added security key to password changing

2025-01-03 04:29:19 +01:00 · 2024-02-14 13:18:22 -06:00 · 2024-02-14 13:18:22 -06:00 · b6d42de92f
commit b6d42de92f
parent 5861cc7d7e
8 changed files with 44 additions and 11 deletions
--- a/controller/changePassword.go
+++ b/controller/changePassword.go
@ -18,7 +18,7 @@ func newChangePasswordHandler(cfg *config.Config) *changePasswordHandler {
 	}
 }

-func (handler *changePasswordHandler) Handle(params account.ChangePasswordParams) middleware.Responder {
+func (handler *changePasswordHandler) Handle(params account.ChangePasswordParams, principal *rest_model_zrok.Principal) middleware.Responder {
 	if params.Body == nil || params.Body.Email == "" || params.Body.OldPassword == "" || params.Body.NewPassword == "" {
 		logrus.Error("missing email, old, or new password")
 		return account.NewChangePasswordUnauthorized()
--- a/rest_client_zrok/account/account_client.go
+++ b/rest_client_zrok/account/account_client.go
@ -30,7 +30,7 @@ type ClientOption func(*runtime.ClientOperation)

 // ClientService is the interface for Client methods
 type ClientService interface {
-	ChangePassword(params *ChangePasswordParams, opts ...ClientOption) (*ChangePasswordOK, error)
+	ChangePassword(params *ChangePasswordParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ChangePasswordOK, error)

 	Invite(params *InviteParams, opts ...ClientOption) (*InviteCreated, error)

@ -50,7 +50,7 @@ type ClientService interface {
 /*
 ChangePassword change password API
 */
-func (a *Client) ChangePassword(params *ChangePasswordParams, opts ...ClientOption) (*ChangePasswordOK, error) {
+func (a *Client) ChangePassword(params *ChangePasswordParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ChangePasswordOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewChangePasswordParams()
@ -64,6 +64,7 @@ func (a *Client) ChangePassword(params *ChangePasswordParams, opts ...ClientOpti
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &ChangePasswordReader{formats: a.formats},
+		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@ -76,6 +76,11 @@ func init() {
    },
    "/changePassword": {
      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
        "tags": [
          "account"
        ],
@ -1750,6 +1755,11 @@ func init() {
    },
    "/changePassword": {
      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
        "tags": [
          "account"
        ],
--- a/rest_server_zrok/operations/account/change_password.go
+++ b/rest_server_zrok/operations/account/change_password.go
@ -9,19 +9,21 @@ import (
 	"net/http"

 	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/openziti/zrok/rest_model_zrok"
 )

 // ChangePasswordHandlerFunc turns a function with the right signature into a change password handler
-type ChangePasswordHandlerFunc func(ChangePasswordParams) middleware.Responder
+type ChangePasswordHandlerFunc func(ChangePasswordParams, *rest_model_zrok.Principal) middleware.Responder

 // Handle executing the request and returning a response
-func (fn ChangePasswordHandlerFunc) Handle(params ChangePasswordParams) middleware.Responder {
-	return fn(params)
+func (fn ChangePasswordHandlerFunc) Handle(params ChangePasswordParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
 }

 // ChangePasswordHandler interface for that can handle valid change password params
 type ChangePasswordHandler interface {
-	Handle(ChangePasswordParams) middleware.Responder
+	Handle(ChangePasswordParams, *rest_model_zrok.Principal) middleware.Responder
 }

 // NewChangePassword creates a new http.Handler for the change password operation
@ -45,12 +47,25 @@ func (o *ChangePassword) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 		*r = *rCtx
 	}
 	var Params = NewChangePasswordParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
 	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}

-	res := o.Handler.Handle(Params) // actually handle the request
+	res := o.Handler.Handle(Params, principal) // actually handle the request
 	o.Context.Respond(rw, r, route.Produces, route, res)

 }
--- a/rest_server_zrok/operations/zrok_api.go
+++ b/rest_server_zrok/operations/zrok_api.go
@ -52,7 +52,7 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		ShareAccessHandler: share.AccessHandlerFunc(func(params share.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation share.Access has not yet been implemented")
 		}),
-		AccountChangePasswordHandler: account.ChangePasswordHandlerFunc(func(params account.ChangePasswordParams) middleware.Responder {
+		AccountChangePasswordHandler: account.ChangePasswordHandlerFunc(func(params account.ChangePasswordParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation account.ChangePassword has not yet been implemented")
 		}),
 		MetadataConfigurationHandler: metadata.ConfigurationHandlerFunc(func(params metadata.ConfigurationParams) middleware.Responder {
--- a/sdk/python/sdk/zrok/zrok_api/api/account_api.py
+++ b/sdk/python/sdk/zrok/zrok_api/api/account_api.py
@ -107,7 +107,7 @@ class AccountApi(object):
            ['application/zrok.v1+json'])  # noqa: E501

        # Authentication setting
-        auth_settings = []  # noqa: E501
+        auth_settings = ['key']  # noqa: E501

        return self.api_client.call_api(
            '/changePassword', 'POST',
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@ -19,6 +19,8 @@ paths:
    post:
      tags:
        - account
+      security:
+        - key: []
      operationId: changePassword
      parameters:
        - name: body
--- a/ui/src/api/account.js
+++ b/ui/src/api/account.js
@ -110,7 +110,12 @@ export function verify(options) {
 const changePasswordOperation = {
  path: '/changePassword',
  contentTypes: ['application/zrok.v1+json'],
-  method: 'post'
+  method: 'post',
+  security: [
+    {
+      id: 'key'
+    }
+  ]
 }

 const inviteOperation = {