Added "--auth.user" option to auth commands

ewoutp · ewoutp · commit 59ea08757a62 · 2018-06-29T10:20:51.000+02:00
diff --git a/auth.go b/auth.go
@@ -50,6 +50,7 @@ var (
 	}
 	authOptions struct {
 		jwtSecretFile string
+		user          string
 	}
 )
 
@@ -60,6 +61,7 @@ func init() {
 
 	pf := cmdAuth.PersistentFlags()
 	pf.StringVar(&authOptions.jwtSecretFile, "auth.jwt-secret", "", "name of a plain text file containing a JWT secret used for server authentication")
+	pf.StringVar(&authOptions.user, "auth.user", "", "name of a user to authenticate as. If empty, 'super-user' authentication is used")
 }
 
 // mustAuthCreateJWTToken creates a the JWT token based on authentication options.
@@ -75,7 +77,7 @@ func mustAuthCreateJWTToken() string {
 		log.Fatal().Err(err).Msgf("Failed to read JWT secret file '%s'", authOptions.jwtSecretFile)
 	}
 	jwtSecret := strings.TrimSpace(string(content))
-	token, err := service.CreateJwtToken(jwtSecret)
+	token, err := service.CreateJwtToken(jwtSecret, authOptions.user)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to create JWT token")
 	}
diff --git a/service/authentication.go b/service/authentication.go
@@ -35,16 +35,20 @@ const (
 
 // CreateJwtToken calculates a JWT authorization token based on the given secret.
 // If the secret is empty, an empty token is returned.
-func CreateJwtToken(jwtSecret string) (string, error) {
+func CreateJwtToken(jwtSecret, user string) (string, error) {
 	if jwtSecret == "" {
 		return "", nil
 	}
 	// Create a new token object, specifying signing method and the claims
 	// you would like it to contain.
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+	claims := jwt.MapClaims{
 		"iss":       "arangodb",
 		"server_id": "foo",
-	})
+	}
+	if user != "" {
+		claims["preferred_username"] = user
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 	// Sign and get the complete encoded token as a string using the secret
 	signedToken, err := token.SignedString([]byte(jwtSecret))
@@ -62,7 +66,7 @@ func addJwtHeader(req *http.Request, jwtSecret string) error {
 	if jwtSecret == "" {
 		return nil
 	}
-	signedToken, err := CreateJwtToken(jwtSecret)
+	signedToken, err := CreateJwtToken(jwtSecret, "")
 	if err != nil {
 		return maskAny(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,7 @@ var (`
`50`	`50`	`}`
`51`	`51`	`authOptions struct {`
`52`	`52`	`jwtSecretFile string`
	`53`	`+ user string`
`53`	`54`	`}`
`54`	`55`	`)`
`55`	`56`
`@@ -60,6 +61,7 @@ func init() {`
`60`	`61`
`61`	`62`	`pf := cmdAuth.PersistentFlags()`
`62`	`63`	`pf.StringVar(&authOptions.jwtSecretFile, "auth.jwt-secret", "", "name of a plain text file containing a JWT secret used for server authentication")`
	`64`	`+ pf.StringVar(&authOptions.user, "auth.user", "", "name of a user to authenticate as. If empty, 'super-user' authentication is used")`
`63`	`65`	`}`
`64`	`66`
`65`	`67`	`// mustAuthCreateJWTToken creates a the JWT token based on authentication options.`
`@@ -75,7 +77,7 @@ func mustAuthCreateJWTToken() string {`
`75`	`77`	`log.Fatal().Err(err).Msgf("Failed to read JWT secret file '%s'", authOptions.jwtSecretFile)`
`76`	`78`	`}`
`77`	`79`	`jwtSecret := strings.TrimSpace(string(content))`
`78`		`- token, err := service.CreateJwtToken(jwtSecret)`
	`80`	`+ token, err := service.CreateJwtToken(jwtSecret, authOptions.user)`
`79`	`81`	`if err != nil {`
`80`	`82`	`log.Fatal().Err(err).Msg("Failed to create JWT token")`
`81`	`83`	`}`