Fixed golint, gofmt warning advice.

Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
This commit is contained in:
Dave Trombley 2015-06-04 12:02:13 -04:00 committed by Stephen J Day
parent c50dfb7dae
commit 04f6a4811d
3 changed files with 47 additions and 35 deletions

View File

@ -56,7 +56,7 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
return nil, err return nil, err
} }
authHeader := req.Header.Get("Authorization") authHeader := req.Header.Get("Authorization")
if authHeader == "" { if authHeader == "" {
challenge := challenge{ challenge := challenge{
realm: ac.realm, realm: ac.realm,
@ -68,7 +68,7 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
if !ok { if !ok {
return nil, errors.New("Invalid Authorization header") return nil, errors.New("Invalid Authorization header")
} }
if res, _ := ac.htpasswd.AuthenticateUser(user, pass); !res { if res, _ := ac.htpasswd.AuthenticateUser(user, pass); !res {
challenge := challenge{ challenge := challenge{
realm: ac.realm, realm: ac.realm,

View File

@ -14,13 +14,12 @@ import (
func TestBasicAccessController(t *testing.T) { func TestBasicAccessController(t *testing.T) {
testRealm := "The-Shire" testRealm := "The-Shire"
testUsers := []string{"bilbo","frodo","MiShil","DeokMan"} testUsers := []string{"bilbo", "frodo", "MiShil", "DeokMan"}
testPasswords := []string{"baggins","baggins","새주","공주님"} testPasswords := []string{"baggins", "baggins", "새주", "공주님"}
testHtpasswdContent := `bilbo:{SHA}5siv5c0SHx681xU6GiSx9ZQryqs= testHtpasswdContent := `bilbo:{SHA}5siv5c0SHx681xU6GiSx9ZQryqs=
frodo:$2y$05$926C3y10Quzn/LnqQH86VOEVh/18T6RnLaS.khre96jLNL/7e.K5W frodo:$2y$05$926C3y10Quzn/LnqQH86VOEVh/18T6RnLaS.khre96jLNL/7e.K5W
MiShil:$2y$05$0oHgwMehvoe8iAWS8I.7l.KoECXrwVaC16RPfaSCU5eVTFrATuMI2 MiShil:$2y$05$0oHgwMehvoe8iAWS8I.7l.KoECXrwVaC16RPfaSCU5eVTFrATuMI2
DeokMan:공주님` DeokMan:공주님`
tempFile, err := ioutil.TempFile("", "htpasswd-test") tempFile, err := ioutil.TempFile("", "htpasswd-test")
if err != nil { if err != nil {
@ -41,9 +40,9 @@ func TestBasicAccessController(t *testing.T) {
} }
tempFile.Close() tempFile.Close()
var userNumber = 0 var userNumber = 0
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := context.WithValue(nil, "http.request", r) ctx := context.WithValue(nil, "http.request", r)
authCtx, err := accessController.Authorized(ctx) authCtx, err := accessController.Authorized(ctx)
@ -89,12 +88,12 @@ func TestBasicAccessController(t *testing.T) {
for i := 0; i < len(testUsers); i++ { for i := 0; i < len(testUsers); i++ {
userNumber = i userNumber = i
req, _ = http.NewRequest("GET", server.URL, nil) req, _ = http.NewRequest("GET", server.URL, nil)
sekrit := testUsers[i]+":"+testPasswords[i] sekrit := testUsers[i] + ":" + testPasswords[i]
credential := "Basic " + base64.StdEncoding.EncodeToString([]byte(sekrit)) credential := "Basic " + base64.StdEncoding.EncodeToString([]byte(sekrit))
req.Header.Set("Authorization", credential) req.Header.Set("Authorization", credential)
resp, err = client.Do(req) resp, err = client.Do(req)
if err != nil { if err != nil {
t.Fatalf("unexpected error during GET: %v", err) t.Fatalf("unexpected error during GET: %v", err)
} }
@ -105,6 +104,5 @@ func TestBasicAccessController(t *testing.T) {
t.Fatalf("unexpected non-success response status: %v != %v for %s %s %s", resp.StatusCode, http.StatusNoContent, testUsers[i], testPasswords[i], credential) t.Fatalf("unexpected non-success response status: %v != %v for %s %s %s", resp.StatusCode, http.StatusNoContent, testUsers[i], testPasswords[i], credential)
} }
} }
} }

View File

@ -8,12 +8,12 @@ import (
"os" "os"
"regexp" "regexp"
"strings" "strings"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )
// AuthenticationFailureErr - a generic error message for authentication failure to be presented to agent. // AuthenticationFailureErr - a generic error message for authentication failure to be presented to agent.
var AuthenticationFailureErr = errors.New("Bad username or password") var ErrAuthenticationFailure = errors.New("Bad username or password")
// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it. // HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it.
type HTPasswd struct { type HTPasswd struct {
@ -22,34 +22,44 @@ type HTPasswd struct {
} }
// AuthType represents a particular hash function used in the htpasswd file. // AuthType represents a particular hash function used in the htpasswd file.
type AuthType int type AuthType int
const ( const (
PlainText AuthType = iota // PlainText - Plain-text password storage (htpasswd -p)
PlainText AuthType = iota
// SHA1 - sha hashed password storage (htpasswd -s)
SHA1 SHA1
// ApacheMD5 - apr iterated md5 hashing (htpasswd -m)
ApacheMD5 ApacheMD5
// BCrypt - BCrypt adapative password hashing (htpasswd -B)
BCrypt BCrypt
// Crypt - System crypt() hashes. (htpasswd -d)
Crypt Crypt
) )
// String returns a text representation of the AuthType // String returns a text representation of the AuthType
func (at AuthType) String() string { func (at AuthType) String() string {
switch(at) { switch at {
case PlainText: return "plaintext" case PlainText:
case SHA1: return "sha1" return "plaintext"
case ApacheMD5: return "md5" case SHA1:
case BCrypt: return "bcrypt" return "sha1"
case Crypt: return "system crypt" case ApacheMD5:
return "md5"
case BCrypt:
return "bcrypt"
case Crypt:
return "system crypt"
} }
return "unknown" return "unknown"
} }
// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file. // NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file.
func NewHTPasswd(htpath string) *HTPasswd { func NewHTPasswd(htpath string) *HTPasswd {
return &HTPasswd{path: htpath} return &HTPasswd{path: htpath}
} }
var bcryptPrefixRegexp *regexp.Regexp = regexp.MustCompile(`^\$2[ab]?y\$`) var bcryptPrefixRegexp = regexp.MustCompile(`^\$2[ab]?y\$`)
// GetAuthCredentialType - Inspect an htpasswd file credential and guess the encryption algorithm used. // GetAuthCredentialType - Inspect an htpasswd file credential and guess the encryption algorithm used.
func GetAuthCredentialType(cred string) AuthType { func GetAuthCredentialType(cred string) AuthType {
@ -72,7 +82,6 @@ func GetAuthCredentialType(cred string) AuthType {
// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file. // AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file.
func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) { func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) {
// Open the file. // Open the file.
in, err := os.Open(htpasswd.path) in, err := os.Open(htpasswd.path)
if err != nil { if err != nil {
@ -94,34 +103,39 @@ func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error
if entry[0] == user { if entry[0] == user {
credential := entry[1] credential := entry[1]
credType := GetAuthCredentialType(credential) credType := GetAuthCredentialType(credential)
switch(credType) { switch credType {
case SHA1: { case SHA1:
{
sha := sha1.New() sha := sha1.New()
sha.Write([]byte(pwd)) sha.Write([]byte(pwd))
hash := base64.StdEncoding.EncodeToString(sha.Sum(nil)) hash := base64.StdEncoding.EncodeToString(sha.Sum(nil))
return entry[1][5:] == hash, nil return entry[1][5:] == hash, nil
} }
case ApacheMD5: { case ApacheMD5:
return false, errors.New(ApacheMD5.String()+" htpasswd hash function not yet supported") {
return false, errors.New(ApacheMD5.String() + " htpasswd hash function not yet supported")
} }
case BCrypt: { case BCrypt:
err := bcrypt.CompareHashAndPassword([]byte(credential),[]byte(pwd)) {
err := bcrypt.CompareHashAndPassword([]byte(credential), []byte(pwd))
if err != nil { if err != nil {
return false, err return false, err
} }
return true, nil return true, nil
} }
case Crypt: { case Crypt:
return false, errors.New(Crypt.String()+" htpasswd hash function not yet supported") {
return false, errors.New(Crypt.String() + " htpasswd hash function not yet supported")
} }
case PlainText: { case PlainText:
{
if pwd == credential { if pwd == credential {
return true, nil return true, nil
} }
return false, AuthenticationFailureErr return false, ErrAuthenticationFailure
} }
} }
} }
} }
return false, AuthenticationFailureErr return false, ErrAuthenticationFailure
} }