github.com/cs3org/reva/v2@v2.27.7/pkg/auth/manager/demo/demo.go (about) 1 // Copyright 2018-2021 CERN 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 // In applying this license, CERN does not waive the privileges and immunities 16 // granted to it by virtue of its status as an Intergovernmental Organization 17 // or submit itself to any jurisdiction. 18 19 package demo 20 21 import ( 22 "context" 23 24 authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" 25 user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" 26 "github.com/cs3org/reva/v2/pkg/auth" 27 "github.com/cs3org/reva/v2/pkg/auth/manager/registry" 28 "github.com/cs3org/reva/v2/pkg/auth/scope" 29 "github.com/cs3org/reva/v2/pkg/errtypes" 30 ) 31 32 func init() { 33 registry.Register("demo", New) 34 } 35 36 type manager struct { 37 credentials map[string]Credentials 38 } 39 40 // Credentials holds a pair of secret and userid 41 type Credentials struct { 42 User *user.User 43 Secret string 44 } 45 46 // New returns a new auth Manager. 47 func New(m map[string]interface{}) (auth.Manager, error) { 48 // m not used 49 mgr := &manager{} 50 err := mgr.Configure(m) 51 return mgr, err 52 } 53 54 func (m *manager) Configure(ml map[string]interface{}) error { 55 creds := getCredentials() 56 m.credentials = creds 57 return nil 58 } 59 60 func (m *manager) Authenticate(ctx context.Context, clientID, clientSecret string) (*user.User, map[string]*authpb.Scope, error) { 61 if c, ok := m.credentials[clientID]; ok { 62 if c.Secret == clientSecret { 63 var scopes map[string]*authpb.Scope 64 var err error 65 if c.User.Id != nil && (c.User.Id.Type == user.UserType_USER_TYPE_LIGHTWEIGHT || c.User.Id.Type == user.UserType_USER_TYPE_FEDERATED) { 66 scopes, err = scope.AddLightweightAccountScope(authpb.Role_ROLE_OWNER, nil) 67 if err != nil { 68 return nil, nil, err 69 } 70 } else { 71 scopes, err = scope.AddOwnerScope(nil) 72 if err != nil { 73 return nil, nil, err 74 } 75 } 76 return c.User, scopes, nil 77 } 78 } 79 return nil, nil, errtypes.InvalidCredentials(clientID) 80 } 81 82 func getCredentials() map[string]Credentials { 83 return map[string]Credentials{ 84 "einstein": { 85 Secret: "relativity", 86 User: &user.User{ 87 Id: &user.UserId{ 88 Idp: "http://localhost:9998", 89 OpaqueId: "4c510ada-c86b-4815-8820-42cdf82c3d51", 90 Type: user.UserType_USER_TYPE_PRIMARY, 91 }, 92 Username: "einstein", 93 Groups: []string{"sailing-lovers", "violin-haters", "physics-lovers"}, 94 Mail: "einstein@example.org", 95 DisplayName: "Albert Einstein", 96 }, 97 }, 98 "marie": { 99 Secret: "radioactivity", 100 User: &user.User{ 101 Id: &user.UserId{ 102 Idp: "http://localhost:9998", 103 OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c", 104 Type: user.UserType_USER_TYPE_PRIMARY, 105 }, 106 Username: "marie", 107 Groups: []string{"radium-lovers", "polonium-lovers", "physics-lovers"}, 108 Mail: "marie@example.org", 109 DisplayName: "Marie Curie", 110 }, 111 }, 112 "richard": { 113 Secret: "superfluidity", 114 User: &user.User{ 115 Id: &user.UserId{ 116 Idp: "http://localhost:9998", 117 OpaqueId: "932b4540-8d16-481e-8ef4-588e4b6b151c", 118 Type: user.UserType_USER_TYPE_PRIMARY, 119 }, 120 Username: "richard", 121 Groups: []string{"quantum-lovers", "philosophy-haters", "physics-lovers"}, 122 Mail: "richard@example.org", 123 DisplayName: "Richard Feynman", 124 }, 125 }, 126 } 127 }