabled: authDisabled,
|
|
|
|
}
|
2019-01-16 15:24:58 +00:00
|
|
|
|
2019-01-18 08:13:33 +00:00
|
|
|
h.Handle("/auth/oauth/login",
|
|
|
|
rateLimiter.LimitAccess(bouncer.PublicAccess(httperror.LoggerHandler(h.loginOAuth)))).Methods(http.MethodGet)
|
|
|
|
h.Handle("/auth/oauth/validate",
|
2019-01-18 08:15:02 +00:00
|
|
|
rateLimiter.LimitAccess(bouncer.PublicAccess(httperror.LoggerHandler(h.validateOAuth)))).Methods(http.MethodPost)
|
2018-06-11 13:13:19 +00:00
|
|
|
h.Handle("/auth",
|
|
|
|
rateLimiter.LimitAccess(bouncer.PublicAccess(httperror.LoggerHandler(h.authenticate)))).Methods(http.MethodPost)
|
|
|
|
|
|
|
|
return h
|
|
|
|
}
|