diff options
author | Imre Farkas <ifarkas@gitlab.com> | 2020-12-01 14:46:27 +0100 |
---|---|---|
committer | Imre Farkas <ifarkas@gitlab.com> | 2020-12-10 15:23:44 +0100 |
commit | 1293a33014c9cfc82b0bc1b9525987476b2aa857 (patch) | |
tree | c4d4057fcdc5753086493c71b10f9ea5ee7b84d5 /internal/command | |
parent | 384f3036e3d9c501e29a7ce24ece1e887a14d53a (diff) | |
download | gitlab-shell-1293a33014c9cfc82b0bc1b9525987476b2aa857.tar.gz |
Add 2fa_verify command
Diffstat (limited to 'internal/command')
-rw-r--r-- | internal/command/command.go | 3 | ||||
-rw-r--r-- | internal/command/command_test.go | 9 | ||||
-rw-r--r-- | internal/command/commandargs/shell.go | 1 | ||||
-rw-r--r-- | internal/command/twofactorverify/twofactorverify.go | 55 | ||||
-rw-r--r-- | internal/command/twofactorverify/twofactorverify_test.go | 122 |
5 files changed, 190 insertions, 0 deletions
diff --git a/internal/command/command.go b/internal/command/command.go index a2c5912..5062d15 100644 --- a/internal/command/command.go +++ b/internal/command/command.go @@ -15,6 +15,7 @@ import ( "gitlab.com/gitlab-org/gitlab-shell/internal/command/receivepack" "gitlab.com/gitlab-org/gitlab-shell/internal/command/shared/disallowedcommand" "gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorrecover" + "gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorverify" "gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadarchive" "gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadpack" "gitlab.com/gitlab-org/gitlab-shell/internal/config" @@ -87,6 +88,8 @@ func buildShellCommand(args *commandargs.Shell, config *config.Config, readWrite return &discover.Command{Config: config, Args: args, ReadWriter: readWriter} case commandargs.TwoFactorRecover: return &twofactorrecover.Command{Config: config, Args: args, ReadWriter: readWriter} + case commandargs.TwoFactorVerify: + return &twofactorverify.Command{Config: config, Args: args, ReadWriter: readWriter} case commandargs.LfsAuthenticate: return &lfsauthenticate.Command{Config: config, Args: args, ReadWriter: readWriter} case commandargs.ReceivePack: diff --git a/internal/command/command_test.go b/internal/command/command_test.go index c2a7483..d134e61 100644 --- a/internal/command/command_test.go +++ b/internal/command/command_test.go @@ -16,6 +16,7 @@ import ( "gitlab.com/gitlab-org/gitlab-shell/internal/command/receivepack" "gitlab.com/gitlab-org/gitlab-shell/internal/command/shared/disallowedcommand" "gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorrecover" + "gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorverify" "gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadarchive" "gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadpack" "gitlab.com/gitlab-org/gitlab-shell/internal/config" @@ -76,6 +77,14 @@ func TestNew(t *testing.T) { expectedSslCertDir: "", }, { + desc: "it returns a TwoFactorVerify command", + executable: gitlabShellExec, + environment: buildEnv("2fa_verify"), + config: basicConfig, + expectedType: &twofactorverify.Command{}, + expectedSslCertDir: "", + }, + { desc: "it returns an LfsAuthenticate command", executable: gitlabShellExec, environment: buildEnv("git-lfs-authenticate"), diff --git a/internal/command/commandargs/shell.go b/internal/command/commandargs/shell.go index 4632cff..1535ccb 100644 --- a/internal/command/commandargs/shell.go +++ b/internal/command/commandargs/shell.go @@ -11,6 +11,7 @@ import ( const ( Discover CommandType = "discover" TwoFactorRecover CommandType = "2fa_recovery_codes" + TwoFactorVerify CommandType = "2fa_verify" LfsAuthenticate CommandType = "git-lfs-authenticate" ReceivePack CommandType = "git-receive-pack" UploadPack CommandType = "git-upload-pack" diff --git a/internal/command/twofactorverify/twofactorverify.go b/internal/command/twofactorverify/twofactorverify.go new file mode 100644 index 0000000..afd8e47 --- /dev/null +++ b/internal/command/twofactorverify/twofactorverify.go @@ -0,0 +1,55 @@ +package twofactorverify + +import ( + "context" + "fmt" + "io" + + "gitlab.com/gitlab-org/gitlab-shell/internal/command/commandargs" + "gitlab.com/gitlab-org/gitlab-shell/internal/command/readwriter" + "gitlab.com/gitlab-org/gitlab-shell/internal/config" + "gitlab.com/gitlab-org/gitlab-shell/internal/gitlabnet/twofactorverify" +) + +type Command struct { + Config *config.Config + Args *commandargs.Shell + ReadWriter *readwriter.ReadWriter +} + +func (c *Command) Execute(ctx context.Context) error { + err := c.verifyOTP(ctx, c.getOTP()) + if err != nil { + return err + } + + return nil +} + +func (c *Command) getOTP() string { + prompt := "OTP: " + fmt.Fprint(c.ReadWriter.Out, prompt) + + var answer string + otpLength := int64(64) + reader := io.LimitReader(c.ReadWriter.In, otpLength) + fmt.Fscanln(reader, &answer) + + return answer +} + +func (c *Command) verifyOTP(ctx context.Context, otp string) error { + client, err := twofactorverify.NewClient(c.Config) + if err != nil { + return err + } + + err = client.VerifyOTP(ctx, c.Args, otp) + if err == nil { + fmt.Fprint(c.ReadWriter.Out, "\nOTP validation successful. Git operations are allowed for the next 15 minutes.\n") + } else { + fmt.Fprintf(c.ReadWriter.Out, "\nOTP validation failed.\n%v\n", err) + } + + return nil +} diff --git a/internal/command/twofactorverify/twofactorverify_test.go b/internal/command/twofactorverify/twofactorverify_test.go new file mode 100644 index 0000000..08eb380 --- /dev/null +++ b/internal/command/twofactorverify/twofactorverify_test.go @@ -0,0 +1,122 @@ +package twofactorverify + +import ( + "bytes" + "context" + "encoding/json" + "io/ioutil" + "net/http" + "testing" + + "github.com/stretchr/testify/require" + + "gitlab.com/gitlab-org/gitlab-shell/client/testserver" + "gitlab.com/gitlab-org/gitlab-shell/internal/command/commandargs" + "gitlab.com/gitlab-org/gitlab-shell/internal/command/readwriter" + "gitlab.com/gitlab-org/gitlab-shell/internal/config" + "gitlab.com/gitlab-org/gitlab-shell/internal/gitlabnet/twofactorverify" +) + +func setup(t *testing.T) []testserver.TestRequestHandler { + requests := []testserver.TestRequestHandler{ + { + Path: "/api/v4/internal/two_factor_otp_check", + Handler: func(w http.ResponseWriter, r *http.Request) { + b, err := ioutil.ReadAll(r.Body) + defer r.Body.Close() + + require.NoError(t, err) + + var requestBody *twofactorverify.RequestBody + require.NoError(t, json.Unmarshal(b, &requestBody)) + + switch requestBody.KeyId { + case "1": + body := map[string]interface{}{ + "success": true, + } + json.NewEncoder(w).Encode(body) + case "error": + body := map[string]interface{}{ + "success": false, + "message": "error message", + } + require.NoError(t, json.NewEncoder(w).Encode(body)) + case "broken": + w.WriteHeader(http.StatusInternalServerError) + } + }, + }, + } + + return requests +} + +const ( + question = "OTP: \n" + errorHeader = "OTP validation failed.\n" +) + +func TestExecute(t *testing.T) { + requests := setup(t) + + url, cleanup := testserver.StartSocketHttpServer(t, requests) + defer cleanup() + + testCases := []struct { + desc string + arguments *commandargs.Shell + answer string + expectedOutput string + }{ + { + desc: "With a known key id", + arguments: &commandargs.Shell{GitlabKeyId: "1"}, + answer: "123456\n", + expectedOutput: question + + "OTP validation successful. Git operations are allowed for the next 15 minutes.\n", + }, + { + desc: "With bad response", + arguments: &commandargs.Shell{GitlabKeyId: "-1"}, + answer: "123456\n", + expectedOutput: question + errorHeader + "Parsing failed\n", + }, + { + desc: "With API returns an error", + arguments: &commandargs.Shell{GitlabKeyId: "error"}, + answer: "yes\n", + expectedOutput: question + errorHeader + "error message\n", + }, + { + desc: "With API fails", + arguments: &commandargs.Shell{GitlabKeyId: "broken"}, + answer: "yes\n", + expectedOutput: question + errorHeader + "Internal API error (500)\n", + }, + { + desc: "With missing arguments", + arguments: &commandargs.Shell{}, + answer: "yes\n", + expectedOutput: question + errorHeader + "who='' is invalid\n", + }, + } + + for _, tc := range testCases { + t.Run(tc.desc, func(t *testing.T) { + output := &bytes.Buffer{} + input := bytes.NewBufferString(tc.answer) + + cmd := &Command{ + Config: &config.Config{GitlabUrl: url}, + Args: tc.arguments, + ReadWriter: &readwriter.ReadWriter{Out: output, In: input}, + } + + err := cmd.Execute(context.Background()) + + require.NoError(t, err) + require.Equal(t, tc.expectedOutput, output.String()) + }) + } +} |