speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-06-28 14:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: adding password expiry

Browse source
This commit is contained in:
Nelson Isioma 2025-05-28 23:59:43 +01:00
parent ffcbf94cf4
commit 5262eff022
4 changed files with 95 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
api/auth.go
View file

@ -102,12 +102,22 @@ func (c *Client) Login(ctx context.Context) error {
c.userID = user.ID c.userID = user.ID
settings, err := c.GetServerSettings(ctx)
if err != nil {
return fmt.Errorf("Getting Server Settings: %w", err)
}
// after Login, fetch MetadataTypeSettings to finish the Client Setup // after Login, fetch MetadataTypeSettings to finish the Client Setup
c.setMetadataTypeSettings(ctx) err = c.setMetadataTypeSettings(ctx, settings)
if err != nil { if err != nil {
return fmt.Errorf("Setup Metadata Type Settings: %w", err) return fmt.Errorf("Setup Metadata Type Settings: %w", err)
} }
err = c.setPasswordExpirySettings(ctx, settings)
if err != nil {
return fmt.Errorf("Setup Password Expiry Settings: %w", err)
}
return nil return nil
} }

29
api/client.go
View file

@ -36,6 +36,9 @@ type Client struct {
// Server Settings Determining which Metadata Keys to use // Server Settings Determining which Metadata Keys to use
metadataKeySettings MetadataKeySettings metadataKeySettings MetadataKeySettings
// Server Settings for password expiry
passwordExpirySettings PasswordExpirySettings
// used for solving MFA challenges. You can block this to for example wait for user input. // used for solving MFA challenges. You can block this to for example wait for user input.
// You shouden't run any unrelated API Calls while you are in this callback. // You shouden't run any unrelated API Calls while you are in this callback.
// You need to Return the Cookie that Passbolt expects to verify you MFA, usually it is called passbolt_mfa // You need to Return the Cookie that Passbolt expects to verify you MFA, usually it is called passbolt_mfa
@ -207,12 +210,7 @@ func (c *Client) GetPublicKey(ctx context.Context) (string, string, error) {
} }
// setMetadataTypeSettings Gets and configures the Client to use the Types the Server wants us to use // setMetadataTypeSettings Gets and configures the Client to use the Types the Server wants us to use
func (c *Client) setMetadataTypeSettings(ctx context.Context) error { func (c *Client) setMetadataTypeSettings(ctx context.Context, settings *ServerSettingsResponse) error {
settings, err := c.GetServerSettings(ctx)
if err != nil {
return fmt.Errorf("Getting Server Settings: %w", err)
}
if settings.Passbolt.IsPluginEnabled("metadata") { if settings.Passbolt.IsPluginEnabled("metadata") {
c.log("Server has metadata plugin enabled, is v5 or Higher") c.log("Server has metadata plugin enabled, is v5 or Higher")
metadataTypeSettings, err := c.GetServerMetadataTypeSettings(ctx) metadataTypeSettings, err := c.GetServerMetadataTypeSettings(ctx)
@ -241,6 +239,25 @@ func (c *Client) setMetadataTypeSettings(ctx context.Context) error {
return nil return nil
} }
// setPasswordExpirySettings Gets and configures the Client to use the password expiry plugin
func (c *Client) setPasswordExpirySettings(ctx context.Context, settings *ServerSettingsResponse) error {
if settings.Passbolt.IsPluginEnabled("passwordExpiry") && settings.Passbolt.IsPluginEnabled("passwordExpiryPolicies") {
c.log("Server has password expiry plugin enabled.")
passwordExpirySettings, err := c.GetServerPasswordExpirySettings(ctx)
if err != nil {
return fmt.Errorf("Getting Password Expiry Settings: %w", err)
}
c.log("passwordExpirySettings: %+v", passwordExpirySettings)
c.passwordExpirySettings = *passwordExpirySettings
} else {
c.log("Server has password expiry plugin disabled or not installed.")
c.passwordExpirySettings = getDefaultPasswordExpirySettings()
}
return nil
}
// GetPGPHandle Gets the Gopgenpgp Handler // GetPGPHandle Gets the Gopgenpgp Handler
func (c *Client) GetPGPHandle() *crypto.PGPHandle { func (c *Client) GetPGPHandle() *crypto.PGPHandle {
return c.pgp return c.pgp

50
api/password_expiry.go Normal file
View file

@ -0,0 +1,50 @@
package api
import (
"context"
"encoding/json"
"time"
)
// PasswordExpirySettings contains the Password expiry settings
type PasswordExpirySettings struct {
ID string `json:"id"`
DefaultExpiryPeriod int `json:"default_expiry_period,omitempty"`
PolicyOverride bool `json:"policy_override"`
AutomaticExpiry bool `json:"automatic_expiry"`
AutomaticUpdate bool `json:"automatic_update"`
ExpiryNotificationPeriod int `json:"expiry_notification_period,omitempty"`
Created time.Time `json:"created"`
Modified time.Time `json:"modified"`
CreatedBy string `json:"created_by"`
ModifiedBy string `json:"modified_by"`
}
// GetServerPasswordExpirySettings gets the servers password expiry settings
func (c *Client) GetServerPasswordExpirySettings(ctx context.Context) (*PasswordExpirySettings, error) {
msg, err := c.DoCustomRequestV5(ctx, "GET", "/password-expiry/settings.json", nil, nil)
if err != nil {
return nil, err
}
var passwordExpirySettings PasswordExpirySettings
err = json.Unmarshal(msg.Body, &passwordExpirySettings)
if err != nil {
return nil, err
}
return &passwordExpirySettings, nil
}
func getDefaultPasswordExpirySettings() PasswordExpirySettings {
return PasswordExpirySettings{
ID: "default",
DefaultExpiryPeriod: 0,
PolicyOverride: false,
AutomaticExpiry: false,
AutomaticUpdate: false,
ExpiryNotificationPeriod: 0,
Created: time.Now(),
Modified: time.Now(),
CreatedBy: "default",
}
}

11
api/resources.go
View file

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"time"
) )
// Resource is a Resource. // Resource is a Resource.
@ -35,6 +36,7 @@ type Resource struct {
Secrets []Secret `json:"secrets,omitempty"` Secrets []Secret `json:"secrets,omitempty"`
Tags []Tag `json:"tags,omitempty"` Tags []Tag `json:"tags,omitempty"`
Expired *Time `json:"expired,omitempty"`
} }
// Tag is a Passbolt Password Tag // Tag is a Passbolt Password Tag
@ -85,6 +87,10 @@ func (c *Client) GetResources(ctx context.Context, opts *GetResourcesOptions) ([
// CreateResource Creates a new Passbolt Resource // CreateResource Creates a new Passbolt Resource
func (c *Client) CreateResource(ctx context.Context, resource Resource) (*Resource, error) { func (c *Client) CreateResource(ctx context.Context, resource Resource) (*Resource, error) {
if c.passwordExpirySettings.DefaultExpiryPeriod != 0 {
expiry := time.Now().Add(time.Hour * 24 * time.Duration(c.passwordExpirySettings.DefaultExpiryPeriod))
resource.Expired = &Time{expiry}
}
msg, err := c.DoCustomRequest(ctx, "POST", "/resources.json", "v2", resource, nil) msg, err := c.DoCustomRequest(ctx, "POST", "/resources.json", "v2", resource, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -122,6 +128,11 @@ func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource
if err != nil { if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err) return nil, fmt.Errorf("Checking ID format: %w", err)
} }
if resource.Expired != nil && c.passwordExpirySettings.AutomaticUpdate {
expiry := time.Now().Add(time.Hour * 24 * time.Duration(c.passwordExpirySettings.DefaultExpiryPeriod))
resource.Expired = &Time{expiry}
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/resources/"+resourceID+".json", "v2", resource, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/resources/"+resourceID+".json", "v2", resource, nil)
if err != nil { if err != nil {
return nil, err return nil, err