add user auth type to user model

auth/auth.go

@@ -1,13 +1,8 @@
 package auth
 
 import (
-	"encoding/base64"
-	"encoding/json"
-
-	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
-	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/oauth2"
 )
 
@@ -20,39 +15,6 @@ var (
 	auth_provider *oauth2.Config
 )
 
-// IsOauthUser - returns
-func IsOauthUser(user *models.User) error {
-	var currentValue, err = FetchPassValue("")
-	if err != nil {
-		return err
-	}
-	var bCryptErr = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(currentValue))
-	return bCryptErr
-}
-
-func FetchPassValue(newValue string) (string, error) {
-
-	type valueHolder struct {
-		Value string `json:"value" bson:"value"`
-	}
-	newValueHolder := valueHolder{}
-	var currentValue, err = logic.FetchAuthSecret()
-	if err != nil {
-		return "", err
-	}
-	var unmarshErr = json.Unmarshal([]byte(currentValue), &newValueHolder)
-	if unmarshErr != nil {
-		return "", unmarshErr
-	}
-
-	var b64CurrentValue, b64Err = base64.StdEncoding.DecodeString(newValueHolder.Value)
-	if b64Err != nil {
-		logger.Log(0, "could not decode pass")
-		return "", nil
-	}
-	return string(b64CurrentValue), nil
-}
-
 func isUserIsAllowed(username, network string) (*models.User, error) {
 
 	user, err := logic.GetUser(username)

controllers/user.go

@@ -422,6 +422,7 @@ func createUser(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("non-admins users can only be created on Pro version"), "forbidden"))
 		return
 	}
+
 	err = logic.CreateUser(&user)
 	if err != nil {
 		slog.Error("error creating new user: ", "user", user.UserName, "error", err.Error())
@@ -526,7 +527,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	if auth.IsOauthUser(user) == nil && userchange.Password != "" {
+	if logic.IsOauthUser(user) == nil && userchange.Password != "" {
 		err := fmt.Errorf("cannot update user's password for an oauth user %s", username)
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
 		return

logic/auth.go

@@ -93,18 +93,54 @@ func GetUsers() ([]models.ReturnUser, error) {
 	return users, err
 }
 
+// IsOauthUser - returns
+func IsOauthUser(user *models.User) error {
+	var currentValue, err = FetchPassValue("")
+	if err != nil {
+		return err
+	}
+	var bCryptErr = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(currentValue))
+	return bCryptErr
+}
+
+func FetchPassValue(newValue string) (string, error) {
+
+	type valueHolder struct {
+		Value string `json:"value" bson:"value"`
+	}
+	newValueHolder := valueHolder{}
+	var currentValue, err = FetchAuthSecret()
+	if err != nil {
+		return "", err
+	}
+	var unmarshErr = json.Unmarshal([]byte(currentValue), &newValueHolder)
+	if unmarshErr != nil {
+		return "", unmarshErr
+	}
+
+	var b64CurrentValue, b64Err = base64.StdEncoding.DecodeString(newValueHolder.Value)
+	if b64Err != nil {
+		logger.Log(0, "could not decode pass")
+		return "", nil
+	}
+	return string(b64CurrentValue), nil
+}
+
 // CreateUser - creates a user
 func CreateUser(user *models.User) error {
 	// check if user exists
 	if _, err := GetUser(user.UserName); err == nil {
 		return errors.New("user exists")
 	}
+	user.AuthType = models.BasicAuth
+	if IsOauthUser(user) == nil {
+		user.AuthType = models.OAuth
+	}
 	var err = ValidateUser(user)
 	if err != nil {
 		logger.Log(0, "failed to validate user", err.Error())
 		return err
 	}
-
 	// encrypt that password so we never see it again
 	hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 5)
 	if err != nil {

migrate/migrate.go

@@ -356,6 +356,10 @@ func syncUsers() {
 			if user.PlatformRoleID.String() != "" {
 				continue
 			}
+			user.AuthType = models.BasicAuth
+			if logic.IsOauthUser(&user) == nil {
+				user.AuthType = models.OAuth
+			}
 			if len(user.NetworkRoles) == 0 {
 				user.NetworkRoles = make(map[models.NetworkID]map[models.UserRole]struct{})
 			}

models/user_mgmt.go

@@ -12,6 +12,12 @@ type RsrcType string
 type RsrcID string
 type UserRole string
 type UserGroupID string
+type AuthType string
+
+var (
+	BasicAuth AuthType = "basic_auth"
+	OAuth     AuthType = "oauth"
+)
 
 func (r RsrcType) String() string {
 	return string(r)
@@ -128,6 +134,7 @@ type User struct {
 	IsAdmin        bool                                `json:"isadmin" bson:"isadmin"` // deprecated
 	IsSuperAdmin   bool                                `json:"issuperadmin"`           // deprecated
 	RemoteGwIDs    map[string]struct{}                 `json:"remote_gw_ids"`          // deprecated
+	AuthType       AuthType                            `json:"auth_type"`
 	UserGroups     map[UserGroupID]struct{}            `json:"user_group_ids"`
 	PlatformRoleID UserRole                            `json:"platform_role_id"`
 	NetworkRoles   map[NetworkID]map[UserRole]struct{} `json:"network_roles"`
@@ -144,6 +151,7 @@ type ReturnUser struct {
 	UserName       string                              `json:"username"`
 	IsAdmin        bool                                `json:"isadmin"`
 	IsSuperAdmin   bool                                `json:"issuperadmin"`
+	AuthType       AuthType                            `json:"auth_type"`
 	RemoteGwIDs    map[string]struct{}                 `json:"remote_gw_ids"` // deprecated
 	UserGroups     map[UserGroupID]struct{}            `json:"user_group_ids"`
 	PlatformRoleID UserRole                            `json:"platform_role_id"`

pro/auth/azure-ad.go

@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -90,7 +89,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 		if database.IsEmptyRecord(err) { // user must not exist, so try to make one
 			if inviteExists {
 				// create user
-				var newPass, fetchErr = auth.FetchPassValue("")
+				var newPass, fetchErr = logic.FetchPassValue("")
 				if fetchErr != nil {
 					logic.ReturnErrorResponse(w, r, logic.FormatError(fetchErr, "internal"))
 					return
@@ -147,7 +146,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = auth.FetchPassValue("")
+	var newPass, fetchErr = logic.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/github.go

@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -89,7 +88,7 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 		if database.IsEmptyRecord(err) { // user must not exist, so try to make one
 			if inviteExists {
 				// create user
-				var newPass, fetchErr = auth.FetchPassValue("")
+				var newPass, fetchErr = logic.FetchPassValue("")
 				if fetchErr != nil {
 					logic.ReturnErrorResponse(w, r, logic.FormatError(fetchErr, "internal"))
 					return
@@ -147,7 +146,7 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = auth.FetchPassValue("")
+	var newPass, fetchErr = logic.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/google.go

@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -96,7 +95,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 			if inviteExists {
 				// create user
 				logger.Log(0, "CALLBACK ----> 4.0")
-				var newPass, fetchErr = auth.FetchPassValue("")
+				var newPass, fetchErr = logic.FetchPassValue("")
 				if fetchErr != nil {
 					logic.ReturnErrorResponse(w, r, logic.FormatError(fetchErr, "internal"))
 					return
@@ -159,7 +158,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = auth.FetchPassValue("")
+	var newPass, fetchErr = logic.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/headless_callback.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -78,7 +77,7 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	newPass, fetchErr := auth.FetchPassValue("")
+	newPass, fetchErr := logic.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}

pro/auth/oidc.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
-	"github.com/gravitl/netmaker/auth"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
@@ -102,7 +101,7 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 		if database.IsEmptyRecord(err) { // user must not exist, so try to make one
 			if inviteExists {
 				// create user
-				var newPass, fetchErr = auth.FetchPassValue("")
+				var newPass, fetchErr = logic.FetchPassValue("")
 				if fetchErr != nil {
 					logic.ReturnErrorResponse(w, r, logic.FormatError(fetchErr, "internal"))
 					return
@@ -159,7 +158,7 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthUserNotAllowed(w)
 		return
 	}
-	var newPass, fetchErr = auth.FetchPassValue("")
+	var newPass, fetchErr = logic.FetchPassValue("")
 	if fetchErr != nil {
 		return
 	}