mirror of
https://github.com/passbolt/go-passbolt.git
synced 2025-05-10 01:48:22 +00:00
107 lines
3.2 KiB
Go
107 lines
3.2 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
type JWTLogin struct {
|
|
UserID string `json:"user_id"`
|
|
Challenge string `json:"challenge"`
|
|
}
|
|
|
|
type JWTLoginChallenge struct {
|
|
Version string `json:"version"`
|
|
Domain string `json:"domain"`
|
|
VerifyToken string `json:"verify_token"`
|
|
VerifyTokenExpiry int64 `json:"verify_token_expiry"`
|
|
}
|
|
|
|
type JWTLoginChallengeResult struct {
|
|
Version string `json:"version"`
|
|
Domain string `json:"domain"`
|
|
VerifyToken string `json:"verify_token"`
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
}
|
|
|
|
func (c *Client) LoginJWT(ctx context.Context) error {
|
|
/*
|
|
jwtKeyResult, _, err := c.DoCustomRequestAndReturnRawResponse(ctx, "POST", "/auth/jwt/jwks.json", "v2", nil, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("Fetching JWT Server Key: %w", err)
|
|
}*/
|
|
|
|
serverGpgPublicKeyResponse, err := c.DoCustomRequest(ctx, "POST", "/auth/verify.json", "v2", nil, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("Fetching GPG Server Key: %w", err)
|
|
}
|
|
|
|
var serverGpgPublicKey PublicKeyReponse
|
|
err = json.Unmarshal(serverGpgPublicKeyResponse.Body, &serverGpgPublicKey)
|
|
if err != nil {
|
|
return fmt.Errorf("Parsing GPG Server Key JSON: %w", err)
|
|
}
|
|
|
|
verifyToken, err := uuid.NewRandom()
|
|
if err != nil {
|
|
return fmt.Errorf("Generating Verify Token: %w", err)
|
|
}
|
|
|
|
jwtLoginChallenge := JWTLoginChallenge{
|
|
Version: "1.0.0",
|
|
Domain: c.baseURL.String(),
|
|
VerifyToken: verifyToken.String(),
|
|
VerifyTokenExpiry: time.Now().Add(2 * time.Minute).Unix(),
|
|
}
|
|
|
|
jwtLoginChallengeString, err := json.Marshal(jwtLoginChallenge)
|
|
if err != nil {
|
|
return fmt.Errorf("Marshalling jwtLoginChallenge: %w", err)
|
|
}
|
|
|
|
jwtLoginChallengeEncrypted, err := c.EncryptMessageWithPublicKey(serverGpgPublicKey.Keydata, string(jwtLoginChallengeString))
|
|
if err != nil {
|
|
return fmt.Errorf("Encypting and Signing JWT Login Challenge: %w", err)
|
|
}
|
|
|
|
loginPayload := JWTLogin{
|
|
UserID: c.userID, // where do i get this from
|
|
Challenge: jwtLoginChallengeEncrypted,
|
|
}
|
|
|
|
loginResponse, err := c.DoCustomRequest(ctx, "POST", "/auth/jwt/login.json", "v2", loginPayload, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("JWT Login: %w", err)
|
|
}
|
|
|
|
var jwtLoginResponse JWTLogin
|
|
err = json.Unmarshal(loginResponse.Body, &jwtLoginResponse)
|
|
if err != nil {
|
|
return fmt.Errorf("Parsing Login Response: %w", err)
|
|
}
|
|
|
|
jetLoginChallengeResponseString, err := c.DecryptMessage(jwtLoginResponse.Challenge)
|
|
if err != nil {
|
|
return fmt.Errorf("Decrypting Login Challenge Response: %w", err)
|
|
}
|
|
|
|
var jwtLoginChallengeResult JWTLoginChallengeResult
|
|
err = json.Unmarshal([]byte(jetLoginChallengeResponseString), &jwtLoginChallengeResult)
|
|
if err != nil {
|
|
return fmt.Errorf("Parsing Login Challange Response: %w", err)
|
|
}
|
|
|
|
// TODO Verify the Format of These all fields in jwtLoginChallengeResult
|
|
|
|
if jwtLoginChallengeResult.VerifyToken != verifyToken.String() {
|
|
return fmt.Errorf("Server Returned incorrect Verify Token: %v != %v", jwtLoginChallengeResult.VerifyToken, verifyToken.String())
|
|
}
|
|
|
|
// TODO verify JWT https://stackoverflow.com/questions/41077953/go-language-and-verify-jwt
|
|
return nil
|
|
}
|