-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.go
More file actions
89 lines (81 loc) · 2.08 KB
/
auth.go
File metadata and controls
89 lines (81 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package xmpp
import (
"errors"
"fmt"
)
// Authenticator defines an interface for SASL authentication
type Authenticator interface {
Name() string
Data() string
Challenge(string) string
}
// Credentials holds authentication information
type Credentials struct {
Username string
Password string
}
type authFunc func(Credentials) Authenticator
func contains(list []string, item string) bool {
for _, i := range list {
if i == item {
return true
}
}
return false
}
// bestAuthenticator returns the a factory for the first supported authentication mechanism
func (c *Conn) bestAuthenticator() (authFunc, error) {
mechanisms, ok := c.Features().Child(&Mechanisms{}).(*Mechanisms)
if !ok {
return nil, errors.New("authentication failed: stream has no auth mechanisms")
}
if contains(mechanisms.Mechanisms, "SCRAM-SHA-1") {
return NewScramSHA1Authenticator, nil
}
if contains(mechanisms.Mechanisms, "PLAIN") {
return NewPlainAuthenticator, nil
}
return nil, errors.New("authentication failed: no supported mechanisms found")
}
// Authenticate authenticates to the server and restarts the stream
func (c *Conn) Authenticate(username, password string) error {
authFunc, err := c.bestAuthenticator()
if err != nil {
return errors.New("authentication failed: all mechanisms unsupported")
}
auth := authFunc(Credentials{
Username: username,
Password: password,
})
// Start authentication
err = c.Write(&Auth{
Mechanism: auth.Name(),
Data: auth.Data(),
})
if err != nil {
return err
}
for {
msg, err := c.Read()
if err != nil {
return err
}
switch typed := msg.(type) {
case *Challenge:
r := &Response{Data: auth.Challenge(typed.Data)}
err := c.Write(r)
if err != nil {
return err
}
case *Success:
//TODO: Verify success response
return c.RestartStream(nil)
case *Error:
return fmt.Errorf("authentication failed: stream error: %s", typed.Condition)
case *SASLFailure:
return errors.New("authentication failed: invalid credentials")
default:
return fmt.Errorf("authentication failed: unexpected response: %s", msg)
}
}
}