Disallow login or sessions from inactive users
This commit is contained in:
parent
eb27af7d90
commit
4a214b099e
2 changed files with 20 additions and 3 deletions
20
auth/auth.go
20
auth/auth.go
|
|
@ -13,9 +13,9 @@ import (
|
|||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type NoCredentialsError struct{}
|
||||
type InactiveUser struct{}
|
||||
|
||||
func (e NoCredentialsError) Error() string { return "No credentials were present in the request" }
|
||||
func (e InactiveUser) Error() string { return "That user is not active" }
|
||||
|
||||
type InvalidCredentials struct{}
|
||||
|
||||
|
|
@ -25,6 +25,10 @@ type InvalidUsername struct{}
|
|||
|
||||
func (e InvalidUsername) Error() string { return "That username doesn't exist" }
|
||||
|
||||
type NoCredentialsError struct{}
|
||||
|
||||
func (e NoCredentialsError) Error() string { return "No credentials were present in the request" }
|
||||
|
||||
type AuthenticatedHandler func(http.ResponseWriter, *http.Request, platform.User)
|
||||
type EnsureAuth struct {
|
||||
handler AuthenticatedHandler
|
||||
|
|
@ -81,7 +85,14 @@ func GetAuthenticatedUser(r *http.Request) (*platform.User, error) {
|
|||
}
|
||||
username := sessionManager.GetString(ctx, "username")
|
||||
if user_id > 0 && username != "" {
|
||||
return platform.UserByID(ctx, int32(user_id))
|
||||
user, err := platform.UserByID(ctx, int32(user_id))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("user by ID: %w", err)
|
||||
}
|
||||
if !user.IsActive {
|
||||
return nil, fmt.Errorf("user is inactive")
|
||||
}
|
||||
return user, nil
|
||||
}
|
||||
}
|
||||
// If we can't get the user from the session try to get from auth headers
|
||||
|
|
@ -206,6 +217,9 @@ func validateUser(ctx context.Context, username string, password string) (*platf
|
|||
log.Info().Str("username", username).Str("password", redact(password)).Msg("Invalid username")
|
||||
return nil, InvalidUsername{}
|
||||
}
|
||||
if !user.IsActive {
|
||||
return nil, InactiveUser{}
|
||||
}
|
||||
if !validatePassword(password, user.PasswordHash) {
|
||||
log.Info().Str("username", username).Str("password", redact(password)).Str("hash", passwordHash).Msg("Invalid password for user")
|
||||
return nil, InvalidCredentials{}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ type User struct {
|
|||
DisplayName string
|
||||
ID int
|
||||
Initials string
|
||||
IsActive bool
|
||||
IsDronePilot bool
|
||||
IsWarrant bool
|
||||
Organization Organization
|
||||
|
|
@ -62,6 +63,7 @@ func newUser(ctx context.Context, org Organization, user *models.User) User {
|
|||
DisplayName: user.DisplayName,
|
||||
ID: int(user.ID),
|
||||
Initials: extractInitials(user.DisplayName),
|
||||
IsActive: user.IsActive,
|
||||
IsDronePilot: user.IsDronePilot,
|
||||
IsWarrant: user.IsWarrant,
|
||||
Organization: org,
|
||||
|
|
@ -273,6 +275,7 @@ func toUser(user *models.User) User {
|
|||
return User{
|
||||
DisplayName: user.DisplayName,
|
||||
ID: int(user.ID),
|
||||
IsActive: user.IsActive,
|
||||
Initials: extractInitials(user.DisplayName),
|
||||
Organization: Organization{},
|
||||
PasswordHash: user.PasswordHash,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue