Merge branch 'adminUserTokens' into 'master'

Allow admins to generate a user token

See merge request !96

backend/admins/users.go

@@ -9,6 +9,7 @@ import (
 	"gitlab.quimbo.fr/odwrtw/canape/backend/users"
 	"gitlab.quimbo.fr/odwrtw/canape/backend/web"
 
+	"github.com/gorilla/mux"
 	"github.com/sirupsen/logrus"
 )
 
@@ -28,6 +29,34 @@ func GetUsersHandler(env *web.Env, w http.ResponseWriter, r *http.Request) error
 	return env.RenderJSON(w, users)
 }
 
+// GenerateUserToken generates a user token
+func GenerateUserToken(env *web.Env, w http.ResponseWriter, r *http.Request) error {
+	log := env.Log.WithFields(logrus.Fields{
+		"function": "admin.GenerateUserToken",
+	})
+	log.Debug("Generating user token")
+
+	vars := mux.Vars(r)
+	username := vars["username"]
+
+	user, err := users.Get(env.Database, username)
+	if err != nil {
+		return err
+	}
+
+	t, err := env.Auth.GenerateJWTToken(r, user)
+	if err != nil {
+		return err
+	}
+	t.Description = "generated token for polochon"
+
+	if err := t.Add(env.Database); err != nil {
+		return err
+	}
+
+	return env.RenderJSON(w, t)
+}
+
 // UpdateUserHandler updates the user data
 func UpdateUserHandler(env *web.Env, w http.ResponseWriter, r *http.Request) error {
 	log := env.Log.WithFields(logrus.Fields{

backend/auth/auth.go

@@ -70,19 +70,8 @@ func (a *Authorizer) GenHash(password string) (string, error) {
 	return string(b), nil
 }
 
-// Login cheks password and creates a jwt token
+// GenerateJWTToken generates a JWT token for a user
-func (a *Authorizer) Login(r *http.Request, username, password string) (*tokens.Token, error) {
+func (a *Authorizer) GenerateJWTToken(r *http.Request, u User) (*tokens.Token, error) {
-	u, err := a.Backend.GetUser(username)
-	if err != nil {
-		return nil, err
-	}
-
-	// Compare the password
-	err = bcrypt.CompareHashAndPassword([]byte(u.GetHash()), []byte(password+a.Pepper))
-	if err != nil {
-		return nil, ErrInvalidPassword
-	}
-
 	// Create a jwt token
 	jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		// Not before
@@ -101,10 +90,29 @@ func (a *Authorizer) Login(r *http.Request, username, password string) (*tokens.
 		return nil, err
 	}
 
-	t := &tokens.Token{
+	return &tokens.Token{
 		Token:    ss,
 		Username: u.GetName(),
 		IP:       getIPFromRequest(r),
+	}, nil
+}
+
+// Login cheks password and creates a jwt token
+func (a *Authorizer) Login(r *http.Request, username, password string) (*tokens.Token, error) {
+	u, err := a.Backend.GetUser(username)
+	if err != nil {
+		return nil, err
+	}
+
+	// Compare the password
+	err = bcrypt.CompareHashAndPassword([]byte(u.GetHash()), []byte(password+a.Pepper))
+	if err != nil {
+		return nil, ErrInvalidPassword
+	}
+
+	t, err := a.GenerateJWTToken(r, u)
+	if err != nil {
+		return nil, err
 	}
 
 	if err := t.Add(a.db); err != nil {

backend/routes.go

@@ -66,4 +66,5 @@ func setupRoutes(env *web.Env) {
 	env.Handle("/admins/users", admin.GetUsersHandler).WithRole(users.AdminRole).Methods("GET")
 	env.Handle("/admins/users", admin.UpdateUserHandler).WithRole(users.AdminRole).Methods("POST")
 	env.Handle("/admins/stats", admin.GetStatsHandler).WithRole(users.AdminRole).Methods("GET")
+	env.Handle("/admins/tokens/{username}", admin.GenerateUserToken).WithRole(users.AdminRole).Methods("POST")
 }

backend/tokens/tokens.go

@@ -11,7 +11,7 @@ import (
 )
 
 const (
-	addTokenQuery      = `INSERT INTO tokens (token, username, ip) VALUES ($1, $2, $3);`
+	addTokenQuery      = `INSERT INTO tokens (token, username, ip, description) VALUES ($1, $2, $3, $4);`
 	getTokenQuery      = `SELECT * FROM tokens WHERE token=$1;`
 	getUserTokenQuery  = `SELECT * FROM tokens WHERE username=$1 and token=$2;`
 	getUserTokensQuery = `SELECT * FROM tokens WHERE username=$1;`
@@ -37,7 +37,7 @@ type Token struct {
 
 // Add a token to the database
 func (t *Token) Add(db *sqlx.DB) error {
-	_, err := db.Queryx(addTokenQuery, t.Token, t.Username, t.IP)
+	_, err := db.Queryx(addTokenQuery, t.Token, t.Username, t.IP, t.Description)
 	if err != nil {
 		return err
 	}