Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-21 14:19:43 +02:00
Code Releases Activity

updated is.js, refactored jwt code

Browse source
This commit is contained in:
Harvey Kandola 2017-03-16 13:33:34 +00:00
parent 74c9e76d09
commit a585a55033
8 changed files with 751 additions and 620 deletions
Download patch file Download diff file Expand all files Collapse all files

18
app/app/components/auth-settings.js
View file

@ -23,10 +23,12 @@ export default Ember.Component.extend({
KeycloakUrlError: computed.empty('keycloakConfig.url'),
KeycloakRealmError: computed.empty('keycloakConfig.realm'),
KeycloakClientIdError: computed.empty('keycloakConfig.clientId'),
KeycloakPublicKeyError: computed.empty('keycloakConfig.publicKey'),
keycloakConfig: {
url: '',
realm: '',
clientId: ''
clientId: '',
publicKey: '',
},
didReceiveAttrs() {
@ -81,6 +83,20 @@ export default Ember.Component.extend({
this.$("#keycloak-clientId").focus();
return;
}
if (this.get('KeycloakPublicKeyError')) {
this.$("#keycloak-publicKey").focus();
return;
}
let pk = this.get('keycloakConfig.publicKey');
if (is.not.startWith(pk, '-----BEGIN PUBLIC KEY-----')) {
pk = '-----BEGIN PUBLIC KEY-----' + pk;
}
if (is.not.endWith(pk, '-----END PUBLIC KEY-----')) {
pk = pk + '-----END PUBLIC KEY-----' ;
}
this.set('keycloakConfig.publicKey', pk);
config = this.get('keycloakConfig');
break;

2
app/app/pods/auth/keycloak/route.js
View file

@ -44,6 +44,8 @@ export default Ember.Route.extend({
this.get('kcAuth').fetchProfile(kc).then((profile) => {
let data = this.get('kcAuth').mapProfile(kc, profile);
console.log(kc);
console.log(profile);
console.log(data);
// this.get("session").authenticate('authenticator:keycloak', data)

2
app/app/pods/auth/keycloak/template.hbs
View file

@ -1,4 +1,4 @@
<div class="sso-box">
<p>Keycloak authentication...</p>
<p>Authenticating with Keycloak...</p>
<img src="/assets/img/busy-gray.gif" />
</div>

1
app/app/services/kc-auth.js
View file

@ -69,6 +69,7 @@ export default Ember.Service.extend({
username: profile.username,
firstname: profile.firstName,
lastname: profile.lastName,
remoteId: profile.id
};
}
});

9
app/app/templates/components/auth-settings.hbs
View file

@ -11,6 +11,10 @@
</div>
{{#if isKeycloakProvider}}
<div class="form-header">
<div class="title">Keycloak Configuration</div>
<div class="tip">Connection parameters</div>
</div>
<div class="input-control">
<label>Keycloak Server URL</label>
<div class="tip">e.g. http://localhost:8888/auth</div>
@ -26,6 +30,11 @@
<div class="tip">e.g. account</div>
{{input id="keycloak-clientId" type="text" value=keycloakConfig.clientId class=(if KeycloakClientIdError 'error')}}
</div>
<div class="input-control">
<label>Keycloak Realm Public Key</label>
<div class="tip">Copy the RSA public key from Realm Settings &rarr; Keys</div>
{{textarea id="keycloak-publicKey" type="text" value=keycloakConfig.publicKey rows=7 class=(if KeycloakPublicKeyError 'error')}}
</div>
{{/if}}
<div class="regular-button button-blue" {{action 'onSave'}}>save</div>

958
app/vendor/is.js vendored
View file

File diff suppressed because it is too large Load diff

132
core/api/endpoint/authentication_endpoint.go
View file

@ -12,22 +12,17 @@
package endpoint
import (
"crypto/rand"
"database/sql"
"encoding/json"
"errors"
"fmt"
"net/http"
"strings"
"time"
jwt "github.com/dgrijalva/jwt-go"
"github.com/documize/community/core/api/endpoint/models"
"github.com/documize/community/core/api/entity"
"github.com/documize/community/core/api/request"
"github.com/documize/community/core/api/util"
"github.com/documize/community/core/environment"
"github.com/documize/community/core/log"
"github.com/documize/community/core/section/provider"
"github.com/documize/community/core/utility"
@ -308,130 +303,3 @@ func preAuthorizeStaticAssets(r *http.Request) bool {
return false
}
var jwtKey string
func init() {
environment.GetString(&jwtKey, "salt", false, "the salt string used to encode JWT tokens, if not set a random value will be generated",
func(t *string, n string) bool {
if jwtKey == "" {
b := make([]byte, 17)
_, err := rand.Read(b)
if err != nil {
jwtKey = err.Error()
log.Error("problem using crypto/rand", err)
return false
}
for k, v := range b {
if (v >= 'a' && v <= 'z') || (v >= 'A' && v <= 'Z') || (v >= '0' && v <= '0') {
b[k] = v
} else {
s := fmt.Sprintf("%x", v)
b[k] = s[0]
}
}
jwtKey = string(b)
log.Info("Please set DOCUMIZESALT or use -salt with this value: " + jwtKey)
}
return true
})
}
// Generates JSON Web Token (http://jwt.io)
func generateJWT(user, org, domain string) string {
token := jwt.New(jwt.SigningMethodHS256)
// issuer
token.Claims["iss"] = "Documize"
// subject
token.Claims["sub"] = "webapp"
// expiry
token.Claims["exp"] = time.Now().Add(time.Hour * 168).Unix()
// data
token.Claims["user"] = user
token.Claims["org"] = org
token.Claims["domain"] = domain
tokenString, _ := token.SignedString([]byte(jwtKey))
return tokenString
}
// Check for authorization token.
// We look for 'Authorization' request header OR query string "?token=XXX".
func findJWT(r *http.Request) (token string) {
header := r.Header.Get("Authorization")
if header != "" {
header = strings.Replace(header, "Bearer ", "", 1)
}
if len(header) > 1 {
token = header
} else {
query := r.URL.Query()
token = query.Get("token")
}
if token == "null" {
token = ""
}
return
}
// We take in raw token string and decode it.
func decodeJWT(tokenString string) (c request.Context, claims map[string]interface{}, err error) {
method := "decodeJWT"
// sensible defaults
c.UserID = ""
c.OrgID = ""
c.Authenticated = false
c.Guest = false
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return []byte(jwtKey), nil
})
if err != nil {
err = fmt.Errorf("bad authorization token")
return
}
if !token.Valid {
if ve, ok := err.(*jwt.ValidationError); ok {
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
log.Error("invalid token", err)
err = fmt.Errorf("bad token")
return
} else if ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0 {
log.Error("expired token", err)
err = fmt.Errorf("expired token")
return
} else {
log.Error("invalid token", err)
err = fmt.Errorf("bad token")
return
}
} else {
log.Error("invalid token", err)
err = fmt.Errorf("bad token")
return
}
}
c = request.NewContext()
c.UserID = token.Claims["user"].(string)
c.OrgID = token.Claims["org"].(string)
if len(c.UserID) == 0 || len(c.OrgID) == 0 {
err = fmt.Errorf("%s : unable parse token data", method)
return
}
c.Authenticated = true
c.Guest = false
return c, token.Claims, nil
}

153
core/api/endpoint/jwt.go Normal file
View file

@ -0,0 +1,153 @@
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com
package endpoint
import (
"crypto/rand"
"fmt"
"net/http"
"strings"
"time"
jwt "github.com/dgrijalva/jwt-go"
"github.com/documize/community/core/api/request"
"github.com/documize/community/core/environment"
"github.com/documize/community/core/log"
)
var jwtKey string
func init() {
environment.GetString(&jwtKey, "salt", false, "the salt string used to encode JWT tokens, if not set a random value will be generated",
func(t *string, n string) bool {
if jwtKey == "" {
b := make([]byte, 17)
_, err := rand.Read(b)
if err != nil {
jwtKey = err.Error()
log.Error("problem using crypto/rand", err)
return false
}
for k, v := range b {
if (v >= 'a' && v <= 'z') || (v >= 'A' && v <= 'Z') || (v >= '0' && v <= '0') {
b[k] = v
} else {
s := fmt.Sprintf("%x", v)
b[k] = s[0]
}
}
jwtKey = string(b)
log.Info("Please set DOCUMIZESALT or use -salt with this value: " + jwtKey)
}
return true
})
}
// Generates JSON Web Token (http://jwt.io)
func generateJWT(user, org, domain string) string {
token := jwt.New(jwt.SigningMethodHS256)
// issuer
token.Claims["iss"] = "Documize"
// subject
token.Claims["sub"] = "webapp"
// expiry
token.Claims["exp"] = time.Now().Add(time.Hour * 168).Unix()
// data
token.Claims["user"] = user
token.Claims["org"] = org
token.Claims["domain"] = domain
tokenString, _ := token.SignedString([]byte(jwtKey))
return tokenString
}
// Check for authorization token.
// We look for 'Authorization' request header OR query string "?token=XXX".
func findJWT(r *http.Request) (token string) {
header := r.Header.Get("Authorization")
if header != "" {
header = strings.Replace(header, "Bearer ", "", 1)
}
if len(header) > 1 {
token = header
} else {
query := r.URL.Query()
token = query.Get("token")
}
if token == "null" {
token = ""
}
return
}
// We take in raw token string and decode it.
func decodeJWT(tokenString string) (c request.Context, claims map[string]interface{}, err error) {
method := "decodeJWT"
// sensible defaults
c.UserID = ""
c.OrgID = ""
c.Authenticated = false
c.Guest = false
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return []byte(jwtKey), nil
})
if err != nil {
err = fmt.Errorf("bad authorization token")
return
}
if !token.Valid {
if ve, ok := err.(*jwt.ValidationError); ok {
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
log.Error("invalid token", err)
err = fmt.Errorf("bad token")
return
} else if ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0 {
log.Error("expired token", err)
err = fmt.Errorf("expired token")
return
} else {
log.Error("invalid token", err)
err = fmt.Errorf("bad token")
return
}
} else {
log.Error("invalid token", err)
err = fmt.Errorf("bad token")
return
}
}
c = request.NewContext()
c.UserID = token.Claims["user"].(string)
c.OrgID = token.Claims["org"].(string)
if len(c.UserID) == 0 || len(c.OrgID) == 0 {
err = fmt.Errorf("%s : unable parse token data", method)
return
}
c.Authenticated = true
c.Guest = false
return c, token.Claims, nil
}