Commit 85985dbd authored by ale's avatar ale

Add support for application-specific passwords on the file backend

parent 5918b093
......@@ -34,6 +34,11 @@ type fileUser struct {
KeyHandle string `yaml:"key_handle"`
PublicKey string `yaml:"public_key"`
} `yaml:"u2f_registrations"`
AppSpecificPasswords []struct {
Service string `yaml:"service"`
EncryptedPassword string `yaml:"password"`
} `yaml:"app_specific_passwords"`
}
func (f *fileUser) getU2FRegistrations(filename string) []u2f.Registration {
......@@ -64,7 +69,7 @@ func (f *fileUser) getU2FRegistrations(filename string) []u2f.Registration {
}
func (f *fileUser) toUser(filename string) *backend.User {
return &backend.User{
u := &backend.User{
Name: f.Name,
Email: f.Email,
Shard: f.Shard,
......@@ -73,6 +78,13 @@ func (f *fileUser) toUser(filename string) *backend.User {
Groups: f.Groups,
U2FRegistrations: f.getU2FRegistrations(filename),
}
for _, asp := range f.AppSpecificPasswords {
u.AppSpecificPasswords = append(u.AppSpecificPasswords, &backend.AppSpecificPassword{
Service: asp.Service,
EncryptedPassword: []byte(asp.EncryptedPassword),
})
}
return u
}
// Simple file-based authentication backend, list users and their
......
......@@ -175,7 +175,7 @@ func (b *sqlServiceBackend) getUserU2FRegistrations(tx *sql.Tx, name string) ([]
}
out = append(out, *reg)
}
return out, nil
return out, rows.Err()
}
func (b *sqlServiceBackend) getUserASPs(tx *sql.Tx, name string) ([]*backend.AppSpecificPassword, error) {
......@@ -197,7 +197,7 @@ func (b *sqlServiceBackend) getUserASPs(tx *sql.Tx, name string) ([]*backend.App
}
out = append(out, &asp)
}
return out, nil
return out, rows.Err()
}
func (b *sqlServiceBackend) getUserGroups(tx *sql.Tx, name string) ([]string, error) {
......@@ -219,6 +219,5 @@ func (b *sqlServiceBackend) getUserGroups(tx *sql.Tx, name string) ([]string, er
}
out = append(out, group)
}
return out, nil
return out, rows.Err()
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment