Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
accountserver
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
2
Issues
2
List
Boards
Labels
Service Desk
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ai3
accountserver
Commits
5a5460e0
Commit
5a5460e0
authored
Jun 23, 2018
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add docstrings to many functions
parent
6639aa53
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
57 additions
and
15 deletions
+57
-15
actions.go
actions.go
+22
-2
config.go
config.go
+1
-0
errors.go
errors.go
+18
-0
service.go
service.go
+5
-11
types.go
types.go
+11
-2
No files found.
actions.go
View file @
5a5460e0
...
...
@@ -22,7 +22,7 @@ type RequestBase struct {
type
userCtxKeyType
int
var
userCtxKey
userCtxKeyType
=
0
var
userCtxKey
userCtxKeyType
func
userFromContext
(
ctx
context
.
Context
)
string
{
s
,
ok
:=
ctx
.
Value
(
userCtxKey
)
.
(
string
)
...
...
@@ -34,7 +34,7 @@ func userFromContext(ctx context.Context) string {
type
commentCtxKeyType
int
var
commentCtxKey
commentCtxKeyType
=
0
var
commentCtxKey
commentCtxKeyType
func
commentFromContext
(
ctx
context
.
Context
)
string
{
s
,
ok
:=
ctx
.
Value
(
commentCtxKey
)
.
(
string
)
...
...
@@ -44,6 +44,7 @@ func commentFromContext(ctx context.Context) string {
return
""
}
// NewContext returns a new Context with some request-related values set.
func
(
r
RequestBase
)
NewContext
(
ctx
context
.
Context
)
context
.
Context
{
ctx
=
context
.
WithValue
(
ctx
,
userCtxKey
,
r
.
Username
)
if
r
.
Comment
!=
""
{
...
...
@@ -68,6 +69,7 @@ type ResourceRequestBase struct {
Comment
string
`json:"comment,omitempty"`
}
// NewContext returns a new Context with some request-related values set.
func
(
r
ResourceRequestBase
)
NewContext
(
ctx
context
.
Context
)
context
.
Context
{
if
u
:=
r
.
ResourceID
.
User
();
u
!=
""
{
ctx
=
context
.
WithValue
(
ctx
,
userCtxKey
,
u
)
...
...
@@ -78,6 +80,7 @@ func (r ResourceRequestBase) NewContext(ctx context.Context) context.Context {
return
ctx
}
// GetUserRequest is the request type for AccountService.GetUser().
type
GetUserRequest
struct
{
RequestBase
}
...
...
@@ -99,6 +102,7 @@ func (s *AccountService) setResourceStatus(ctx context.Context, tx TX, r *Resour
return
nil
}
// DisableResourceRequest is the request type for AccountService.DisableResource().
type
DisableResourceRequest
struct
{
ResourceRequestBase
}
...
...
@@ -114,6 +118,7 @@ func (s *AccountService) DisableResource(ctx context.Context, tx TX, req *Disabl
})
}
// EnableResourceRequest is the request type for AccountService.EnableResource().
type
EnableResourceRequest
struct
{
ResourceRequestBase
}
...
...
@@ -129,11 +134,13 @@ func (s *AccountService) EnableResource(ctx context.Context, tx TX, req *EnableR
})
}
// ChangeUserPasswordRequest is the request type for AccountService.ChangeUserPassword().
type
ChangeUserPasswordRequest
struct
{
PrivilegedRequestBase
Password
string
`json:"password"`
}
// Vaildate the request.
func
(
r
*
ChangeUserPasswordRequest
)
Validate
(
ctx
context
.
Context
,
s
*
AccountService
)
error
{
return
s
.
passwordValidator
(
ctx
,
r
.
Password
)
}
...
...
@@ -248,12 +255,15 @@ func reEncryptUserKeys(keys []*UserEncryptionKey, curPassword, newPassword, keyI
return
keysOut
,
nil
}
// CreateApplicationSpecificPasswordRequest is the request type for
// AccountService.CreateApplicationSpecificPassword().
type
CreateApplicationSpecificPasswordRequest
struct
{
PrivilegedRequestBase
Service
string
`json:"service"`
Comment
string
`json:"comment"`
}
// Validate the request.
func
(
r
*
CreateApplicationSpecificPasswordRequest
)
Validate
(
_
context
.
Context
,
_
*
AccountService
)
error
{
if
r
.
Service
==
""
{
return
errors
.
New
(
"empty 'service' attribute"
)
...
...
@@ -261,6 +271,8 @@ func (r *CreateApplicationSpecificPasswordRequest) Validate(_ context.Context, _
return
nil
}
// CreateApplicationSpecificPasswordResponse is the response type for
// AccountService.CreateApplicationSpecificPassword().
type
CreateApplicationSpecificPasswordResponse
struct
{
Password
string
`json:"password"`
}
...
...
@@ -310,6 +322,8 @@ func (s *AccountService) CreateApplicationSpecificPassword(ctx context.Context,
return
&
resp
,
err
}
// DeleteApplicationSpecificPasswordRequest is the request type for
// AccountService.DeleteApplicationSpecificPassword().
type
DeleteApplicationSpecificPasswordRequest
struct
{
RequestBase
AspID
string
`json:"asp_id"`
...
...
@@ -348,12 +362,14 @@ func (s *AccountService) DeleteApplicationSpecificPassword(ctx context.Context,
})
}
// MoveResourceRequest is the request type for AccountService.MoveResource().
type
MoveResourceRequest
struct
{
RequestBase
ResourceID
ResourceID
`json:"resource_id"`
Shard
string
`json:"shard"`
}
// MoveResourceResponse is the response type for AccountService.MoveResource().
type
MoveResourceResponse
struct
{
MovedIDs
[]
string
`json:"moved_ids"`
}
...
...
@@ -395,11 +411,13 @@ func (s *AccountService) MoveResource(ctx context.Context, tx TX, req *MoveResou
return
&
resp
,
err
}
// EnableOTPRequest is the request type for AccountService.EnableOTP().
type
EnableOTPRequest
struct
{
RequestBase
TOTPSecret
string
`json:"totp_secret"`
}
// Validate the request.
func
(
r
*
EnableOTPRequest
)
Validate
(
_
context
.
Context
,
_
*
AccountService
)
error
{
// TODO: the length here is bogus, replace with real value.
if
r
.
TOTPSecret
!=
""
&&
len
(
r
.
TOTPSecret
)
!=
32
{
...
...
@@ -408,6 +426,7 @@ func (r *EnableOTPRequest) Validate(_ context.Context, _ *AccountService) error
return
nil
}
// EnableOTPResponse is the response type for AccountService.EnableOTP().
type
EnableOTPResponse
struct
{
TOTPSecret
string
`json:"totp_secret"`
}
...
...
@@ -443,6 +462,7 @@ func (s *AccountService) EnableOTP(ctx context.Context, tx TX, req *EnableOTPReq
return
&
resp
,
err
}
// DisableOTPRequest is the request type for AccountService.DisableOTP().
type
DisableOTPRequest
struct
{
RequestBase
}
...
...
config.go
View file @
5a5460e0
...
...
@@ -6,6 +6,7 @@ import (
"git.autistici.org/id/go-sso"
)
// Config holds the configuration for the AccountService.
type
Config
struct
{
ForbiddenUsernames
[]
string
`yaml:"forbidden_usernames"`
AvailableDomains
map
[
string
][]
string
`yaml:"available_domains"`
...
...
errors.go
View file @
5a5460e0
package
accountserver
import
"errors"
var
(
// ErrUnauthorized means that the request failed due to lack of authorization.
ErrUnauthorized
=
errors
.
New
(
"unauthorized"
)
// ErrUserNotFound is returned when a user object is not found.
ErrUserNotFound
=
errors
.
New
(
"user not found"
)
// ErrResourceNotFound is returned when a resource object is not found.
ErrResourceNotFound
=
errors
.
New
(
"resource not found"
)
)
// It is important to distinguish between different classes of errors,
// so that they can be translated into distinct HTTP status codes and
// transmitted back to the client. Since we also want to retain the
...
...
@@ -14,6 +27,8 @@ func newAuthError(err error) error {
return
&
authError
{
err
}
}
// IsAuthError returns true if err is an authentication /
// authorization error.
func
IsAuthError
(
err
error
)
bool
{
_
,
ok
:=
err
.
(
*
authError
)
return
ok
...
...
@@ -27,6 +42,8 @@ func newRequestError(err error) error {
return
&
requestError
{
err
}
}
// IsRequestError returns true if err is a request error (bad
// request).
func
IsRequestError
(
err
error
)
bool
{
_
,
ok
:=
err
.
(
*
requestError
)
return
ok
...
...
@@ -40,6 +57,7 @@ func newBackendError(err error) error {
return
&
backendError
{
err
}
}
// IsBackendError returns true if err is a backend error.
func
IsBackendError
(
err
error
)
bool
{
_
,
ok
:=
err
.
(
*
backendError
)
return
ok
...
...
service.go
View file @
5a5460e0
...
...
@@ -3,7 +3,6 @@ package accountserver
import
(
"context"
"encoding/json"
"errors"
"log"
"reflect"
...
...
@@ -68,11 +67,12 @@ type AccountService struct {
ssoGroups
[]
string
ssoAdminGroup
string
passwordValidator
ValidatorFunc
dataValidators
map
[
string
]
ValidatorFunc
adminDataValidators
map
[
string
]
ValidatorFunc
passwordValidator
ValidatorFunc
dataValidators
map
[
string
]
ValidatorFunc
//
adminDataValidators map[string]ValidatorFunc
}
// NewAccountService builds a new AccountService with the specified configuration.
func
NewAccountService
(
backend
Backend
,
config
*
Config
)
(
*
AccountService
,
error
)
{
ssoValidator
,
err
:=
config
.
ssoValidator
()
if
err
!=
nil
{
...
...
@@ -110,12 +110,6 @@ func (s *AccountService) isAdmin(tkt *sso.Ticket) bool {
return
false
}
var
(
ErrUnauthorized
=
errors
.
New
(
"unauthorized"
)
ErrUserNotFound
=
errors
.
New
(
"user not found"
)
ErrResourceNotFound
=
errors
.
New
(
"resource not found"
)
)
func
(
s
*
AccountService
)
validateSSO
(
ssoToken
string
)
(
*
sso
.
Ticket
,
error
)
{
return
s
.
validator
.
Validate
(
ssoToken
,
""
,
s
.
ssoService
,
s
.
ssoGroups
)
}
...
...
@@ -144,7 +138,7 @@ func (s *AccountService) getResource(ctx context.Context, tx TX, id ResourceID)
type
authUserCtxKeyType
int
var
authUserCtxKey
authUserCtxKeyType
=
0
var
authUserCtxKey
authUserCtxKeyType
func
authUserFromContext
(
ctx
context
.
Context
)
string
{
s
,
ok
:=
ctx
.
Value
(
userCtxKey
)
.
(
string
)
...
...
types.go
View file @
5a5460e0
...
...
@@ -34,6 +34,7 @@ type User struct {
Resources
[]
*
Resource
`json:"resources,omitempty"`
}
// GetResourcesByType returns all resources with the specified type.
func
(
u
*
User
)
GetResourcesByType
(
resourceType
string
)
[]
*
Resource
{
var
out
[]
*
Resource
for
_
,
r
:=
range
u
.
Resources
{
...
...
@@ -44,6 +45,8 @@ func (u *User) GetResourcesByType(resourceType string) []*Resource {
return
out
}
// GetSingleResourceByType returns a single resource of the specified
// type. If there are none, returns nil.
func
(
u
*
User
)
GetSingleResourceByType
(
resourceType
string
)
*
Resource
{
for
_
,
r
:=
range
u
.
Resources
{
if
r
.
ID
.
Type
()
==
resourceType
{
...
...
@@ -53,6 +56,7 @@ func (u *User) GetSingleResourceByType(resourceType string) *Resource {
return
nil
}
// GetResourcesByGroup returns all resources belonging to the specified group.
func
(
u
*
User
)
GetResourcesByGroup
(
group
string
)
[]
*
Resource
{
var
out
[]
*
Resource
for
_
,
r
:=
range
u
.
Resources
{
...
...
@@ -97,18 +101,20 @@ const (
ResourceStatusInactive
=
"inactive"
)
// Resource
ID. This is a a unique primary key in the resources space,
//
with a
path-like representation. It must make sense to the database
// Resource
ID is a a unique primary key in the resources space, with a
// path-like representation. It must make sense to the database
// backend and be reversible (i.e. there must be a bidirectional
// mapping between database objects and resource IDs).
type
ResourceID
struct
{
Parts
[]
string
}
// NewResourceID builds a ResourceID out of a list of path components.
func
NewResourceID
(
p
...
string
)
ResourceID
{
return
ResourceID
{
Parts
:
p
}
}
// Empty returns true if the ResourceID has the nil value.
func
(
i
ResourceID
)
Empty
()
bool
{
return
len
(
i
.
Parts
)
==
0
}
...
...
@@ -151,10 +157,12 @@ func (i ResourceID) String() string {
return
filepath
.
Join
(
tmp
...
)
}
// MarshalJSON serializes a resource ID to JSON.
func
(
i
ResourceID
)
MarshalJSON
()
([]
byte
,
error
)
{
return
json
.
Marshal
(
i
.
String
())
}
// UnmarshalJSON deserializes a resource ID from JSON.
func
(
i
*
ResourceID
)
UnmarshalJSON
(
data
[]
byte
)
error
{
var
s
string
err
:=
json
.
Unmarshal
(
data
,
&
s
)
...
...
@@ -167,6 +175,7 @@ func (i *ResourceID) UnmarshalJSON(data []byte) error {
return
err
}
// ParseResourceID parses a string representation of a ResourceID.
func
ParseResourceID
(
s
string
)
(
ResourceID
,
error
)
{
var
id
ResourceID
for
_
,
e
:=
range
strings
.
Split
(
s
,
"/"
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment