Skip to content

Commit

Permalink
fix: updating simple-ldap-go broke stuff
Browse files Browse the repository at this point in the history
  • Loading branch information
@TheDevMinerTV
TheDevMinerTV committed Oct 14, 2023
1 parent 37559d2 commit 817d885
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 68 deletions.
9 changes: 8 additions & 1 deletion cmd/serve.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"raybeam/internal/models"
"raybeam/internal/server"

ldap "github.com/netresearch/simple-ldap-go"
"github.com/spf13/cobra"
"go.etcd.io/bbolt"
)
Expand Down Expand Up @@ -36,7 +37,13 @@ var serveCmd = &cobra.Command{
return err
}

srv, err := server.New(db, ldapServer, ldapBaseDN, readUser, readPassword, ldapAdminGroupDB, ldapIsAd)
ldapConfig := ldap.Config{
Server: ldapServer,
BaseDN: ldapBaseDN,
IsActiveDirectory: ldapIsAd,
}

srv, err := server.New(db, ldapConfig, readUser, readPassword, ldapAdminGroupDB)
if err != nil {
return err
}
Expand Down
64 changes: 12 additions & 52 deletions internal/server/auth_middleware_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"fmt"
"net/url"
"os"
"strings"
"testing"

ldap "github.com/netresearch/simple-ldap-go"
Expand Down Expand Up @@ -86,39 +85,6 @@ func TestAuthMiddlewareInvalidCredentials(t *testing.T) {
}
}

func TestAuthMiddleware(t *testing.T) {
wantSAMAccountName := "readuser"
wantCN := "Readuser Readuser"
wantDN := fmt.Sprintf("cn=%s,ou=systeme,ou=benutzer,ou=netresearch,dc=netresearch,dc=nr", wantCN)

l, err := getWorkingLdap()
if err != nil {
t.Error(err)
return
}

u := url.UserPassword(wantSAMAccountName, "readuser")
auth := base64.StdEncoding.EncodeToString([]byte(u.String()))

user, err := authMiddleware(fmt.Sprintf("Basic %s", auth), l)
if err != nil {
t.Error(err)
return
}

if strings.ToLower(user.CN) != strings.ToLower(wantCN) {
t.Errorf("got CN \"%s\", want CN \"%s\"", strings.ToLower(user.CN), strings.ToLower(wantCN))
}

if strings.ToLower(user.DN) != strings.ToLower(wantDN) {
t.Errorf("got DN \"%s\", want DN \"%s\"", strings.ToLower(user.DN), strings.ToLower(wantDN))
}

if strings.ToLower(user.SAMAccountName) != strings.ToLower(wantSAMAccountName) {
t.Errorf("got SAMAccountName \"%s\", want SAMAccountName \"%s\"", strings.ToLower(user.SAMAccountName), strings.ToLower(wantCN))
}
}

func TestAuthMiddlewareWithInvalidAuthorizationHeader(t *testing.T) {
l, err := getWorkingLdap()
if err != nil {
Expand Down Expand Up @@ -161,38 +127,32 @@ func TestAuthMiddlewareWithInvalidCredentials2(t *testing.T) {
}
}

func TestAuthMiddlewareWithUnreachableServer(t *testing.T) {
l := ldap.New("ldap://please-fail", "", "", "")

u := url.UserPassword("readuser", "readuser")
auth := base64.StdEncoding.EncodeToString([]byte(u.String()))

_, err := authMiddleware(fmt.Sprintf("Basic %s", auth), l)
if err == nil {
t.Error("expected error, got nil")
}
}

func getWorkingLdap() (ldap.LDAP, error) {
func getWorkingLdap() (*ldap.LDAP, error) {
server, found := os.LookupEnv("LDAP_SERVER")
if !found {
return ldap.LDAP{}, errors.New("LDAP_SERVER not set")
return nil, errors.New("LDAP_SERVER not set")
}

baseDN, found := os.LookupEnv("LDAP_BASE_DN")
if !found {
return ldap.LDAP{}, errors.New("LDAP_BASE_DN not set")
return nil, errors.New("LDAP_BASE_DN not set")
}

readUser, found := os.LookupEnv("LDAP_READ_USER")
if !found {
return ldap.LDAP{}, errors.New("LDAP_READ_USER not set")
return nil, errors.New("LDAP_READ_USER not set")
}

readPassword, found := os.LookupEnv("LDAP_READ_PASSWORD")
if !found {
return ldap.LDAP{}, errors.New("LDAP_READ_PASSWORD not set")
return nil, errors.New("LDAP_READ_PASSWORD not set")
}

config := ldap.Config{
Server: server,
BaseDN: baseDN,
IsActiveDirectory: false,
}

return ldap.New(server, baseDN, readUser, readPassword), nil
return ldap.New(config, readUser, readPassword)
}
26 changes: 13 additions & 13 deletions internal/server/route_ssh_key.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ func (s *Server) uploadSSHKeyForDN(dn string, rawKey []byte) error {
func (s *Server) handleHTTPGetUsersMeSSHKeys(c *fiber.Ctx) error {
user := c.Locals("user").(ldap.User)

keys, err := s.getSSHKeysForDN(user.DN)
keys, err := s.getSSHKeysForDN(user.DN())
if err != nil {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}
Expand All @@ -117,7 +117,7 @@ func (s *Server) handleHTTPGetUsersMeSSHKeys(c *fiber.Ctx) error {
})
}

rawKeys := []string{fmt.Sprintf("# Keys uploaded by \"%s\"\n", user.DN)}
rawKeys := []string{fmt.Sprintf("# Keys uploaded by \"%s\"\n", user.DN())}
for _, key := range keys {
rawKeys = append(rawKeys, key.Key)
}
Expand All @@ -128,7 +128,7 @@ func (s *Server) handleHTTPGetUsersMeSSHKeys(c *fiber.Ctx) error {
func (s *Server) handleHTTPPutUsersMeSSHKey(c *fiber.Ctx) error {
user := c.Locals("user").(ldap.User)

if err := s.uploadSSHKeyForDN(user.DN, c.Body()); err != nil {
if err := s.uploadSSHKeyForDN(user.DN(), c.Body()); err != nil {
return sendError(c, fiber.StatusInternalServerError, err.Error())
}

Expand All @@ -144,7 +144,7 @@ func (s *Server) handleHTTPPutUsersMeSSHKey(c *fiber.Ctx) error {
func (s *Server) handleHTTPDeleteUsersMeSSHKeys(c *fiber.Ctx) error {
user := c.Locals("user").(ldap.User)

if err := s.deleteSSHKeysForDN(user.DN); err != nil {
if err := s.deleteSSHKeysForDN(user.DN()); err != nil {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}

Expand All @@ -161,7 +161,7 @@ func (s *Server) handleHTTPGetUsersMeSSHKey(c *fiber.Ctx) error {
user := c.Locals("user").(ldap.User)
fingerprint := c.Params("fingerprint")

key, err := s.getSSHKeyForDN(user.DN, fingerprint)
key, err := s.getSSHKeyForDN(user.DN(), fingerprint)
if err != nil {
if errors.Is(err, models.ErrSSHKeyNotFound) {
return sendError(c, fiber.StatusNotFound, "ssh key not found")
Expand Down Expand Up @@ -189,7 +189,7 @@ func (s *Server) handleHTTPDeleteUsersSSHKeys(c *fiber.Ctx) error {
return sendError(c, fiber.StatusNotFound, fmt.Sprintf("user \"%s\" not found", sAMAccountName))
}

if err := s.deleteSSHKeysForDN(user.DN); err != nil {
if err := s.deleteSSHKeysForDN(user.DN()); err != nil {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}
}
Expand All @@ -213,12 +213,12 @@ func (s *Server) handleHTTPGetUsersSSHKeys(c *fiber.Ctx) error {
return sendError(c, fiber.StatusNotFound, fmt.Sprintf("user \"%s\" not found", sAMAccountName))
}

userKeys, err := s.getSSHKeysForDN(user.DN)
userKeys, err := s.getSSHKeysForDN(user.DN())
if err != nil {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}

keys[user.DN] = userKeys
keys[user.DN()] = userKeys
}

if acceptsJson(c) {
Expand Down Expand Up @@ -248,7 +248,7 @@ func (s *Server) handleHTTPPutUsersSSHKey(c *fiber.Ctx) error {
return sendError(c, fiber.StatusNotFound, fmt.Sprintf("user \"%s\" not found", sAMAccountName))
}

if err := s.uploadSSHKeyForDN(user.DN, c.Body()); err != nil {
if err := s.uploadSSHKeyForDN(user.DN(), c.Body()); err != nil {
return sendError(c, fiber.StatusInternalServerError, err.Error())
}
}
Expand All @@ -266,7 +266,7 @@ func (s *Server) handleHTTPDeleteUsersMeSSHKey(c *fiber.Ctx) error {
user := c.Locals("user").(ldap.User)
fingerprint := c.Params("fingerprint")

if err := s.deleteSSHKeyForDN(user.DN, fingerprint); err != nil {
if err := s.deleteSSHKeyForDN(user.DN(), fingerprint); err != nil {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}

Expand All @@ -290,7 +290,7 @@ func (s *Server) handleHTTPGetUserSSHKey(c *fiber.Ctx) error {
return sendError(c, fiber.StatusNotFound, fmt.Sprintf("user \"%s\" not found", sAMAccountName))
}

key, err := s.getSSHKeyForDN(user.DN, fingerprint)
key, err := s.getSSHKeyForDN(user.DN(), fingerprint)
if err != nil {
if errors.Is(err, models.ErrSSHKeyNotFound) {
return sendError(c, fiber.StatusNotFound, "ssh key not found")
Expand All @@ -299,7 +299,7 @@ func (s *Server) handleHTTPGetUserSSHKey(c *fiber.Ctx) error {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}

keys[user.DN] = *key
keys[user.DN()] = *key
}

if acceptsJson(c) {
Expand Down Expand Up @@ -328,7 +328,7 @@ func (s *Server) handleHTTPDeleteUsersSSHKey(c *fiber.Ctx) error {
return sendError(c, fiber.StatusNotFound, fmt.Sprintf("user \"%s\" not found", sAMAccountName))
}

if err := s.deleteSSHKeyForDN(user.DN, fingerprint); err != nil {
if err := s.deleteSSHKeyForDN(user.DN(), fingerprint); err != nil {
return sendError(c, fiber.StatusInternalServerError, "internal server error")
}
}
Expand Down
4 changes: 2 additions & 2 deletions internal/server/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ type Server struct {
ldapAdminGroupDN string
}

func New(db *bbolt.DB, ldapServer, ldapBaseDN, ldapReadUser, ldapReadPassword, ldapAdminGroupDN string, isAD bool) (*Server, error) {
l, err := ldap.New(ldapServer, ldapBaseDN, ldapReadUser, ldapReadPassword, isAD)
func New(db *bbolt.DB, ldapConfig ldap.Config, ldapReadUser, ldapReadPassword, ldapAdminGroupDN string) (*Server, error) {
l, err := ldap.New(ldapConfig, ldapReadUser, ldapReadPassword)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 817d885

Please sign in to comment.