801060822

Build Type

gitlab-ci

Committed by Fabio Tranchitella

Commit Message

feat: add support for returning never-expiring JWT tokens when logging in

Pull Request Pull Request #354: feat: add support for never expiring PATs

Run Details

33 of 35 new or added lines in 4 files covered. (94.29%)

85 existing lines in 4 files now uncovered.

2579 of 2883 relevant lines covered (89.46%)

127.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

/server.go

// Copyright 2022 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.
package main

import (
        "crypto/rsa"
        "net/http"

        "github.com/ant0ine/go-json-rest/rest"
        "github.com/mendersoftware/go-lib-micro/config"
        "github.com/mendersoftware/go-lib-micro/log"
        "github.com/pkg/errors"

        api_http "github.com/mendersoftware/useradm/api/http"
        "github.com/mendersoftware/useradm/authz"
        "github.com/mendersoftware/useradm/client/tenant"
        . "github.com/mendersoftware/useradm/config"
        "github.com/mendersoftware/useradm/jwt"
        "github.com/mendersoftware/useradm/keys"
        "github.com/mendersoftware/useradm/store/mongo"
        useradm "github.com/mendersoftware/useradm/user"
)

func SetupAPI(stacktype string, authz authz.Authorizer, jwth jwt.Handler) (*rest.Api, error) {
        api := rest.NewApi()
        if err := SetupMiddleware(api, stacktype, authz, jwth); err != nil {
                return nil, errors.Wrap(err, "failed to setup middleware")
        }

        //this will override the framework's error resp to the desired one:
        // {"error": "msg"}
        // instead of:
        // {"Error": "msg"}
        rest.ErrorFieldName = "error"

        return api, nil
}

func RunServer(c config.Reader) error {

        l := log.New(log.Ctx{})

        privKey, err := keys.LoadRSAPrivate(c.GetString(SettingPrivKeyPath))
        if err != nil {
                return errors.Wrap(err, "failed to read rsa private key")
        }

        fallbackPrivKeyPath := c.GetString(SettingServerFallbackPrivKeyPath)
        var fallbackPrivKey *rsa.PrivateKey
        if fallbackPrivKeyPath != "" {
                fallbackPrivKey, err = keys.LoadRSAPrivate(fallbackPrivKeyPath)
                if err != nil {
                        return errors.Wrap(err, "failed to read fallback rsa private key")
                }
        }

        authz := &SimpleAuthz{}
        jwth := jwt.NewJWTHandlerRS256(privKey, fallbackPrivKey)

        db, err := mongo.GetDataStoreMongo(dataStoreMongoConfigFromAppConfig(c))
        if err != nil {
                return errors.Wrap(err, "database connection failed")
        }

        ua := useradm.NewUserAdm(jwth, db,
                useradm.Config{
                        Issuer:                         c.GetString(SettingJWTIssuer),
                        ExpirationTime:                 int64(c.GetInt(SettingJWTExpirationTimeout)),
                        LimitTokensPerUser:             c.GetInt(SettingLimitTokensPerUser),
                        TokenLastUsedUpdateFreqMinutes: c.GetInt(SettingTokenLastUsedUpdateFreqMinutes),
                })

        if tadmAddr := c.GetString(SettingTenantAdmAddr); tadmAddr != "" {
                l.Infof("settting up tenant verification")

                tc := tenant.NewClient(tenant.Config{
                        TenantAdmAddr: tadmAddr,
                })

                ua = ua.WithTenantVerification(tc)
        }

        useradmapi := api_http.NewUserAdmApiHandlers(ua, db, jwth,
                api_http.Config{
                        TokenMaxExpSeconds: c.GetInt(SettingTokenMaxExpirationSeconds),
                })

        api, err := SetupAPI(c.GetString(SettingMiddleware), authz, jwth)
        if err != nil {
                return errors.Wrap(err, "API setup failed")
        }

        apph, err := useradmapi.GetApp()
        if err != nil {
                return errors.Wrap(err, "useradm API handlers setup failed")
        }
        api.SetApp(apph)

        addr := c.GetString(SettingListen)
        l.Printf("listening on %s", addr)

        return http.ListenAndServe(addr, api.MakeHandler())
}

1	// Copyright 2022 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package main
15
16	import (
17	"crypto/rsa"
18	"net/http"
19
20	"github.com/ant0ine/go-json-rest/rest"
21	"github.com/mendersoftware/go-lib-micro/config"
22	"github.com/mendersoftware/go-lib-micro/log"
23	"github.com/pkg/errors"
24
25	api_http "github.com/mendersoftware/useradm/api/http"
26	"github.com/mendersoftware/useradm/authz"
27	"github.com/mendersoftware/useradm/client/tenant"
28	. "github.com/mendersoftware/useradm/config"
29	"github.com/mendersoftware/useradm/jwt"
30	"github.com/mendersoftware/useradm/keys"
31	"github.com/mendersoftware/useradm/store/mongo"
32	useradm "github.com/mendersoftware/useradm/user"
33	)
34
35	func SetupAPI(stacktype string, authz authz.Authorizer, jwth jwt.Handler) (*rest.Api, error) {	6✔
36	api := rest.NewApi()	6✔
37	if err := SetupMiddleware(api, stacktype, authz, jwth); err != nil {	8✔
38	return nil, errors.Wrap(err, "failed to setup middleware")	2✔
39	}	2✔
40
41	//this will override the framework's error resp to the desired one:
42	// {"error": "msg"}
43	// instead of:
44	// {"Error": "msg"}
45	rest.ErrorFieldName = "error"	4✔
46		4✔
47	return api, nil	4✔
48	}
49
50	func RunServer(c config.Reader) error {	2✔
51		2✔
52	l := log.New(log.Ctx{})	2✔
53		2✔
54	privKey, err := keys.LoadRSAPrivate(c.GetString(SettingPrivKeyPath))	2✔
55	if err != nil {	2✔
56	return errors.Wrap(err, "failed to read rsa private key")	×
57	}	×
58
59	fallbackPrivKeyPath := c.GetString(SettingServerFallbackPrivKeyPath)	2✔
60	var fallbackPrivKey *rsa.PrivateKey	2✔
61	if fallbackPrivKeyPath != "" {	2✔
62	fallbackPrivKey, err = keys.LoadRSAPrivate(fallbackPrivKeyPath)	×
63	if err != nil {	×
64	return errors.Wrap(err, "failed to read fallback rsa private key")	×
65	}	×
66	}
67
68	authz := &SimpleAuthz{}	2✔
69	jwth := jwt.NewJWTHandlerRS256(privKey, fallbackPrivKey)	2✔
70		2✔
71	db, err := mongo.GetDataStoreMongo(dataStoreMongoConfigFromAppConfig(c))	2✔
72	if err != nil {	2✔
73	return errors.Wrap(err, "database connection failed")	×
74	}	×
75
76	ua := useradm.NewUserAdm(jwth, db,	2✔
77	useradm.Config{	2✔
78	Issuer: c.GetString(SettingJWTIssuer),	2✔
79	ExpirationTime: int64(c.GetInt(SettingJWTExpirationTimeout)),	2✔
80	LimitTokensPerUser: c.GetInt(SettingLimitTokensPerUser),	2✔
81	TokenLastUsedUpdateFreqMinutes: c.GetInt(SettingTokenLastUsedUpdateFreqMinutes),	2✔
82	})	2✔
83		2✔
84	if tadmAddr := c.GetString(SettingTenantAdmAddr); tadmAddr != "" {	3✔
85	l.Infof("settting up tenant verification")	1✔
86		1✔
87	tc := tenant.NewClient(tenant.Config{	1✔
88	TenantAdmAddr: tadmAddr,	1✔
89	})	1✔
90		1✔
91	ua = ua.WithTenantVerification(tc)	1✔
92	}	1✔
93
94	useradmapi := api_http.NewUserAdmApiHandlers(ua, db, jwth,	2✔
95	api_http.Config{	2✔
96	TokenMaxExpSeconds: c.GetInt(SettingTokenMaxExpirationSeconds),	2✔
97	})	2✔
98		2✔
99	api, err := SetupAPI(c.GetString(SettingMiddleware), authz, jwth)	2✔
100	if err != nil {	2✔
UNCOV 101	return errors.Wrap(err, "API setup failed")	×
102	}	×
103
104	apph, err := useradmapi.GetApp()	2✔
105	if err != nil {	2✔
UNCOV 106	return errors.Wrap(err, "useradm API handlers setup failed")	×
107	}	×
108	api.SetApp(apph)	2✔
109		2✔
110	addr := c.GetString(SettingListen)	2✔
111	l.Printf("listening on %s", addr)	2✔
112		2✔
113	return http.ListenAndServe(addr, api.MakeHandler())	2✔
114	}

mendersoftware / useradm / 801060822

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous