Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

add checks to user update processing

Matthew R Kasun 2 years ago
parent
9f5e9c1ef5
commit
d82e3a9b9e
2 changed files with 29 additions and 0 deletions
Split View Show Diff Stats
  1. 16 0
      controllers/user.go
  2. 13 0
      logic/jwts.go

+ 16 - 0
controllers/user.go
View File 

@@ -331,7 +331,18 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 
 	var params = mux.Vars(r)
 
 	// start here
 
+	jwtUser, _, isadmin, err := logic.VerifyJWS(r.Header.Get("Authorization"))
 
+	if err != nil {
 
+		logger.Log(0, "verifyJWT error", err.Error())
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 
+		return
 
+	}
 
 	username := params["username"]
 
+	if username != jwtUser && !isadmin {
 
+		logger.Log(0, "non-admin user", jwtUser, "attempted to update user", username)
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized"))
 
+		return
 
+	}
 
 	user, err := logic.GetUser(username)
 
 	if err != nil {
 
 		logger.Log(0, username,
 
@@ -354,6 +365,11 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 
 		return
 
 	}
 
+	if userchange.IsAdmin && !isadmin {
 
+		logger.Log(0, "non-admin user", jwtUser, "attempted get admin privilages")
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized"))
 
+		return
 
+	}
 
 	userchange.Networks = nil
 
 	user, err = logic.UpdateUser(&userchange, user)
 
 	if err != nil {

+ 13 - 0
logic/jwts.go
View File 

@@ -3,6 +3,7 @@ package logic
 
 import (
 
 	"errors"
 
 	"fmt"
 
+	"strings"
 
 	"time"
 
 
 	"github.com/golang-jwt/jwt/v4"
 
@@ -101,6 +102,18 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
 
 	return "", err
 
 }
 
 
+// VerifyJWT verifies Auth Header
 
+func VerifyJWS(bearerToken string) (username string, networks []string, isadmin bool, err error) {
 
+	token := ""
 
+	tokenSplit := strings.Split(bearerToken, " ")
 
+	if len(tokenSplit) > 1 {
 
+		token = tokenSplit[1]
 
+	} else {
 
+		return "", nil, false, errors.New("invalid auth header")
 
+	}
 
+	return VerifyUserToken(token)
 
+}
 
+
 
 // VerifyUserToken func will used to Verify the JWT Token while using APIS
 
 func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
 
 	claims := &models.UserClaims{}