github.com/justinjmoses/evergreen@v0.0.0-20170530173719-1d50e381ff0d/auth/auth.go

github.com/justinjmoses/evergreen@v0.0.0-20170530173719-1d50e381ff0d/auth/auth.go (about)

     1  package auth
     2  
     3  import (
     4  	"net/http"
     5  
     6  	"github.com/evergreen-ci/evergreen"
     7  	"github.com/evergreen-ci/evergreen/util"
     8  	"github.com/mongodb/grip"
     9  	"github.com/pkg/errors"
    10  )
    11  
    12  //LoadUserManager is used to check the configuration for authentication and create a UserManager depending on what type of authentication (Crowd or Naive) is used.
    13  func LoadUserManager(authConfig evergreen.AuthConfig) (UserManager, error) {
    14  	var manager UserManager
    15  	var err error
    16  	if authConfig.Crowd != nil {
    17  		manager, err = NewCrowdUserManager(authConfig.Crowd)
    18  		if err != nil {
    19  			return nil, err
    20  		}
    21  	}
    22  	if authConfig.Naive != nil {
    23  		if manager != nil {
    24  			return nil, errors.New("Cannot have multiple forms of authentication in configuration")
    25  		}
    26  		manager, err = NewNaiveUserManager(authConfig.Naive)
    27  		if err != nil {
    28  			return nil, err
    29  		}
    30  	}
    31  	if authConfig.Github != nil {
    32  		if manager != nil {
    33  			return nil, errors.New("Cannot have multiple forms of authentication in configuration")
    34  		}
    35  		manager, err = NewGithubUserManager(authConfig.Github)
    36  
    37  		// if err!=nil has never returned an error, though it
    38  		// looks like it should, just printing a warning in
    39  		// the mean time.
    40  		grip.Warning(errors.WithStack(err))
    41  	}
    42  
    43  	if manager != nil {
    44  		return manager, nil
    45  	}
    46  
    47  	return nil, errors.New("Must have at least one form of authentication, currently there are none")
    48  
    49  }
    50  
    51  // sets the Token in the session cookie for authentication
    52  func setLoginToken(token string, w http.ResponseWriter) {
    53  	authTokenCookie := &http.Cookie{
    54  		Name:     evergreen.AuthTokenCookie,
    55  		Value:    token,
    56  		HttpOnly: true,
    57  		Path:     "/",
    58  	}
    59  	http.SetCookie(w, authTokenCookie)
    60  }
    61  
    62  // IsSuperUser verifies that a given user has super user permissions.
    63  // A user has these permission if they are in the super users list or if the list is empty,
    64  // in which case all users are super users.
    65  func IsSuperUser(superUsers []string, u User) bool {
    66  	if u == nil {
    67  		return false
    68  	}
    69  	if util.SliceContains(superUsers, u.Username()) ||
    70  		len(superUsers) == 0 {
    71  		return true
    72  	}
    73  	return false
    74  
    75  }