totp auth
This commit is contained in:
parent
ae0cb58ad9
commit
53bc51e674
3 changed files with 223 additions and 37 deletions
5
go.mod
5
go.mod
|
@ -5,10 +5,9 @@ go 1.14
|
||||||
require (
|
require (
|
||||||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
|
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
|
||||||
github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 // indirect
|
github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 // indirect
|
||||||
github.com/iamacarpet/go-sqlite3-dynamic v0.0.0-20190515092955-345069c6d7b9
|
github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3
|
||||||
github.com/mattn/go-sqlite3 v1.14.6
|
github.com/mattn/go-sqlite3 v1.14.6
|
||||||
github.com/notti/nocgo v0.0.0-20190619201224-fc443047424c // indirect
|
|
||||||
github.com/stretchr/testify v1.7.0 // indirect
|
github.com/stretchr/testify v1.7.0 // indirect
|
||||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
|
golang.org/x/crypto v0.2.0
|
||||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6
|
gopkg.in/alecthomas/kingpin.v2 v2.2.6
|
||||||
)
|
)
|
||||||
|
|
37
go.sum
37
go.sum
|
@ -4,26 +4,45 @@ github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 h1:EBTWhcAX7rNQ80
|
||||||
github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
|
github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
|
||||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/iamacarpet/go-sqlite3-dynamic v0.0.0-20190515092955-345069c6d7b9 h1:MDZ6mJ7Ouz9lSwLtD7v2QeDlbdL6rONTAJRNEQqRYC0=
|
github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3 h1:AqeKSZIG/NIC75MNQlPy/LM3LxfpLwahICJBHwSMFNc=
|
||||||
github.com/iamacarpet/go-sqlite3-dynamic v0.0.0-20190515092955-345069c6d7b9/go.mod h1:HSsZaV17NZLgfHsNz3wzjE66Gd2EGlF8OuC0DdPpgPk=
|
github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3/go.mod h1:hEfFauPHz7+NnjR/yHJGhrKo1Za+zStgwUETx3yzqgY=
|
||||||
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
|
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
|
||||||
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
|
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
|
||||||
github.com/notti/nocgo v0.0.0-20190619201224-fc443047424c h1:3fTZ9+GLtn9eqKC1RGLojMG7St2WsskOeGXKFEhNTlo=
|
|
||||||
github.com/notti/nocgo v0.0.0-20190619201224-fc443047424c/go.mod h1:kJHUidcvEI83gsDlB+I58aaOuzvJmPfbqrqYjTqmdHA=
|
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
|
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY=
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
|
||||||
|
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||||
|
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
|
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||||
|
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||||
|
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
|
||||||
|
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
|
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||||
|
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
|
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||||
|
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||||
|
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||||
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
|
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||||
|
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||||
|
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
|
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
|
||||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
|
|
218
openvpn-user.go
218
openvpn-user.go
|
@ -1,17 +1,22 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/rand"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"encoding/base32"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/dgryski/dgoogauth"
|
||||||
_ "github.com/mattn/go-sqlite3"
|
_ "github.com/mattn/go-sqlite3"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
"gopkg.in/alecthomas/kingpin.v2"
|
"gopkg.in/alecthomas/kingpin.v2"
|
||||||
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
"text/tabwriter"
|
"text/tabwriter"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
version = "1.0.4"
|
version = "1.0.5"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -42,24 +47,52 @@ var (
|
||||||
|
|
||||||
authCommand = kingpin.Command("auth", "Auth user.")
|
authCommand = kingpin.Command("auth", "Auth user.")
|
||||||
authCommandUserFlag = authCommand.Flag("user", "Username.").Required().String()
|
authCommandUserFlag = authCommand.Flag("user", "Username.").Required().String()
|
||||||
authCommandPasswordFlag = authCommand.Flag("password", "Password.").Required().String()
|
authCommandPasswordFlag = authCommand.Flag("password", "Password.").String()
|
||||||
|
authCommandTotpFlag = authCommand.Flag("totp", "TOTP code.").String()
|
||||||
|
//authCommandHotpFlag = authCommand.Flag("hotp", "HOTP code.").String()
|
||||||
|
|
||||||
changePasswordCommand = kingpin.Command("change-password", "Change password")
|
changePasswordCommand = kingpin.Command("change-password", "Change password")
|
||||||
changePasswordCommandUserFlag = changePasswordCommand.Flag("user", "Username.").Required().String()
|
changePasswordCommandUserFlag = changePasswordCommand.Flag("user", "Username.").Required().String()
|
||||||
changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()
|
changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()
|
||||||
|
|
||||||
|
updateSecretCommand = kingpin.Command("update-secret", "update OTP secret")
|
||||||
|
updateSecretCommandUserFlag = updateSecretCommand.Flag("user", "Username.").Required().String()
|
||||||
|
updateSecretCommandSecretFlag = updateSecretCommand.Flag("secret", "Secret.").Default("generate").String()
|
||||||
|
|
||||||
|
registerAppCommand = kingpin.Command("register-app", "update OTP secret")
|
||||||
|
registerAppCommandUserFlag = registerAppCommand.Flag("user", "Username.").Required().String()
|
||||||
|
|
||||||
|
getSecretCommand = kingpin.Command("get-secret", "gwt OTP secret")
|
||||||
|
getSecretCommandUserFlag = getSecretCommand.Flag("user", "Username.").Required().String()
|
||||||
|
|
||||||
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
|
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
|
||||||
)
|
)
|
||||||
|
|
||||||
type User struct {
|
type Migration struct {
|
||||||
id int64
|
id int64
|
||||||
name string
|
name string
|
||||||
password string
|
sql string
|
||||||
revoked bool
|
|
||||||
deleted bool
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type User struct {
|
||||||
|
id int64
|
||||||
|
name string
|
||||||
|
password string
|
||||||
|
revoked bool
|
||||||
|
deleted bool
|
||||||
|
secret string
|
||||||
|
appConfigured bool
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
migrations []Migration
|
||||||
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
||||||
|
migrations = append(migrations, Migration{name: "users_add_secret_column_2022_11_10", sql: "ALTER TABLE users ADD COLUMN secret string"})
|
||||||
|
migrations = append(migrations, Migration{name: "users_add_2fa_column_2022_11_11", sql: "ALTER TABLE users ADD COLUMN app_configured integer default 0"})
|
||||||
|
|
||||||
kingpin.Version(version)
|
kingpin.Version(version)
|
||||||
switch kingpin.Parse() {
|
switch kingpin.Parse() {
|
||||||
case createCommand.FullCommand():
|
case createCommand.FullCommand():
|
||||||
|
@ -75,9 +108,30 @@ func main() {
|
||||||
case checkCommand.FullCommand():
|
case checkCommand.FullCommand():
|
||||||
_ = checkUserExistent(*checkCommandUserFlag)
|
_ = checkUserExistent(*checkCommandUserFlag)
|
||||||
case authCommand.FullCommand():
|
case authCommand.FullCommand():
|
||||||
authUser(*authCommandUserFlag, *authCommandPasswordFlag)
|
provideAuthType := 0
|
||||||
|
if *authCommandPasswordFlag != "" {
|
||||||
|
provideAuthType += 1
|
||||||
|
}
|
||||||
|
if *authCommandTotpFlag != "" {
|
||||||
|
provideAuthType += 1
|
||||||
|
}
|
||||||
|
//if *authCommandHotpFlag != "" {
|
||||||
|
// provideAuthType += 1
|
||||||
|
//}
|
||||||
|
if provideAuthType == 1 {
|
||||||
|
authUser(*authCommandUserFlag, *authCommandPasswordFlag, *authCommandTotpFlag)
|
||||||
|
} else {
|
||||||
|
fmt.Printf("Please provide only one type of auth paswword")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
case changePasswordCommand.FullCommand():
|
case changePasswordCommand.FullCommand():
|
||||||
changeUserPassword(*changePasswordCommandUserFlag, *changePasswordCommandPasswordFlag)
|
changeUserPassword(*changePasswordCommandUserFlag, *changePasswordCommandPasswordFlag)
|
||||||
|
case updateSecretCommand.FullCommand():
|
||||||
|
registerOtpSecret(*updateSecretCommandUserFlag, *updateSecretCommandSecretFlag)
|
||||||
|
case registerAppCommand.FullCommand():
|
||||||
|
registerOtpApplication(*registerAppCommandUserFlag)
|
||||||
|
case getSecretCommand.FullCommand():
|
||||||
|
getUserOtpSecret(*getSecretCommandUserFlag)
|
||||||
case dbInitCommand.FullCommand():
|
case dbInitCommand.FullCommand():
|
||||||
initDb()
|
initDb()
|
||||||
case dbMigrateCommand.FullCommand():
|
case dbMigrateCommand.FullCommand():
|
||||||
|
@ -98,11 +152,31 @@ func initDb() {
|
||||||
// boolean fields are integer because of sqlite does not support boolean: 1 = true, 0 = false
|
// boolean fields are integer because of sqlite does not support boolean: 1 = true, 0 = false
|
||||||
_, err := getDb().Exec("CREATE TABLE IF NOT EXISTS users(id integer not null primary key autoincrement, username string UNIQUE, password string, revoked integer default 0, deleted integer default 0)")
|
_, err := getDb().Exec("CREATE TABLE IF NOT EXISTS users(id integer not null primary key autoincrement, username string UNIQUE, password string, revoked integer default 0, deleted integer default 0)")
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
|
_, err = getDb().Exec("CREATE TABLE IF NOT EXISTS migrations(id integer not null primary key autoincrement, name string)")
|
||||||
|
checkErr(err)
|
||||||
fmt.Printf("Database initialized at %s\n", *dbPath)
|
fmt.Printf("Database initialized at %s\n", *dbPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
func migrateDb() {
|
func migrateDb() {
|
||||||
fmt.Println("STUB: Migrations are up to date")
|
var c int
|
||||||
|
for _, migration := range migrations {
|
||||||
|
c = -1
|
||||||
|
err := getDb().QueryRow("SELECT count(*) FROM migrations WHERE name = $1", migration.name).Scan(&c)
|
||||||
|
if err != nil {
|
||||||
|
if err == sql.ErrNoRows {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
if c == 0 {
|
||||||
|
fmt.Printf("Migrating database with new migration %s\n", migration.name)
|
||||||
|
_, err := getDb().Exec(migration.sql)
|
||||||
|
checkErr(err)
|
||||||
|
_, err = getDb().Exec("INSERT INTO migrations(name) VALUES ($1)", migration.name)
|
||||||
|
checkErr(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
fmt.Println("Migrations are up to date")
|
||||||
}
|
}
|
||||||
|
|
||||||
func createUser(username, password string) {
|
func createUser(username, password string) {
|
||||||
|
@ -184,7 +258,7 @@ func checkUserExistent(username string) bool {
|
||||||
func userDeleted(username string) bool {
|
func userDeleted(username string) bool {
|
||||||
// return true if user marked as deleted
|
// return true if user marked as deleted
|
||||||
u := User{}
|
u := User{}
|
||||||
_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
|
_ = getDb().QueryRow("SELECT deleted FROM users WHERE username = $1", username).Scan(&u.deleted)
|
||||||
if u.deleted {
|
if u.deleted {
|
||||||
fmt.Printf("User %s marked as deleted\n", username)
|
fmt.Printf("User %s marked as deleted\n", username)
|
||||||
return true
|
return true
|
||||||
|
@ -196,9 +270,18 @@ func userDeleted(username string) bool {
|
||||||
func userIsActive(username string) bool {
|
func userIsActive(username string) bool {
|
||||||
// return true if user exist and not deleted and revoked
|
// return true if user exist and not deleted and revoked
|
||||||
u := User{}
|
u := User{}
|
||||||
_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
|
err := getDb().QueryRow("SELECT revoked,deleted FROM users WHERE username = $1", username).Scan(&u.revoked, &u.deleted)
|
||||||
|
if err != nil {
|
||||||
|
if err == sql.ErrNoRows {
|
||||||
|
fmt.Println("User not found")
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
if !u.revoked && !u.deleted {
|
if !u.revoked && !u.deleted {
|
||||||
fmt.Printf("User %s is active\n", username)
|
if *debug {
|
||||||
|
fmt.Printf("User %s is active\n", username)
|
||||||
|
}
|
||||||
return true
|
return true
|
||||||
} else {
|
} else {
|
||||||
fmt.Println("User may be deleted or revoked")
|
fmt.Println("User may be deleted or revoked")
|
||||||
|
@ -212,7 +295,7 @@ func listUsers() []User {
|
||||||
if *listAll {
|
if *listAll {
|
||||||
condition = ""
|
condition = ""
|
||||||
}
|
}
|
||||||
query := "SELECT * FROM users " + condition
|
query := "SELECT id, username, password, revoked, deleted FROM users " + condition
|
||||||
rows, err := getDb().Query(query)
|
rows, err := getDb().Query(query)
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
|
|
||||||
|
@ -251,30 +334,115 @@ func changeUserPassword(username, password string) {
|
||||||
fmt.Println("Password changed")
|
fmt.Println("Password changed")
|
||||||
}
|
}
|
||||||
|
|
||||||
func authUser(username, password string) {
|
func registerOtpSecret(username, secret string) {
|
||||||
|
if userIsActive(username) {
|
||||||
|
if secret == "generate" {
|
||||||
|
randomStr := randStr(6, "alphanum")
|
||||||
|
|
||||||
|
secret = base32.StdEncoding.EncodeToString([]byte(randomStr))
|
||||||
|
if *debug {
|
||||||
|
fmt.Printf("new generated secret for user %s: %s\n", username, secret)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := getDb().Exec("UPDATE users SET secret = $1 WHERE username = $2", secret, username)
|
||||||
|
checkErr(err)
|
||||||
|
|
||||||
|
fmt.Println("Secret updated")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func registerOtpApplication(username string) {
|
||||||
|
if userIsActive(username) {
|
||||||
|
|
||||||
|
_, err := getDb().Exec("UPDATE users SET app_configured = 1 WHERE username = $2")
|
||||||
|
checkErr(err)
|
||||||
|
|
||||||
|
fmt.Printf("OTP application for user %s configured\n", username)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getUserOtpSecret(username string) {
|
||||||
|
if userIsActive(username) {
|
||||||
|
u := User{}
|
||||||
|
_ = getDb().QueryRow("SELECT secret FROM users WHERE username = $1", username).Scan(&u.secret)
|
||||||
|
|
||||||
|
fmt.Println(u.secret)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func authUser(username, password, totp string) {
|
||||||
|
|
||||||
row := getDb().QueryRow("select * from users where username = $1", username)
|
row := getDb().QueryRow("select * from users where username = $1", username)
|
||||||
u := User{}
|
u := User{}
|
||||||
err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted)
|
err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted, &u.secret)
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
|
|
||||||
if userIsActive(username) {
|
if userIsActive(username) {
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
|
if password == "" && len(totp) > 0 {
|
||||||
if err != nil {
|
otpConfig := &dgoogauth.OTPConfig{
|
||||||
fmt.Println("Authorization failed")
|
Secret: strings.TrimSpace(u.secret),
|
||||||
if *debug {
|
WindowSize: 3,
|
||||||
fmt.Println("Passwords mismatched")
|
HotpCounter: 0,
|
||||||
|
}
|
||||||
|
|
||||||
|
// get rid of the extra \n from the token string
|
||||||
|
// otherwise the validation will fail
|
||||||
|
trimmedToken := strings.TrimSpace(totp)
|
||||||
|
|
||||||
|
// Validate token
|
||||||
|
_, err := otpConfig.Authenticate(trimmedToken)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
os.Exit(1)
|
||||||
|
} else {
|
||||||
|
fmt.Println("Authorization successful")
|
||||||
|
os.Exit(0)
|
||||||
|
}
|
||||||
|
} else if len(password) > 0 && totp == "" {
|
||||||
|
|
||||||
|
err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println("Authorization failed")
|
||||||
|
if *debug {
|
||||||
|
fmt.Println("Passwords mismatched")
|
||||||
|
}
|
||||||
|
os.Exit(1)
|
||||||
|
} else {
|
||||||
|
fmt.Println("Authorization successful")
|
||||||
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
os.Exit(1)
|
|
||||||
} else {
|
|
||||||
fmt.Println("Authorization successful")
|
|
||||||
os.Exit(0)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
fmt.Println("Authorization failed")
|
fmt.Println("Authorization failed")
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func randStr(strSize int, randType string) string {
|
||||||
|
|
||||||
|
var dictionary string
|
||||||
|
|
||||||
|
if randType == "alphanum" {
|
||||||
|
dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||||
|
}
|
||||||
|
|
||||||
|
if randType == "alpha" {
|
||||||
|
dictionary = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||||
|
}
|
||||||
|
|
||||||
|
if randType == "number" {
|
||||||
|
dictionary = "0123456789"
|
||||||
|
}
|
||||||
|
|
||||||
|
var bytes = make([]byte, strSize)
|
||||||
|
rand.Read(bytes)
|
||||||
|
for k, v := range bytes {
|
||||||
|
bytes[k] = dictionary[v%byte(len(dictionary))]
|
||||||
|
}
|
||||||
|
return string(bytes)
|
||||||
|
}
|
||||||
|
|
||||||
func checkErr(err error) {
|
func checkErr(err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
|
Loading…
Reference in a new issue