mirror of
https://github.com/harness/drone.git
synced 2025-05-06 11:01:20 +08:00
4668e94027
This change adds the initial stepping stones for harness integration: - Authentication: JWT/PAT/SAT support - Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet) - Remote Clients for Token, User, ServiceAccount, ACL - User Integration: Syncs harness users during authentication if unknown - SA integration: syncs harness service accounts during authentication if unknown - Initial harness API: THIS WILL BE CHANGED IN THE FUTURE! - single harness subpackage (all marked with harness build flag) - harness & standalone wire + make build commands
69 lines
1.8 KiB
Go
69 lines
1.8 KiB
Go
// Copyright 2021 Harness Inc. All rights reserved.
|
|
// Use of this source code is governed by the Polyform Free Trial License
|
|
// that can be found in the LICENSE.md file for this repository.
|
|
|
|
package account
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/harness/gitness/internal/api/render"
|
|
"github.com/harness/gitness/internal/store"
|
|
"github.com/harness/gitness/internal/token"
|
|
"github.com/harness/gitness/types"
|
|
|
|
"github.com/rs/zerolog/hlog"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// HandleLogin returns an http.HandlerFunc that authenticates
|
|
// the user and returns an authentication token on success.
|
|
func HandleLogin(userStore store.UserStore, system store.SystemStore, tokenStore store.TokenStore) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
log := hlog.FromRequest(r)
|
|
|
|
username := r.FormValue("username")
|
|
password := r.FormValue("password")
|
|
user, err := userStore.FindUID(ctx, username)
|
|
if errors.Is(err, store.ErrResourceNotFound) {
|
|
user, err = userStore.FindEmail(ctx, username)
|
|
}
|
|
|
|
if err != nil {
|
|
log.Debug().Err(err).
|
|
Msgf("cannot find user with '%s'", username)
|
|
|
|
// always give not found error as extra security measurement.
|
|
render.NotFound(w)
|
|
return
|
|
}
|
|
|
|
err = bcrypt.CompareHashAndPassword(
|
|
[]byte(user.Password),
|
|
[]byte(password),
|
|
)
|
|
if err != nil {
|
|
log.Debug().Err(err).
|
|
Str("user_uid", user.UID).
|
|
Msg("invalid password")
|
|
|
|
render.NotFound(w)
|
|
return
|
|
}
|
|
|
|
token, jwtToken, err := token.CreateUserSession(ctx, tokenStore, user, "login")
|
|
if err != nil {
|
|
log.Err(err).
|
|
Str("user_uid", user.UID).
|
|
Msg("failed to generate token")
|
|
|
|
render.InternalError(w)
|
|
return
|
|
}
|
|
|
|
render.JSON(w, http.StatusOK, &types.TokenResponse{Token: *token, AccessToken: jwtToken})
|
|
}
|
|
}
|