diff --git a/api/auth/user/UserAuthHandler.go b/api/auth/user/UserAuthHandler.go index 131f3eba449..4187adf7be6 100644 --- a/api/auth/user/UserAuthHandler.go +++ b/api/auth/user/UserAuthHandler.go @@ -237,7 +237,7 @@ func (handler UserAuthHandlerImpl) AddDefaultPolicyAndRoles(w http.ResponseWrite } func (handler UserAuthHandlerImpl) AuthVerification(w http.ResponseWriter, r *http.Request) { - verified, err := handler.userAuthService.AuthVerification(r) + verified, _, err := handler.userAuthService.AuthVerification(r) if err != nil { handler.logger.Errorw("service err, AuthVerification", "err", err) common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) @@ -253,7 +253,7 @@ func (handler UserAuthHandlerImpl) AuthVerificationV2(w http.ResponseWriter, r * isSuperAdmin = true } response := make(map[string]interface{}) - verified, err := handler.userAuthService.AuthVerification(r) + verified, emailId, err := handler.userAuthService.AuthVerification(r) if err != nil { handler.logger.Errorw("service err, AuthVerification", "err", err) common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) @@ -261,5 +261,6 @@ func (handler UserAuthHandlerImpl) AuthVerificationV2(w http.ResponseWriter, r * } response["isSuperAdmin"] = isSuperAdmin response["isVerified"] = verified + response["emailId"] = emailId common.WriteJsonResp(w, nil, response, http.StatusOK) } diff --git a/go.mod b/go.mod index 046e773ad9b..23742b06828 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/davecgh/go-spew v1.1.1 github.com/deckarep/golang-set v1.8.0 - github.com/devtron-labs/authenticator v0.4.35-0.20240405091826-a91813c53470 + github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1 github.com/devtron-labs/common-lib v0.0.19-0.20240607054959-82c79c23b046 github.com/devtron-labs/protos v0.0.3-0.20240326053929-48e42d9d4534 github.com/evanphx/json-patch v5.6.0+incompatible diff --git a/go.sum b/go.sum index 6936909566d..1521b685d76 100644 --- a/go.sum +++ b/go.sum @@ -205,8 +205,8 @@ github.com/deckarep/golang-set v1.8.0 h1:sk9/l/KqpunDwP7pSjUg0keiOOLEnOBHzykLrsP github.com/deckarep/golang-set v1.8.0/go.mod h1:5nI87KwE7wgsBU1F4GKAw2Qod7p5kyS383rP6+o6qqo= github.com/denisenkom/go-mssqldb v0.0.0-20190707035753-2be1aa521ff4 h1:YcpmyvADGYw5LqMnHqSkyIELsHCGF6PkrmM31V8rF7o= github.com/denisenkom/go-mssqldb v0.0.0-20190707035753-2be1aa521ff4/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM= -github.com/devtron-labs/authenticator v0.4.35-0.20240405091826-a91813c53470 h1:AUTYcDnL6w6Ux+264VldYaOUQAP6pDZ5Tq8wCKJyiEg= -github.com/devtron-labs/authenticator v0.4.35-0.20240405091826-a91813c53470/go.mod h1:JQxTCMmQisrpjzETJr0tzVadV+wW23rHEZAY7JVyK3s= +github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1 h1:qdkpTAo2Kr0ZicZIVXfNwsGSshpc9OB9j9RzmKYdIwY= +github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1/go.mod h1:IkKPPEfgLCMR29he5yv2OCC6iM2R7K5/0AA3k8b9XNc= github.com/devtron-labs/common-lib v0.0.19-0.20240607054959-82c79c23b046 h1:hOyqkgILg+eDttLV6X7OAAo9PKEHzInUmBTVy/EY/iI= github.com/devtron-labs/common-lib v0.0.19-0.20240607054959-82c79c23b046/go.mod h1:deAcJ5IjUjM6ozZQLJEgPWDUA0mKa632LBsKx8uM9TE= github.com/devtron-labs/protos v0.0.3-0.20240326053929-48e42d9d4534 h1:TElPRU69QedW7DIQiiQxtjwSQ6cK0fCTAMGvSLhP0ac= diff --git a/internal/sql/repository/UserAttributesRepository.go b/internal/sql/repository/UserAttributesRepository.go index be7a4c03d6f..e077ae02819 100644 --- a/internal/sql/repository/UserAttributesRepository.go +++ b/internal/sql/repository/UserAttributesRepository.go @@ -88,7 +88,7 @@ func (repo UserAttributesRepositoryImpl) UpdateDataValByKey(attrDto *UserAttribu if err != nil { return err } - query := "update user_attributes SET user_data = user_data::jsonb - ? || ? where email_id = ?" + query := "update user_attributes SET user_data = user_data::jsonb - ? || ? where email_id ilike ?" _, err = repo.dbConnection. Query(userAttr, query, attrDto.Key, string(updatedValJson), attrDto.EmailId) @@ -97,7 +97,8 @@ func (repo UserAttributesRepositoryImpl) UpdateDataValByKey(attrDto *UserAttribu func (repo UserAttributesRepositoryImpl) GetDataValueByKey(attrDto *UserAttributesDao) (string, error) { model := &UserAttributes{} - err := repo.dbConnection.Model(model).Where("email_id = ?", attrDto.EmailId). + err := repo.dbConnection.Model(model).Where("email_id ilike ?", attrDto.EmailId). + Limit(1). Select() if err != nil { return "", err @@ -118,7 +119,8 @@ func (repo UserAttributesRepositoryImpl) GetDataValueByKey(attrDto *UserAttribut func (repo UserAttributesRepositoryImpl) GetUserDataByEmailId(emailId string) (string, error) { model := &UserAttributes{} - err := repo.dbConnection.Model(model).Where("email_id = ?", emailId). + err := repo.dbConnection.Model(model).Where("email_id ilike ?", emailId). + Limit(1). Select() if err != nil { return "", err diff --git a/pkg/auth/user/UserAuthService.go b/pkg/auth/user/UserAuthService.go index a33a0af7b98..aa5b424c0a0 100644 --- a/pkg/auth/user/UserAuthService.go +++ b/pkg/auth/user/UserAuthService.go @@ -22,6 +22,7 @@ import ( "encoding/json" "errors" "fmt" + util2 "github.com/devtron-labs/devtron/pkg/auth/user/util" "log" "math/rand" "net/http" @@ -53,13 +54,13 @@ type UserAuthService interface { HandleRefresh(w http.ResponseWriter, r *http.Request) CreateRole(roleData *bean.RoleData) (bool, error) - AuthVerification(r *http.Request) (bool, error) + AuthVerification(r *http.Request) (bool, string, error) DeleteRoles(entityType string, entityName string, tx *pg.Tx, envIdentifier string, workflowName string) error } type UserAuthServiceImpl struct { userAuthRepository repository.UserAuthRepository - //sessionClient is being used for argocd username-password login proxy + // sessionClient is being used for argocd username-password login proxy sessionClient session2.ServiceClient logger *zap.SugaredLogger userRepository repository.UserRepository @@ -71,7 +72,7 @@ type UserAuthServiceImpl struct { var ( cStore *sessions.CookieStore dexOauthConfig *oauth2.Config - //googleOauthConfig *oauth2.Config + // googleOauthConfig *oauth2.Config oauthStateString = randToken() idTokenVerifier *oidc.IDTokenVerifier jwtKey = randKey() @@ -202,6 +203,7 @@ func (impl UserAuthServiceImpl) HandleRefresh(w http.ResponseWriter, r *http.Req writeResponse(http.StatusBadRequest, "StatusBadRequest", w, errors.New("StatusBadRequest")) return } + claims.Email = util2.ConvertEmailToLowerCase(claims.Email) bearerToken := claims.Token user, err := authorize(context.Background(), bearerToken) if err != nil { @@ -257,11 +259,12 @@ func (impl UserAuthServiceImpl) HandleRefresh(w http.ResponseWriter, r *http.Req } func (impl UserAuthServiceImpl) HandleLoginWithClientIp(ctx context.Context, username, password, clientIp string) (string, error) { + impl.logger.Info("login with client ip") token, err := impl.HandleLogin(username, password) if err == nil { id, _, err := impl.userService.GetUserByToken(ctx, token) if err != nil { - impl.logger.Infow("error occured while getting user by token", "err", err) + impl.logger.Errorw("error occurred while getting user by token", "err", err) } else { impl.userService.SaveLoginAudit("", clientIp, id) } @@ -308,6 +311,7 @@ func (impl UserAuthServiceImpl) HandleDexCallback(w http.ResponseWriter, r *http // Rollback tx on error. defer tx.Rollback() + Claims.Email = util2.ConvertEmailToLowerCase(Claims.Email) dbUser, err := impl.userRepository.FetchUserDetailByEmail(Claims.Email) if err != nil { impl.logger.Errorw("Exception while fetching user from db", "err", err) @@ -315,7 +319,7 @@ func (impl UserAuthServiceImpl) HandleDexCallback(w http.ResponseWriter, r *http if dbUser.Id > 0 { // Do nothing, User already exist in our db. (unique check by email id) } else { - //create new user in our db on d basis of info got from google api or hex. assign a basic role + // create new user in our db on d basis of info got from google api or hex. assign a basic role model := &repository.UserModel{ EmailId: Claims.Email, AccessToken: rawIDToken, @@ -449,7 +453,7 @@ func (impl UserAuthServiceImpl) CreateRole(roleData *bean.RoleData) (bool, error return true, nil } -func (impl UserAuthServiceImpl) AuthVerification(r *http.Request) (bool, error) { +func (impl UserAuthServiceImpl) AuthVerification(r *http.Request) (bool, string, error) { token := r.Header.Get("token") if token == "" { impl.logger.Infow("no token provided") @@ -458,7 +462,7 @@ func (impl UserAuthServiceImpl) AuthVerification(r *http.Request) (bool, error) Code: constants.UserNoTokenProvided, InternalMessage: "no token provided", } - return false, err + return false, "", err } _, err := impl.sessionManager.VerifyToken(token) @@ -470,12 +474,12 @@ func (impl UserAuthServiceImpl) AuthVerification(r *http.Request) (bool, error) InternalMessage: "failed to verify token", UserMessage: "token verification failed while getting logged in user", } - return false, err + return false, "", err } emailId, version, err := impl.userService.GetEmailAndVersionFromToken(token) if err != nil { impl.logger.Errorw("AuthVerification failed ", "error", err) - return false, err + return false, "", err } exists := impl.userService.UserExists(emailId) if !exists { @@ -485,7 +489,7 @@ func (impl UserAuthServiceImpl) AuthVerification(r *http.Request) (bool, error) InternalMessage: "user does not exist", UserMessage: "active user does not exist", } - return false, err + return false, "", err } // checking length of version, to ensure backward compatibility as earlier we did not // have version for api-tokens @@ -494,12 +498,12 @@ func (impl UserAuthServiceImpl) AuthVerification(r *http.Request) (bool, error) err := impl.userService.CheckIfTokenIsValid(emailId, version) if err != nil { impl.logger.Errorw("token is not valid", "error", err, "token", token) - return false, err + return false, "", err } } //TODO - extends for other purpose - return true, nil + return true, emailId, nil } func (impl UserAuthServiceImpl) DeleteRoles(entityType string, entityName string, tx *pg.Tx, envIdentifier string, workflowName string) (err error) { diff --git a/pkg/auth/user/UserService.go b/pkg/auth/user/UserService.go index f3834fe498a..3e17f76e442 100644 --- a/pkg/auth/user/UserService.go +++ b/pkg/auth/user/UserService.go @@ -22,6 +22,7 @@ import ( "github.com/devtron-labs/devtron/pkg/auth/user/adapter" userHelper "github.com/devtron-labs/devtron/pkg/auth/user/helper" "github.com/devtron-labs/devtron/pkg/auth/user/repository/helper" + util3 "github.com/devtron-labs/devtron/pkg/auth/user/util" "net/http" "strconv" "strings" @@ -1364,7 +1365,7 @@ func (impl *UserServiceImpl) GetEmailAndVersionFromToken(token string) (string, email = "admin" } - return email, tokenVersion, nil + return util3.ConvertEmailToLowerCase(email), tokenVersion, nil } func (impl *UserServiceImpl) GetByIds(ids []int32) ([]bean.UserInfo, error) { diff --git a/pkg/auth/user/repository/UserRepository.go b/pkg/auth/user/repository/UserRepository.go index 1c36a38efb4..61cf1308bd4 100644 --- a/pkg/auth/user/repository/UserRepository.go +++ b/pkg/auth/user/repository/UserRepository.go @@ -20,8 +20,11 @@ package repository import ( + "fmt" "github.com/devtron-labs/devtron/api/bean" userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean" + "github.com/devtron-labs/devtron/pkg/auth/user/repository/helper" + "github.com/devtron-labs/devtron/pkg/auth/user/util" "github.com/devtron-labs/devtron/pkg/sql" "github.com/go-pg/pg" "go.uber.org/zap" @@ -59,13 +62,14 @@ func NewUserRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger) *User } type UserModel struct { - TableName struct{} `sql:"users" pg:",discard_unknown_columns"` - Id int32 `sql:"id,pk"` - EmailId string `sql:"email_id,notnull"` - AccessToken string `sql:"access_token"` - Active bool `sql:"active,notnull"` - UserType string `sql:"user_type"` - UserAudit *UserAudit `sql:"-"` + TableName struct{} `sql:"users" pg:",discard_unknown_columns"` + Id int32 `sql:"id,pk"` + EmailId string `sql:"email_id,notnull"` + RequestEmailId string `sql:"request_email_id"` + AccessToken string `sql:"access_token"` + Active bool `sql:"active,notnull"` + UserType string `sql:"user_type"` + UserAudit *UserAudit `sql:"-"` sql.AuditLog } @@ -79,6 +83,8 @@ type UserRoleModel struct { } func (impl UserRepositoryImpl) CreateUser(userModel *UserModel, tx *pg.Tx) (*UserModel, error) { + userModel.RequestEmailId = userModel.EmailId + userModel.EmailId = util.ConvertEmailToLowerCase(userModel.EmailId) err := tx.Insert(userModel) if err != nil { impl.Logger.Error(err) @@ -88,6 +94,7 @@ func (impl UserRepositoryImpl) CreateUser(userModel *UserModel, tx *pg.Tx) (*Use return userModel, nil } func (impl UserRepositoryImpl) UpdateUser(userModel *UserModel, tx *pg.Tx) (*UserModel, error) { + userModel.EmailId = util.ConvertEmailToLowerCase(userModel.EmailId) err := tx.Update(userModel) if err != nil { impl.Logger.Error(err) @@ -117,6 +124,7 @@ func (impl UserRepositoryImpl) UpdateToInactiveByIds(ids []int32, tx *pg.Tx, log func (impl UserRepositoryImpl) GetById(id int32) (*UserModel, error) { var model UserModel err := impl.dbConnection.Model(&model).Where("id = ?", id).Where("active = ?", true).Select() + model.EmailId = util.ConvertEmailToLowerCase(model.EmailId) return &model, err } @@ -134,13 +142,14 @@ func (impl UserRepositoryImpl) GetEmailByIds(ids []int32) ([]string, error) { for _, model := range models { userEmails = append(userEmails, model.EmailId) } - return userEmails, err + return util.ConvertEmailsToLowerCase(userEmails), err } func (impl UserRepositoryImpl) GetByIdIncludeDeleted(id int32) (*UserModel, error) { var model UserModel err := impl.dbConnection.Model(&model).Where("id = ?", id).Select() + model.EmailId = util.ConvertEmailToLowerCase(model.EmailId) return &model, err } @@ -150,6 +159,9 @@ func (impl UserRepositoryImpl) GetAllExcludingApiTokenUser() ([]UserModel, error Where("active = ?", true). Where("user_type is NULL or user_type != ?", bean.USER_TYPE_API_TOKEN). Order("updated_on desc").Select() + for i, user := range userModel { + userModel[i].EmailId = util.ConvertEmailToLowerCase(user.EmailId) + } return userModel, err } @@ -160,20 +172,23 @@ func (impl UserRepositoryImpl) GetAllExecutingQuery(query string) ([]UserModel, impl.Logger.Error("error in GetAllExecutingQuery", "err", err, "query", query) return nil, err } + for i, user := range userModel { + userModel[i].EmailId = util.ConvertEmailToLowerCase(user.EmailId) + } return userModel, err } func (impl UserRepositoryImpl) FetchActiveUserByEmail(email string) (bean.UserInfo, error) { var users bean.UserInfo - query := "SELECT u.id, u.email_id, u.access_token, u.user_type FROM users u " + - "WHERE u.active = true and u.email_id ILIKE ? order by u.updated_on desc" + query := fmt.Sprintf("SELECT u.id, u.email_id, u.access_token, u.user_type FROM users u"+ + " WHERE u.active = true and %s order by u.updated_on desc", helper.GetEmailSearchQuery("u", email)) _, err := impl.dbConnection.Query(&users, query, email) if err != nil { - impl.Logger.Error("Exception caught:", err) + impl.Logger.Errorw("Exception caught:", "err", err) return users, err } - + users.EmailId = util.ConvertEmailToLowerCase(email) return users, nil } @@ -182,11 +197,11 @@ func (impl UserRepositoryImpl) FetchUserDetailByEmail(email string) (bean.UserIn var users []bean.UserRole var userFinal bean.UserInfo - query := "SELECT u.id, u.email_id, u.user_type, r.role FROM users u" + - " INNER JOIN user_roles ur ON ur.user_id=u.id" + - " INNER JOIN roles r ON r.id=ur.role_id" + - " WHERE u.email_id= ? and u.active = true" + - " ORDER BY u.updated_on desc;" + query := fmt.Sprintf("SELECT u.id, u.email_id, u.user_type, r.role FROM users u"+ + " INNER JOIN user_roles ur ON ur.user_id=u.id"+ + " INNER JOIN roles r ON r.id=ur.role_id"+ + " WHERE %s and u.active = true"+ + " ORDER BY u.updated_on desc;", helper.GetEmailSearchQuery("u", email)) _, err := impl.dbConnection.Query(&users, query, email) if err != nil { return userFinal, err @@ -196,7 +211,7 @@ func (impl UserRepositoryImpl) FetchUserDetailByEmail(email string) (bean.UserIn for _, item := range users { userFinal.Exist = true userFinal.Id = item.Id - userFinal.EmailId = item.EmailId + userFinal.EmailId = util.ConvertEmailToLowerCase(item.EmailId) role = append(role, item.Role) } userFinal.Roles = role @@ -205,6 +220,9 @@ func (impl UserRepositoryImpl) FetchUserDetailByEmail(email string) (bean.UserIn func (impl UserRepositoryImpl) GetByIds(ids []int32) ([]UserModel, error) { var model []UserModel err := impl.dbConnection.Model(&model).Where("id in (?)", pg.In(ids)).Where("active = ?", true).Select() + for i, m := range model { + model[i].EmailId = util.ConvertEmailToLowerCase(m.EmailId) + } return model, err } @@ -215,15 +233,19 @@ func (impl *UserRepositoryImpl) GetConnection() (dbConnection *pg.DB) { func (impl UserRepositoryImpl) FetchUserMatchesByEmailIdExcludingApiTokenUser(email string) ([]UserModel, error) { var model []UserModel err := impl.dbConnection.Model(&model). - Where("email_id like (?)", "%"+email+"%"). + Where("email_id ilike (?)", "%"+email+"%"). Where("user_type is NULL or user_type != ?", bean.USER_TYPE_API_TOKEN). Where("active = ?", true).Select() + for i, m := range model { + model[i].EmailId = util.ConvertEmailToLowerCase(m.EmailId) + } return model, err } func (impl UserRepositoryImpl) FetchActiveOrDeletedUserByEmail(email string) (*UserModel, error) { var model UserModel err := impl.dbConnection.Model(&model).Where("email_id ILIKE (?)", email).Limit(1).Select() + model.EmailId = util.ConvertEmailToLowerCase(email) return &model, err } diff --git a/pkg/auth/user/repository/helper/UserRepositoryQueryBuilder.go b/pkg/auth/user/repository/helper/UserRepositoryQueryBuilder.go index a6a3d747a47..78107debaaf 100644 --- a/pkg/auth/user/repository/helper/UserRepositoryQueryBuilder.go +++ b/pkg/auth/user/repository/helper/UserRepositoryQueryBuilder.go @@ -91,3 +91,10 @@ func GetQueryForGroupListingWithFilters(req *bean.ListingRequest) string { return query } + +func GetEmailSearchQuery(usersTableAlias string, emailId string) string { + expression := fmt.Sprintf( + "( (%s.user_type is NULL and %s.email_id ILIKE '%s' ) or (%s.user_type='apiToken' and %s.email_id='%s') )", + usersTableAlias, usersTableAlias, emailId, usersTableAlias, usersTableAlias, emailId) + return expression +} diff --git a/pkg/auth/user/util/emailUtil.go b/pkg/auth/user/util/emailUtil.go new file mode 100644 index 00000000000..14e94683c82 --- /dev/null +++ b/pkg/auth/user/util/emailUtil.go @@ -0,0 +1,18 @@ +package util + +import "strings" + +func ConvertEmailToLowerCase(email string) string { + if CheckIfAdminOrApiToken(email) { + return email + } + return strings.ToLower(email) +} + +func ConvertEmailsToLowerCase(emails []string) []string { + lowerCaseEmails := make([]string, 0, len(emails)) + for _, email := range emails { + lowerCaseEmails = append(lowerCaseEmails, ConvertEmailToLowerCase(email)) + } + return lowerCaseEmails +} diff --git a/pkg/auth/user/util/util.go b/pkg/auth/user/util/util.go index f1fabb69088..cdd7b4d2c91 100644 --- a/pkg/auth/user/util/util.go +++ b/pkg/auth/user/util/util.go @@ -18,9 +18,24 @@ package util import "strings" +const ( + ApiTokenPrefix = "API-TOKEN:" +) + func CheckValidationForRoleGroupCreation(name string) bool { if strings.Contains(name, ",") { return false } return true } + +func CheckIfAdminOrApiToken(email string) bool { + if email == "admin" || CheckIfApiToken(email) { + return true + } + return false +} + +func CheckIfApiToken(email string) bool { + return strings.HasPrefix(email, ApiTokenPrefix) +} diff --git a/scripts/sql/252_email_lower_case_handling.down.sql b/scripts/sql/252_email_lower_case_handling.down.sql new file mode 100644 index 00000000000..67ab3f871a1 --- /dev/null +++ b/scripts/sql/252_email_lower_case_handling.down.sql @@ -0,0 +1 @@ +ALTER TABLE "users" DROP COLUMN "request_email_id"; diff --git a/scripts/sql/252_email_lower_case_handling.up.sql b/scripts/sql/252_email_lower_case_handling.up.sql new file mode 100644 index 00000000000..ec1b141807d --- /dev/null +++ b/scripts/sql/252_email_lower_case_handling.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE "users" + ADD COLUMN request_email_id VARCHAR(256); \ No newline at end of file diff --git a/vendor/github.com/devtron-labs/authenticator/apiToken/ApiTokenSecretStore.go b/vendor/github.com/devtron-labs/authenticator/apiToken/ApiTokenSecretStore.go index 0a8b2fe4470..c90084c5dab 100644 --- a/vendor/github.com/devtron-labs/authenticator/apiToken/ApiTokenSecretStore.go +++ b/vendor/github.com/devtron-labs/authenticator/apiToken/ApiTokenSecretStore.go @@ -1,3 +1,19 @@ +/* + * Copyright (c) 2024. Devtron Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package apiTokenAuth type ApiTokenSecretStore struct { @@ -6,4 +22,4 @@ type ApiTokenSecretStore struct { func InitApiTokenSecretStore() *ApiTokenSecretStore { return &ApiTokenSecretStore{} -} \ No newline at end of file +} diff --git a/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go b/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go index 93d73251e3e..da6067ba04e 100644 --- a/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go +++ b/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go @@ -1,18 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package client diff --git a/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go b/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go index 6f8f8281029..4c65a6ae924 100644 --- a/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go +++ b/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go @@ -1,18 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package client diff --git a/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go b/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go index fe62670c5a1..f01a983701a 100644 --- a/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go +++ b/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package jwt diff --git a/vendor/github.com/devtron-labs/authenticator/middleware/AuthMiddleware.go b/vendor/github.com/devtron-labs/authenticator/middleware/AuthMiddleware.go index 7efef165d19..53c07afbb70 100644 --- a/vendor/github.com/devtron-labs/authenticator/middleware/AuthMiddleware.go +++ b/vendor/github.com/devtron-labs/authenticator/middleware/AuthMiddleware.go @@ -1,18 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package middleware @@ -32,7 +31,7 @@ const tokenHeaderKey = "token" const argocdTokenHeaderKey = "argocd.token" // Authorizer is a middleware for authorization -func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string) bool, userStatusCheckInDb func(token string) (bool, int32, error)) func(next http.Handler) http.Handler { +func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string) bool, userStatusCheckInDb func(token string) (bool, int32, string, error)) func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { token := "" @@ -73,7 +72,7 @@ func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string if userStatusCheckInDb != nil { // checking user status in db - isInactive, userId, err := userStatusCheckInDb(token) + isInactive, userId, emailId, err := userStatusCheckInDb(token) if err != nil { writeResponse(http.StatusUnauthorized, "Invalid User", w, err) return @@ -81,9 +80,11 @@ func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string writeResponse(http.StatusUnauthorized, "Inactive User", w, fmt.Errorf("inactive User")) return } - // setting user id in context - context.WithValue(r.Context(), "userId", userId) + ctx := context.WithValue(r.Context(), "userId", userId) + ctx = context.WithValue(ctx, "token", token) + ctx = context.WithValue(ctx, "emailId", emailId) + r = r.WithContext(ctx) } } if pass { diff --git a/vendor/github.com/devtron-labs/authenticator/middleware/Config.go b/vendor/github.com/devtron-labs/authenticator/middleware/Config.go index d6782798d2b..7f5022dfe98 100644 --- a/vendor/github.com/devtron-labs/authenticator/middleware/Config.go +++ b/vendor/github.com/devtron-labs/authenticator/middleware/Config.go @@ -1,18 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package middleware diff --git a/vendor/github.com/devtron-labs/authenticator/middleware/sessionmanager.go b/vendor/github.com/devtron-labs/authenticator/middleware/sessionmanager.go index ab39d819f12..3e0fdb653aa 100644 --- a/vendor/github.com/devtron-labs/authenticator/middleware/sessionmanager.go +++ b/vendor/github.com/devtron-labs/authenticator/middleware/sessionmanager.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package middleware diff --git a/vendor/github.com/devtron-labs/authenticator/middleware/userLogin.go b/vendor/github.com/devtron-labs/authenticator/middleware/userLogin.go index daf5832ab4b..4e0b4975a30 100644 --- a/vendor/github.com/devtron-labs/authenticator/middleware/userLogin.go +++ b/vendor/github.com/devtron-labs/authenticator/middleware/userLogin.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package middleware diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/hhtpProxy.go b/vendor/github.com/devtron-labs/authenticator/oidc/hhtpProxy.go index fcdd393783d..495a9dbf8c0 100644 --- a/vendor/github.com/devtron-labs/authenticator/oidc/hhtpProxy.go +++ b/vendor/github.com/devtron-labs/authenticator/oidc/hhtpProxy.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package oidc diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/http.go b/vendor/github.com/devtron-labs/authenticator/oidc/http.go index 1ac594f7aee..4becce6fbfd 100644 --- a/vendor/github.com/devtron-labs/authenticator/oidc/http.go +++ b/vendor/github.com/devtron-labs/authenticator/oidc/http.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package oidc diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go index b98d5a83d0d..c5134e79fd7 100644 --- a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go +++ b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package oidc diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/provider.go b/vendor/github.com/devtron-labs/authenticator/oidc/provider.go index b3ef6115836..2dc8c019814 100644 --- a/vendor/github.com/devtron-labs/authenticator/oidc/provider.go +++ b/vendor/github.com/devtron-labs/authenticator/oidc/provider.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package oidc diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/templates.go b/vendor/github.com/devtron-labs/authenticator/oidc/templates.go index 074d76c0de2..67037f1c6cb 100644 --- a/vendor/github.com/devtron-labs/authenticator/oidc/templates.go +++ b/vendor/github.com/devtron-labs/authenticator/oidc/templates.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package oidc diff --git a/vendor/github.com/devtron-labs/authenticator/password/password.go b/vendor/github.com/devtron-labs/authenticator/password/password.go index eae14563bb4..0b750b73845 100644 --- a/vendor/github.com/devtron-labs/authenticator/password/password.go +++ b/vendor/github.com/devtron-labs/authenticator/password/password.go @@ -1,19 +1,17 @@ /* - * Copyright (c) 2021 Devtron Labs + * Copyright (c) 2021-2024. Devtron Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply */ package password diff --git a/vendor/modules.txt b/vendor/modules.txt index 5f2332b432c..8b4f3a7d4d5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -369,7 +369,7 @@ github.com/davecgh/go-spew/spew # github.com/deckarep/golang-set v1.8.0 ## explicit; go 1.17 github.com/deckarep/golang-set -# github.com/devtron-labs/authenticator v0.4.35-0.20240405091826-a91813c53470 +# github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1 ## explicit; go 1.18 github.com/devtron-labs/authenticator/apiToken github.com/devtron-labs/authenticator/client