rmanach/simple-auth
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Merge branch 'release/release/impl-jwt'

Browse Source
This commit is contained in:
landrigun 2022-10-12 15:52:14 +00:00
commit cdfe53fcb2
17 changed files with 1938 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,3 +1,6 @@
/target
simple-auth
*.swp
tests/python/__pycache__
tests/bash/response.txt

1061
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

14
Cargo.toml
View File

@ -9,6 +9,20 @@ edition = "2021"
json = "0.12.4"
lazy_static = "1.4.0"
regex = "1"
tokio = { version = "1.21.1", features = ["full"] }
async-trait = "0.1.57"
jwt-simple = "0.11.1"
# useful for tests (embedded files should be delete in release ?)
#rust-embed="6.4.1"
[dependencies.configparser]
version = "3.0.2"
features = ["indexmap"]
[dependencies.clap]
version = "3.2"
features = ["derive"]
[dependencies.async-std]
version = "1.6"

75
README.md
View File

@ -2,19 +2,84 @@
A little web server providing JWT token for auth auser.
**NOTE**: for now, the server is listening on port **9000**. Change it, in the src if needed.
## Build
```bash
cargo build --release
```
# run the server
./target/release/simple-auth
## Configuration
### Store
The store represents the credentials. For now, this a `.txt` file with plain passwords. You have to create one like:
```txt
# acts as a comment (only on a start line)
<username>:<password>
```
**WARN**: the file should have a chmod to **600**.
### RSA key pair creation
The server uses **RS384** signature algorithm (asymmetric). You have to create a private key to sign the token and a public key for the validation:
```bash
openssl genrsa -out priv.pem 2048
openssl rsa -in priv.pem -outform PEM -pubout -out pub.pem
```
**WARN**: those files must be readable be the server user.
### INI file
To start the server correctly, you need to create an `.ini` file as below:
```ini
[server]
url = <ip>:<port>
[store]
path = <store_path>
[jwt]
issuer = <issuer.fr>
private_key = <priv_key_path>
public_key = <pub_key_path>
expiration_time = 2 # in hours
```
## Run
```bash
./simple-auth <ini_path>
curl http://<ip>:<port>/get/ -d '{"username":"<user>", "password":"<password>"}'
# should returned
{"token":"<header>.<payload>.<signature>"}
```
## Test
### unit tests
```bash
cargo test
```
### integration tests
* run the server locally or remotly (the URL must be changed if needed in `curling.bash` and `test_requests.py`)
* run curl tests
```bash
cd tests/bash/
./curling.bash && echo "passed"
```
* run python requests tests
```bash
# create a python venv
cd tests/python
python3 -m venv venv
source venv/bin/activate
# intall the requirements
pip install -r requirements
# launch the tests
python -m unitest
```
## Documentation
```bash
# add the '--open' arg to open the doc on a browser
cargo doc --no-deps
```

3
src/handlers/mod.rs
View File

@ -1,3 +0,0 @@
pub mod request;
pub use request::handle_request;

9
src/http/mod.rs Normal file
View File

@ -0,0 +1,9 @@
//! http module includes tools to parse an HTTP request and build and HTTP response
pub mod request;
pub mod response;
pub mod router;
pub use request::HTTPRequest;
pub use response::{HTTPResponse, HTTPStatusCode};
pub use router::{Config, ROUTER};

119
src/handlers/request.rs → src/http/request.rs
View File

@ -13,17 +13,14 @@ type RequestParts = (String, VecDeque<String>, String);
const HTTP_REQUEST_SEPARATOR: &'static str = "\r\n";
const NULL_CHAR: &'static str = "\0";
// TODO: put this const in a conf file ?
const HTTP_METHODS: [&'static str; 1] = ["POST"];
const HTTP_TARGETS: [&'static str; 3] = ["/validate/", "/get/", "/refresh/"];
lazy_static! {
static ref HTTP_VERSION_REGEX: Regex = Regex::new("^HTTP/(1.1|2)$").unwrap();
static ref HTTP_VERSION_REGEX: Regex = Regex::new("^HTTP/(1.1|1.0|2)$").unwrap();
}
#[derive(Debug)]
#[derive(Debug, Copy, Clone)]
pub enum HTTPVersion {
Http1,
Http1_0,
Http1_1,
Http2,
Unknown,
}
@ -31,7 +28,8 @@ pub enum HTTPVersion {
impl Into<String> for HTTPVersion {
fn into(self) -> String {
match self {
Self::Http1 => "HTTP/1.1".to_string(),
Self::Http1_0 => "HTTP/1.0".to_string(),
Self::Http1_1 => "HTTP/1.1".to_string(),
Self::Http2 => "HTTP/2".to_string(),
Self::Unknown => "UNKNOWN".to_string(),
}
@ -42,7 +40,8 @@ impl Into<String> for HTTPVersion {
impl From<&String> for HTTPVersion {
fn from(http_version: &String) -> Self {
match http_version.as_str() {
"HTTP/1.1" => Self::Http1,
"HTTP/1.0" => Self::Http1_0,
"HTTP/1.1" => Self::Http1_1,
"HTTP/2" => Self::Http2,
_ => Self::Unknown,
}
@ -51,9 +50,9 @@ impl From<&String> for HTTPVersion {
#[derive(Debug)]
pub struct HTTPStartLine {
pub method: String,
pub target: String,
pub version: HTTPVersion,
method: String,
target: String,
version: HTTPVersion,
}
impl HTTPStartLine {
@ -78,14 +77,6 @@ impl HTTPStartLine {
let target = parts[1].to_string();
let version = parts[2].to_string();
if !Self::check_method(&method) {
return Err("method validation failed, bad method");
}
if !Self::check_target(&target) {
return Err("target validation failed, unvalid target");
}
if !Self::check_version(&version) {
return Err("http version validation failed, unknown version");
}
@ -97,40 +88,24 @@ impl HTTPStartLine {
))
}
/// check_method checks if the start_line method is in a predefined HTTP method list
fn check_method(method: &String) -> bool {
for m in HTTP_METHODS.iter() {
if m.to_string() == *method {
return true;
}
}
false
}
/// check_target checks if the start_line target is in a predefined HTTP target whitelist
fn check_target(target: &String) -> bool {
for t in HTTP_TARGETS.iter() {
if t.to_string() == *target {
return true;
}
}
false
}
fn check_version(version: &String) -> bool {
println!("version : {}", version);
HTTP_VERSION_REGEX.is_match(version)
}
fn is_valid(&self) -> bool {
pub fn is_valid(&self) -> bool {
return self.method != "" && self.target != "";
}
pub fn get_target(&self) -> String {
self.target.clone()
}
}
impl Default for HTTPStartLine {
fn default() -> Self {
HTTPStartLine {
method: "".to_string(),
target: "".to_string(),
version: HTTPVersion::Unknown,
}
@ -144,7 +119,7 @@ impl Into<String> for HTTPStartLine {
}
}
/// HTTPBody represents http request body
/// represents an HTTP request body
/// for simplicity, only json body is accepted
#[derive(Debug)]
pub struct HTTPBody {
@ -155,6 +130,10 @@ impl HTTPBody {
fn new(data: json::JsonValue) -> HTTPBody {
HTTPBody { data }
}
pub fn get_data(&self) -> &json::JsonValue {
&self.data
}
}
impl TryFrom<String> for HTTPBody {
@ -171,7 +150,7 @@ impl TryFrom<String> for HTTPBody {
}
}
/// Request defined the HTTP request
/// Represents an HTTP request (headers are not parsed)
#[derive(Debug)]
pub struct HTTPRequest {
pub start_line: HTTPStartLine,
@ -179,11 +158,6 @@ pub struct HTTPRequest {
}
impl HTTPRequest {
// associated function to build a new HTTPRequest
fn new(start_line: HTTPStartLine, body: Option<HTTPBody>) -> Self {
HTTPRequest { start_line, body }
}
/// split correctly the incoming request in order to get :
/// * start_line
/// * headers
@ -195,8 +169,6 @@ impl HTTPRequest {
.map(|r| r.to_string())
.collect();
println!("request parts : {:?}", request_parts);
if request_parts.len() < 3 {
return Err("request has no enough informations to be correctly parsed".to_string());
}
@ -206,7 +178,7 @@ impl HTTPRequest {
Ok((start_line, request_parts, body))
}
/// parse parses the request by spliting the incoming request with the separator `\r\n`
/// parse the request by spliting the incoming request with the separator `\r\n`
fn parse(request: &str) -> Result<HTTPRequest, String> {
let request = request.to_string();
@ -234,7 +206,8 @@ impl HTTPRequest {
}
}
fn is_valid(&self) -> bool {
#[allow(dead_code)]
pub fn is_valid(&self) -> bool {
return self.start_line.is_valid();
}
}
@ -260,19 +233,15 @@ impl From<&str> for HTTPRequest {
}
}
pub fn handle_request(request: &str) -> HTTPRequest {
return HTTPRequest::from(request);
}
#[test]
fn test_handle_request() {
fn test_request() {
struct Expect {
start_line: String,
body: Option<String>,
is_valid: bool,
}
let test_cases: [(String, Expect); 10] = [
let test_cases: [(String, Expect); 11] = [
(
"POST /get/ HTTP/1.1\r\n\r\n".to_string(),
Expect {
@ -289,12 +258,20 @@ fn test_handle_request() {
is_valid: true,
},
),
(
"POST /validate/ HTTP/1.0\r\n\r\n".to_string(),
Expect {
start_line: "POST /validate/ HTTP/1.0".to_string(),
body: None,
is_valid: true,
},
),
(
"GET / HTTP/1.1\r\n\r\n".to_string(),
Expect {
start_line: " UNKNOWN".to_string(),
start_line: "GET / HTTP/1.1".to_string(),
body: None,
is_valid: false,
is_valid: true,
},
),
// intentionally add HTTP with no version number
@ -325,9 +302,9 @@ fn test_handle_request() {
(
"fjlqskjd /oks?id=65 HTTP/2\r\n\r\n".to_string(),
Expect {
start_line: " UNKNOWN".to_string(),
start_line: "fjlqskjd /oks?id=65 HTTP/2".to_string(),
body: None,
is_valid: false,
is_valid: true,
}
),
(
@ -391,19 +368,3 @@ fn test_http_body() {
}
}
}
#[test]
fn test_http_method() {
let test_cases: Vec<(String, bool)> = vec![
("POST".to_string(), true),
("POST ".to_string(), false),
("GET".to_string(), false),
("get".to_string(), false),
("qsdqsfqsf/".to_string(), false),
("OPTIONS".to_string(), false),
];
for (method, is_valid) in test_cases {
assert_eq!(is_valid, HTTPStartLine::check_method(&method));
}
}

145
src/http/response.rs Normal file
View File

@ -0,0 +1,145 @@
//! response handles the incoming request parsed `HTTPRequest`
//! it will build an HTTPResponse corresponding to the HTTP message specs. see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
//! NOTE: only few parts of the specification has been implemented
use crate::http::request::HTTPVersion;
use json;
#[derive(Debug, PartialEq, Clone)]
pub enum HTTPStatusCode {
Http200,
Http400,
Http403,
Http404,
Http500,
}
impl Into<String> for HTTPStatusCode {
fn into(self) -> String {
match self {
Self::Http200 => "200".to_string(),
Self::Http400 => "400".to_string(),
Self::Http404 => "404".to_string(),
Self::Http403 => "403".to_string(),
Self::Http500 => "500".to_string(),
}
}
}
pub struct HTTPStatusLine {
version: HTTPVersion,
status_code: HTTPStatusCode,
}
impl Default for HTTPStatusLine {
fn default() -> HTTPStatusLine {
HTTPStatusLine {
version: HTTPVersion::Http1_1,
status_code: HTTPStatusCode::Http400,
}
}
}
impl Into<String> for HTTPStatusLine {
fn into(self) -> String {
let version: String = self.version.into();
let status_code: String = self.status_code.into();
format! {"{} {}", version, status_code}
}
}
impl HTTPStatusLine {
pub fn set_status_code(&mut self, code: HTTPStatusCode) {
self.status_code = code;
}
#[allow(dead_code)]
pub fn get_status_code(&self) -> HTTPStatusCode {
self.status_code.clone()
}
}
/// represents an HTTP response (headers are not parsed)
/// NOTE: for simplicity, only JSON body are accepted
pub struct HTTPResponse {
pub status_line: HTTPStatusLine,
body: json::JsonValue,
}
impl Default for HTTPResponse {
fn default() -> Self {
HTTPResponse {
status_line: HTTPStatusLine::default(),
body: json::parse(r#"{"error": "the incoming request is not valid"}"#).unwrap(),
}
}
}
impl Into<String> for HTTPResponse {
fn into(self) -> String {
// move `self.body` into a new var
let b = self.body;
let body: String = json::stringify(b);
let status_line: String = self.status_line.into();
format!(
"{}\r\nContent-Type: application/json\r\nContent-Length: {}\r\n\r\n{}",
status_line,
body.len(),
body
)
}
}
impl HTTPResponse {
pub fn as_500() -> Self {
let mut response = Self::default();
response
.status_line
.set_status_code(HTTPStatusCode::Http500);
response.body = json::parse(r#"{"error": "unexpected error occurred"}"#).unwrap();
response
}
pub fn as_404() -> Self {
let mut response = Self::default();
response
.status_line
.set_status_code(HTTPStatusCode::Http404);
response.body = json::parse(r#"{"error": "the url requested does not exist"}"#).unwrap();
response
}
pub fn as_403() -> Self {
let mut response = HTTPResponse {
status_line: HTTPStatusLine::default(),
body: json::parse(r#"{"error": "invalid credentials"}"#).unwrap(),
};
response
.status_line
.set_status_code(HTTPStatusCode::Http403);
response
}
/// wrap the `Self::default()` associated func (not really clear)
pub fn as_400() -> Self {
Self::default()
}
// TODO: need to be adjust to accept `json::JsonValue`
pub fn as_200(token: String) -> Self {
let mut response = Self::default();
response
.status_line
.set_status_code(HTTPStatusCode::Http200);
response.body = json::parse(format!(r#"{{"token": "{}"}}"#, token).as_str()).unwrap();
response
}
}

251
src/http/router.rs Normal file
View File

@ -0,0 +1,251 @@
//! router aims to handle correctly the request corresponding to the target
//! it implements all the logic to build an `HTTPResponse`
use super::{HTTPRequest, HTTPResponse};
use crate::stores::FileStore;
use crate::stores::Store;
use configparser::ini::Ini;
use jwt_simple::prelude::*;
use lazy_static::lazy_static;
use std::collections::HashMap;
use std::future::Future;
use std::pin::Pin;
use std::str::FromStr;
type FuturePinned<HTTPResponse> = Pin<Box<dyn Future<Output = HTTPResponse>>>;
type Handler = fn(HTTPRequest, Config) -> FuturePinned<HTTPResponse>;
#[derive(Clone)]
pub struct Config {
jwt_exp_time: u64,
jwt_issuer: String,
jwt_priv_key: String,
jwt_pub_key: String,
filestore_path: String,
}
impl Default for Config {
fn default() -> Self {
Config {
jwt_exp_time: 0,
jwt_issuer: "".to_string(),
jwt_priv_key: "".to_string(),
jwt_pub_key: "".to_string(),
filestore_path: "".to_string(),
}
}
}
impl TryFrom<Ini> for Config {
type Error = String;
fn try_from(config: Ini) -> Result<Self, Self::Error> {
let exp_time = config
.get("jwt", "expiration_time")
.unwrap_or("".to_string());
let jwt_exp_time = {
match u64::from_str(&exp_time) {
Ok(v) => v,
Err(e) => {
eprintln!("unable to convert JWT expiration time into u64 err={}", e);
0
}
}
};
let config = Config {
jwt_exp_time,
jwt_issuer: config.get("jwt", "issuer").unwrap_or("".to_string()),
jwt_pub_key: config.get("jwt", "public_key").unwrap_or("".to_string()),
jwt_priv_key: config.get("jwt", "private_key").unwrap_or("".to_string()),
filestore_path: config.get("store", "path").unwrap_or("".to_string()),
};
if !config.validate() {
return Err("ini file configuration validation failed".to_string());
}
Ok(config)
}
}
impl Config {
/// validates config ini file
fn validate(&self) -> bool {
if self.jwt_exp_time <= 0 {
eprintln!("invalid config parameter: JWT expiration time is negative or equals to 0");
return false;
}
if self.jwt_issuer == "" {
eprintln!("invalid config parameter: JWT issuer is empty");
return false;
}
// TODO: check if the file exists and rights are ok
if self.jwt_pub_key == "" {
eprintln!("invalid config parameter: JWT public key file path is empty");
return false;
}
// TODO: check if the file exists and rights are ok
if self.jwt_priv_key == "" {
eprintln!("invalid config parameter: JWT private key file path is empty");
return false;
}
if self.filestore_path == "" {
eprintln!("invalid config parameter: filestore path is empty");
return false;
}
true
}
}
fn handle_get(request: HTTPRequest, config: Config) -> FuturePinned<HTTPResponse> {
Box::pin(async move {
let mut store = FileStore::new(config.filestore_path);
match &request.body {
Some(ref b) => {
let is_auth = store.is_auth(&b.get_data()).await;
if !is_auth {
return HTTPResponse::as_403();
}
let priv_key_content = {
match std::fs::read_to_string(config.jwt_priv_key) {
Ok(c) => c,
Err(e) => {
eprintln!("error while reading JWT priv key content err={}", e);
"".to_string()
}
}
};
let jwt_key = {
match RS384KeyPair::from_pem(priv_key_content.as_str()) {
Ok(k) => k,
// TODO: set error in the message body
Err(e) => {
eprintln!("error occurred while getting private key err={}", e);
return HTTPResponse::as_500();
}
}
};
let mut claims = Claims::create(Duration::from_hours(config.jwt_exp_time));
claims.issuer = Some(config.jwt_issuer);
match jwt_key.sign(claims) {
Ok(token) => HTTPResponse::as_200(token),
// TODO: set the error in the message body
Err(e) => {
eprintln!("error occurred while signing the token err={}", e);
return HTTPResponse::as_500();
}
}
}
None => HTTPResponse::as_400(),
}
})
}
/// validates the token by checking:
/// * expiration time
fn handle_validate(request: HTTPRequest, _config: Config) -> FuturePinned<HTTPResponse> {
Box::pin(async move {
match &request.body {
Some(ref _b) => {
// TODO: impl the JWT validation
HTTPResponse::as_200("header.payload.signature".to_string())
}
None => HTTPResponse::as_400(),
}
})
}
lazy_static! {
/// defines the map between the URL and its associated callback
/// each authorized targets must implement a function returning `FuturePinned<HTTPResponse>`
// TODO: a macro should be implemented to mask the implementation details
static ref HTTP_METHODS: HashMap<&'static str, Handler> =
HashMap::from(
[
("/get/", handle_get as Handler),
("/validate/", handle_validate as Handler)
]
);
}
pub struct Router;
impl Router {
pub async fn route(&self, request_str: &str, config: Config) -> HTTPResponse {
let request = HTTPRequest::from(request_str);
let target = request.start_line.get_target();
match HTTP_METHODS.get(target.as_str()) {
Some(f) => f(request, config).await,
None => HTTPResponse::as_404(),
}
}
}
// this MUST be used like a Singleton
pub const ROUTER: Router = Router {};
#[tokio::test]
async fn test_route() {
use super::HTTPStatusCode;
let router: &Router = &ROUTER;
let config: Config = Config::default();
let request_str = "POST /get/ HTTP/1.1\r\n\r\n";
let response: HTTPResponse = router.route(request_str, config).await;
assert_eq!(
HTTPStatusCode::Http400,
response.status_line.get_status_code()
);
}
#[test]
fn test_config() {
use std::env;
let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
// TODO: path::Path should be better
let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "config.ini");
let mut config = Ini::new();
let _r = config.load(config_path);
let router_config = Config::try_from(config);
assert!(router_config.is_ok());
}
#[test]
fn test_bad_config() {
use std::env;
let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
// TODO: path::Path should be better
let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "bad_config.ini");
let mut config = Ini::new();
let _r = config.load(config_path);
let router_config = Config::try_from(config);
assert!(router_config.is_err());
}
#[test]
fn test_bad_config_path() {
use std::env;
let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
// TODO: path::Path should be better
let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "con.ini");
let mut config = Ini::new();
let result = config.load(config_path);
assert!(result.is_err());
}

93
src/main.rs
View File

@ -1,45 +1,70 @@
mod handlers;
mod http;
mod stores;
use std::io::prelude::*;
use std::net::TcpListener;
use std::net::TcpStream;
use clap::Parser;
use configparser::ini::Ini;
use tokio::{
io::{AsyncReadExt, AsyncWriteExt},
net::{TcpListener, TcpStream},
};
use handlers::handle_request;
use http::{Config, ROUTER};
// TODO: must be set in a conf file
const SERVER_URL: &str = "127.0.0.1:9000";
#[derive(Parser)]
#[clap(author, version, about, long_about = None)]
struct Cli {
/// config filepath (.ini)
config: String,
}
// switch to an asynchronous main function
#[async_std::main]
#[tokio::main]
async fn main() {
let listener = TcpListener::bind(SERVER_URL).unwrap();
println!("server is listening at {}", SERVER_URL);
for stream in listener.incoming() {
let stream = stream.unwrap();
handle_connection(stream).await;
let args = Cli::parse();
let mut config = Ini::new();
match config.load(args.config) {
Ok(c) => c,
Err(e) => {
eprintln!("error while loading the config file, err={}", e);
std::process::exit(1);
}
};
let server_url = config.get("server", "url").unwrap_or("".to_string());
let listener = {
match TcpListener::bind(&server_url).await {
Ok(t) => {
println!("server is listening on '{}'", server_url);
t
}
Err(e) => {
eprintln!("error occurred while initializing tcp listener err={}", e);
std::process::exit(1);
}
}
};
let router_config: Config = if let Ok(c) = Config::try_from(config) {
c
} else {
std::process::exit(1);
};
loop {
let (stream, _) = listener.accept().await.unwrap();
handle_connection(stream, router_config.clone()).await;
}
}
async fn handle_connection(mut stream: TcpStream) {
let mut buffer = [0; 1024];
stream.read(&mut buffer).unwrap();
/// parses the incoming request (partial spec implementation) and build an HTTP response
async fn handle_connection(mut stream: TcpStream, config: Config) {
let mut buffer: [u8; 1024] = [0; 1024];
let n = stream.read(&mut buffer).await.unwrap();
// transform buffer bytes array into `String`
let buffer_string = String::from_utf8_lossy(&buffer);
let request = handle_request(&buffer_string);
let request_string = std::str::from_utf8(&buffer[0..n]).unwrap();
let response = ROUTER.route(request_string, config).await;
let response_str: String = response.into();
// TODO: `Response` struct must be implemented
let status_line = if request.start_line.target == "/".to_string() {
"HTTP/1.1 200 OK\r\n"
} else {
"HTTP/1.1 404 NOT FOUND\r\n"
};
let content_type = "Content-Type: application/json\r\n\r\n";
let json = r#"{"access_token":"AAAAAAAAAAAA.BBBBBBBBBB.CCCCCCCCCC","refresh_token": "DDDDDDDDDDD.EEEEEEEEEEE.FFFFF"}"#;
let response = format!("{status_line}{content_type}{json}\n");
println!("return status code : {}", status_line);
stream.write(response.as_bytes()).unwrap();
stream.flush().unwrap();
stream.write(response_str.as_bytes()).await.unwrap();
stream.flush().await.unwrap();
}

99
src/stores/file.rs Normal file
View File

@ -0,0 +1,99 @@
use async_trait::async_trait;
use json;
use std::path::Path;
use super::store::{Credentials, Store};
/// references a credentials store file
pub struct FileStore {
path: String,
credentials: Vec<Credentials>,
}
impl FileStore {
pub fn new(path: String) -> Self {
FileStore {
path,
credentials: vec![],
}
}
/// loads and reads the file asynchonously
/// parses the file line by line to retrieve the credentials
async fn parse_contents(&mut self) {
let contents = tokio::fs::read_to_string(&self.path).await;
let mut credentials: Vec<Credentials> = vec![];
match contents {
Ok(c) => {
let lines: Vec<&str> = c.split("\n").collect();
for line in lines {
if line.starts_with("#") {
continue;
}
let line_split: Vec<&str> = line.split(":").collect();
if line_split.len() != 2 {
continue;
}
credentials.push(Credentials::new(
line_split[0].to_string(),
line_split[1].to_string(),
));
}
}
Err(e) => {
eprintln!(
"error occurred while reading store file: {}, err={:?}",
self.path, e
);
}
}
self.credentials = credentials;
}
/// checks if the credentials exist in the `FileStore`
fn auth(&self, username: String, password: String) -> bool {
let credentials: Vec<&Credentials> = self
.credentials
.iter()
.filter(|x| x.username == username && x.password == password)
.collect();
if credentials.len() == 1 {
return true;
}
false
}
}
#[async_trait]
impl Store for FileStore {
async fn is_auth(&mut self, data: &json::JsonValue) -> bool {
// ensure that the store file already exists even after its instanciation
if !Path::new(&self.path).is_file() {
eprintln!("{} path referencing file store does not exist", self.path);
return false;
}
let credentials = Credentials::from(data);
if credentials.is_empty() {
eprintln!("unable to parse the credentials correctly from the incoming request");
return false;
}
self.parse_contents().await;
self.auth(credentials.username, credentials.password)
}
}
#[tokio::test]
async fn test_store() {
use std::env;
let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
// TODO: path::Path should be better
let store_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "store.txt");
let mut store = FileStore::new(store_path);
let data = json::parse(r#"{"username": "toto", "password": "tata"}"#).unwrap();
assert_eq!(store.is_auth(&data).await, true);
}

11
src/stores/mod.rs Normal file
View File

@ -0,0 +1,11 @@
//! store module lists interfaces available to check request credentials
//! each store must implement the trait `is_auth`
//! two stores are available :
//! * `FileStore`: credentials stored in a text file (like **/etc/passwd**)
//! * `DBStore`: credentials stored in a database (TODO)
mod file;
mod store;
pub use file::FileStore;
pub use store::Store;

72
src/stores/store.rs Normal file
View File

@ -0,0 +1,72 @@
use async_trait::async_trait;
use json;
use json::object::Object;
#[async_trait]
pub trait Store {
async fn is_auth(&mut self, data: &json::JsonValue) -> bool;
}
/// extracts `String` json value from a key
fn extract_json_value(data: &Object, key: &str) -> String {
if let Some(u) = data.get(key) {
match u.as_str() {
Some(s) => return s.to_string(),
None => return "".to_string(),
}
};
"".to_string()
}
#[derive(Default, Debug)]
pub struct Credentials {
pub username: String,
pub password: String,
}
impl Credentials {
pub fn new(username: String, password: String) -> Self {
Credentials { username, password }
}
pub fn is_empty(&self) -> bool {
self.username == "" || self.password == ""
}
}
impl From<&json::JsonValue> for Credentials {
fn from(data: &json::JsonValue) -> Self {
let mut credentials = Credentials::default();
match data {
json::JsonValue::Object(ref d) => {
credentials.username = extract_json_value(&d, "username");
credentials.password = extract_json_value(&d, "password");
}
_ => return credentials,
}
credentials
}
}
#[test]
fn test_credentials() {
struct Expect {
data: json::JsonValue,
is_empty: bool,
}
let test_cases: [Expect; 2] = [
Expect {
data: json::parse(r#"{"access_token":"AAAAAAAAAAAA.BBBBBBBBBB.CCCCCCCCCC","refresh_token": "DDDDDDDDDDD.EEEEEEEEEEE.FFFFF"}"#).unwrap(),
is_empty: true
},
Expect {
data: json::parse(r#"{"username":"toto","password": "tata"}"#).unwrap(),
is_empty: false
}
];
for t in test_cases {
let credentials = Credentials::from(&t.data);
assert_eq!(t.is_empty, credentials.is_empty())
}
}

36
tests/bash/curling.bash Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
#######################################
#
# A simple curl test on a deployed app
#
#######################################
URL="https://dev.thegux.fr"
for i in {0..10}
do
http_response=$(curl -s -o response.txt -w "%{http_code}" ${URL}/get/ -d '{"username":"toto", "password":"tutu"}')
if [ $http_response != "403" ]
then
echo "bad http status code : ${http_response}, expect 200"
exit 1
fi
if [ "$(cat response.txt | jq -r '.error')" != "invalid credentials" ]
then
echo "bad data returned, expect : invalid credentials"
exit 1
fi
done
for i in {0..10}
do
http_response=$(curl -s -o response.txt -w "%{http_code}" ${URL}/ge/ -d '{"username":"toto", "password":"tutu"}')
if [ $http_response != "404" ]
then
echo "bad http status code : ${http_response}, expect 400"
exit 1
fi
done

4
tests/data/store.txt Normal file
View File

@ -0,0 +1,4 @@
# this a test password storage with password in clear
# need to be updated in the future to encrypt or hash the password
# <username>:<password>
toto:tata

17
tests/python/requirements.txt Normal file
View File

@ -0,0 +1,17 @@
attrs==22.1.0
black==22.8.0
certifi==2022.9.14
charset-normalizer==2.1.1
click==8.1.3
idna==3.4
iniconfig==1.1.1
mypy-extensions==0.4.3
packaging==21.3
pathspec==0.10.1
platformdirs==2.5.2
pluggy==1.0.0
py==1.11.0
pyparsing==3.0.9
requests==2.28.1
tomli==2.0.1
urllib3==1.26.12

83
tests/python/test_requests.py Normal file
View File

@ -0,0 +1,83 @@
import jwt
import requests
from datetime import datetime
from unittest import TestCase
URL = "https://dev.thegux.fr"
class TestResponse(TestCase):
def test_get_target(self):
resp = requests.post(
URL + "/get/", json={"username": "toto", "password": "tata"}
)
self.assertEqual(resp.status_code, 200, "bad status code returned")
self.assertIsNotNone(resp.json(), "response data can't be empty")
token = resp.json()["token"]
jwt_decoded = jwt.decode(token, options={"verify_signature": False})
self.assertEqual("thegux.fr", jwt_decoded["iss"])
jwt_exp = datetime.fromtimestamp(jwt_decoded["exp"])
jwt_iat = datetime.fromtimestamp(jwt_decoded["iat"])
date_exp = datetime.strptime(str(jwt_exp - jwt_iat), "%H:%M:%S")
self.assertEqual(2, date_exp.hour)
def test_validate_target(self):
resp = requests.post(
URL + "/validate/", json={"username": "toto", "password": "tata"}
)
self.assertEqual(resp.status_code, 200, "bad status code returned")
self.assertIsNotNone(resp.json(), "response data can't be empty")
self.assertEqual(
resp.json()["token"], "header.payload.signature", "bad status returned"
)
# TODO: must be updated after implmenting `/refresh/` url handler
def test_refresh_target(self):
resp = requests.post(
URL + "/refresh/", json={"username": "toto", "password": "tata"}
)
self.assertEqual(resp.status_code, 404, "bad status code returned")
self.assertIsNotNone(resp.json(), "response data can't be empty")
self.assertEqual(
resp.json()["error"],
"the url requested does not exist",
"bad status returned",
)
def test_no_credentials(self):
resp = requests.post(URL + "/get/")
self.assertEqual(resp.status_code, 400, "bad status code returned")
self.assertIsNotNone(resp.json(), "response data must not be empty")
self.assertEqual(
resp.json()["error"],
"the incoming request is not valid",
"invalid error message returned",
)
def test_bad_credentials(self):
resp = requests.post(
URL + "/get/", json={"username": "tutu", "password": "titi"}
)
self.assertEqual(resp.status_code, 403, "bas status code returned")
self.assertIsNotNone(resp.json(), "response data must not be empty")
self.assertEqual(
resp.json()["error"],
"invalid credentials",
"invalid error message returned",
)
def test_bad_target(self):
resp = requests.post(
URL + "/token/", json={"username": "toto", "password": "tata"}
)
self.assertEqual(resp.status_code, 404, "bad status code returned")
self.assertIsNotNone(resp.json(), "response data must not be empty")
self.assertEqual(
resp.json()["error"],
"the url requested does not exist",
"invalid error message returned",
)