|
|
@@ -1,23 +1,104 @@
|
|
|
package main
|
|
|
|
|
|
import (
|
|
|
+ "encoding/json"
|
|
|
"fmt"
|
|
|
+ "io/ioutil"
|
|
|
"net/http"
|
|
|
+ "net/url"
|
|
|
+ "strings"
|
|
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
|
"github.com/labstack/echo"
|
|
|
)
|
|
|
|
|
|
type handler struct{}
|
|
|
+type userInfo struct {
|
|
|
+ Result struct {
|
|
|
+ Result struct {
|
|
|
+ Sshpubkeyfp []string `json:"sshpubkeyfp"`
|
|
|
+ HasKeytab bool `json:"has_keytab"`
|
|
|
+ Ipasshpubkey []string `json:"ipasshpubkey"`
|
|
|
+ Cn []string `json:"cn"`
|
|
|
+ Krbcanonicalname []string `json:"krbcanonicalname"`
|
|
|
+ Krbticketflags []string `json:"krbticketflags"`
|
|
|
+ MemberofGroup []string `json:"memberof_group"`
|
|
|
+ HasPassword bool `json:"has_password"`
|
|
|
+ Homedirectory []string `json:"homedirectory"`
|
|
|
+ Nsaccountlock bool `json:"nsaccountlock"`
|
|
|
+ UID []string `json:"uid"`
|
|
|
+ Title []string `json:"title"`
|
|
|
+ Loginshell []string `json:"loginshell"`
|
|
|
+ Uidnumber []string `json:"uidnumber"`
|
|
|
+ Preserved bool `json:"preserved"`
|
|
|
+ Krbextradata []struct {
|
|
|
+ Base64 string `json:"__base64__"`
|
|
|
+ } `json:"krbextradata"`
|
|
|
+ Mail []string `json:"mail"`
|
|
|
+ MemberofindirectHbacrule []string `json:"memberofindirect_hbacrule"`
|
|
|
+ Dn string `json:"dn"`
|
|
|
+ Displayname []string `json:"displayname"`
|
|
|
+ Mepmanagedentry []string `json:"mepmanagedentry"`
|
|
|
+ Ipauniqueid []string `json:"ipauniqueid"`
|
|
|
+ Krbloginfailedcount []string `json:"krbloginfailedcount"`
|
|
|
+ Krbpwdpolicyreference []string `json:"krbpwdpolicyreference"`
|
|
|
+ Krbprincipalname []string `json:"krbprincipalname"`
|
|
|
+ Givenname []string `json:"givenname"`
|
|
|
+ Krblastadminunlock []struct {
|
|
|
+ Datetime string `json:"__datetime__"`
|
|
|
+ } `json:"krblastadminunlock"`
|
|
|
+ Krbpasswordexpiration []struct {
|
|
|
+ Datetime string `json:"__datetime__"`
|
|
|
+ } `json:"krbpasswordexpiration"`
|
|
|
+ Krblastfailedauth []struct {
|
|
|
+ Datetime string `json:"__datetime__"`
|
|
|
+ } `json:"krblastfailedauth"`
|
|
|
+ Objectclass []string `json:"objectclass"`
|
|
|
+ Gidnumber []string `json:"gidnumber"`
|
|
|
+ Gecos []string `json:"gecos"`
|
|
|
+ Sn []string `json:"sn"`
|
|
|
+ MemberofSudorule []string `json:"memberof_sudorule"`
|
|
|
+ Krblastpwdchange []struct {
|
|
|
+ Datetime string `json:"__datetime__"`
|
|
|
+ } `json:"krblastpwdchange"`
|
|
|
+ Initials []string `json:"initials"`
|
|
|
+ } `json:"result"`
|
|
|
+ Value string `json:"value"`
|
|
|
+ Summary interface{} `json:"summary"`
|
|
|
+ } `json:"result"`
|
|
|
+ Version string `json:"version"`
|
|
|
+ Error interface{} `json:"error"`
|
|
|
+ ID int `json:"id"`
|
|
|
+ Principal string `json:"principal"`
|
|
|
+}
|
|
|
|
|
|
// Most of the code is taken from the echo guide
|
|
|
// https://echo.labstack.com/cookbook/jwt
|
|
|
func (h *handler) login(c echo.Context) error {
|
|
|
username := c.FormValue("username")
|
|
|
password := c.FormValue("password")
|
|
|
-
|
|
|
- // Check in your db if the user exists or not
|
|
|
- if username == "jon" && password == "password" {
|
|
|
+ _url := "https://ipa.sf.faraborddi.dc/ipa/session/login_password"
|
|
|
+ method := "POST"
|
|
|
+ params := url.Values{}
|
|
|
+ params.Add("user", username)
|
|
|
+ params.Add("password", password)
|
|
|
+ payload := strings.NewReader(params.Encode())
|
|
|
+ client := &http.Client{}
|
|
|
+ req, err := http.NewRequest(method, _url, payload)
|
|
|
+
|
|
|
+ if err != nil {
|
|
|
+ fmt.Println(err)
|
|
|
+ }
|
|
|
+ req.Header.Add("Referer", "https://ipa.sf.faraborddi.dc/ipa")
|
|
|
+ req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
|
+ req.Header.Add("Accept", "text/plain")
|
|
|
+ res, err := client.Do(req)
|
|
|
+ cockie := res.Cookies()
|
|
|
+ defer res.Body.Close()
|
|
|
+ fmt.Println(res.StatusCode)
|
|
|
+ if res.StatusCode == 200 {
|
|
|
+ user := getUserInfo(cockie, username)
|
|
|
+ fmt.Println(user.Result.Value)
|
|
|
tokens, err := generateTokenPair()
|
|
|
if err != nil {
|
|
|
return err
|
|
|
@@ -28,6 +109,44 @@ func (h *handler) login(c echo.Context) error {
|
|
|
|
|
|
return echo.ErrUnauthorized
|
|
|
}
|
|
|
+func getUserInfo(cockie []*http.Cookie, username string) userInfo {
|
|
|
+ url := "https://ipa.sf.faraborddi.dc/ipa/session/json"
|
|
|
+ method := "POST"
|
|
|
+ _json := fmt.Sprintf(`
|
|
|
+{
|
|
|
+ "method": "user_show",
|
|
|
+ "params": [
|
|
|
+ [
|
|
|
+ "%s"
|
|
|
+ ],
|
|
|
+ {
|
|
|
+ "all": true,
|
|
|
+ "version": "2.215"
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "id": 0
|
|
|
+}
|
|
|
+`, username)
|
|
|
+
|
|
|
+ payload := strings.NewReader(_json)
|
|
|
+ client := &http.Client{}
|
|
|
+ req, err := http.NewRequest(method, url, payload)
|
|
|
+
|
|
|
+ if err != nil {
|
|
|
+ fmt.Println(err)
|
|
|
+ }
|
|
|
+ req.Header.Add("Referer", "https://ipa.sf.faraborddi.dc/ipa")
|
|
|
+ req.Header.Add("Content-Type", "application/json")
|
|
|
+ req.Header.Add("Accept", "text/plain")
|
|
|
+ req.Header.Add("Cookie", cockie[0].Raw)
|
|
|
+ res, err := client.Do(req)
|
|
|
+ defer res.Body.Close()
|
|
|
+ body, err := ioutil.ReadAll(res.Body)
|
|
|
+ user := userInfo{}
|
|
|
+ json.Unmarshal(body, &user)
|
|
|
+ //fmt.Println(user.Result.Value)
|
|
|
+ return user
|
|
|
+}
|
|
|
|
|
|
// This is the api to refresh tokens
|
|
|
// Most of the code is taken from the jwt-go package's sample codes
|
Sasan Torabkheslat