mirror of
https://github.com/yunionio/cloudpods.git
synced 2026-06-23 18:56:06 +08:00
78 lines
2.5 KiB
Go
78 lines
2.5 KiB
Go
// Copyright 2019 Yunion
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package sql
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
api "yunion.io/x/onecloud/pkg/apis/identity"
|
|
"yunion.io/x/onecloud/pkg/httperrors"
|
|
"yunion.io/x/onecloud/pkg/keystone/driver"
|
|
"yunion.io/x/onecloud/pkg/keystone/models"
|
|
o "yunion.io/x/onecloud/pkg/keystone/options"
|
|
"yunion.io/x/onecloud/pkg/mcclient"
|
|
)
|
|
|
|
type SSQLDriver struct {
|
|
driver.SBaseIdentityDriver
|
|
}
|
|
|
|
func NewSQLDriver(idpId, idpName, template, targetDomainId string, autoCreateProject bool, conf api.TConfigs) (driver.IIdentityBackend, error) {
|
|
base, err := driver.NewBaseIdentityDriver(idpId, idpName, template, targetDomainId, autoCreateProject, conf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
drv := SSQLDriver{base}
|
|
drv.SetVirtualObject(&drv)
|
|
return &drv, nil
|
|
}
|
|
|
|
func (sql *SSQLDriver) Authenticate(ctx context.Context, ident mcclient.SAuthenticationIdentity) (*api.SUserExtended, error) {
|
|
usrExt, err := models.UserManager.FetchUserExtended(
|
|
ident.Password.User.Id,
|
|
ident.Password.User.Name,
|
|
ident.Password.User.Domain.Id,
|
|
ident.Password.User.Domain.Name,
|
|
)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "UserManager.FetchUserExtended")
|
|
}
|
|
localUser, err := models.LocalUserManager.FetchLocalUserById(usrExt.LocalId)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "LocalUserManager.FetchLocalUser")
|
|
}
|
|
err = models.VerifyPassword(usrExt, ident.Password.User.Password)
|
|
if err != nil {
|
|
localUser.SaveFailedAuth()
|
|
if o.Options.PasswordErrorLockCount > 0 && localUser.FailedAuthCount > o.Options.PasswordErrorLockCount {
|
|
models.UserManager.LockUser(usrExt.Id, "too many failed auth attempts")
|
|
return nil, errors.Wrap(httperrors.ErrTooManyAttempts, "user locked")
|
|
}
|
|
return nil, errors.Wrap(err, "usrExt.VerifyPassword")
|
|
}
|
|
localUser.ClearFailedAuth()
|
|
return usrExt, nil
|
|
}
|
|
|
|
func (sql *SSQLDriver) Sync(ctx context.Context) error {
|
|
return nil
|
|
}
|
|
|
|
func (sql *SSQLDriver) Probe(ctx context.Context) error {
|
|
return nil
|
|
}
|