summaryrefslogtreecommitdiff
path: root/internal/command
diff options
context:
space:
mode:
authorImre Farkas <ifarkas@gitlab.com>2020-12-01 14:46:27 +0100
committerImre Farkas <ifarkas@gitlab.com>2020-12-10 15:23:44 +0100
commit1293a33014c9cfc82b0bc1b9525987476b2aa857 (patch)
treec4d4057fcdc5753086493c71b10f9ea5ee7b84d5 /internal/command
parent384f3036e3d9c501e29a7ce24ece1e887a14d53a (diff)
downloadgitlab-shell-1293a33014c9cfc82b0bc1b9525987476b2aa857.tar.gz
Add 2fa_verify command
Diffstat (limited to 'internal/command')
-rw-r--r--internal/command/command.go3
-rw-r--r--internal/command/command_test.go9
-rw-r--r--internal/command/commandargs/shell.go1
-rw-r--r--internal/command/twofactorverify/twofactorverify.go55
-rw-r--r--internal/command/twofactorverify/twofactorverify_test.go122
5 files changed, 190 insertions, 0 deletions
diff --git a/internal/command/command.go b/internal/command/command.go
index a2c5912..5062d15 100644
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -15,6 +15,7 @@ import (
"gitlab.com/gitlab-org/gitlab-shell/internal/command/receivepack"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/shared/disallowedcommand"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorrecover"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorverify"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadarchive"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadpack"
"gitlab.com/gitlab-org/gitlab-shell/internal/config"
@@ -87,6 +88,8 @@ func buildShellCommand(args *commandargs.Shell, config *config.Config, readWrite
return &discover.Command{Config: config, Args: args, ReadWriter: readWriter}
case commandargs.TwoFactorRecover:
return &twofactorrecover.Command{Config: config, Args: args, ReadWriter: readWriter}
+ case commandargs.TwoFactorVerify:
+ return &twofactorverify.Command{Config: config, Args: args, ReadWriter: readWriter}
case commandargs.LfsAuthenticate:
return &lfsauthenticate.Command{Config: config, Args: args, ReadWriter: readWriter}
case commandargs.ReceivePack:
diff --git a/internal/command/command_test.go b/internal/command/command_test.go
index c2a7483..d134e61 100644
--- a/internal/command/command_test.go
+++ b/internal/command/command_test.go
@@ -16,6 +16,7 @@ import (
"gitlab.com/gitlab-org/gitlab-shell/internal/command/receivepack"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/shared/disallowedcommand"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorrecover"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/command/twofactorverify"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadarchive"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/uploadpack"
"gitlab.com/gitlab-org/gitlab-shell/internal/config"
@@ -76,6 +77,14 @@ func TestNew(t *testing.T) {
expectedSslCertDir: "",
},
{
+ desc: "it returns a TwoFactorVerify command",
+ executable: gitlabShellExec,
+ environment: buildEnv("2fa_verify"),
+ config: basicConfig,
+ expectedType: &twofactorverify.Command{},
+ expectedSslCertDir: "",
+ },
+ {
desc: "it returns an LfsAuthenticate command",
executable: gitlabShellExec,
environment: buildEnv("git-lfs-authenticate"),
diff --git a/internal/command/commandargs/shell.go b/internal/command/commandargs/shell.go
index 4632cff..1535ccb 100644
--- a/internal/command/commandargs/shell.go
+++ b/internal/command/commandargs/shell.go
@@ -11,6 +11,7 @@ import (
const (
Discover CommandType = "discover"
TwoFactorRecover CommandType = "2fa_recovery_codes"
+ TwoFactorVerify CommandType = "2fa_verify"
LfsAuthenticate CommandType = "git-lfs-authenticate"
ReceivePack CommandType = "git-receive-pack"
UploadPack CommandType = "git-upload-pack"
diff --git a/internal/command/twofactorverify/twofactorverify.go b/internal/command/twofactorverify/twofactorverify.go
new file mode 100644
index 0000000..afd8e47
--- /dev/null
+++ b/internal/command/twofactorverify/twofactorverify.go
@@ -0,0 +1,55 @@
+package twofactorverify
+
+import (
+ "context"
+ "fmt"
+ "io"
+
+ "gitlab.com/gitlab-org/gitlab-shell/internal/command/commandargs"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/command/readwriter"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/config"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/gitlabnet/twofactorverify"
+)
+
+type Command struct {
+ Config *config.Config
+ Args *commandargs.Shell
+ ReadWriter *readwriter.ReadWriter
+}
+
+func (c *Command) Execute(ctx context.Context) error {
+ err := c.verifyOTP(ctx, c.getOTP())
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (c *Command) getOTP() string {
+ prompt := "OTP: "
+ fmt.Fprint(c.ReadWriter.Out, prompt)
+
+ var answer string
+ otpLength := int64(64)
+ reader := io.LimitReader(c.ReadWriter.In, otpLength)
+ fmt.Fscanln(reader, &answer)
+
+ return answer
+}
+
+func (c *Command) verifyOTP(ctx context.Context, otp string) error {
+ client, err := twofactorverify.NewClient(c.Config)
+ if err != nil {
+ return err
+ }
+
+ err = client.VerifyOTP(ctx, c.Args, otp)
+ if err == nil {
+ fmt.Fprint(c.ReadWriter.Out, "\nOTP validation successful. Git operations are allowed for the next 15 minutes.\n")
+ } else {
+ fmt.Fprintf(c.ReadWriter.Out, "\nOTP validation failed.\n%v\n", err)
+ }
+
+ return nil
+}
diff --git a/internal/command/twofactorverify/twofactorverify_test.go b/internal/command/twofactorverify/twofactorverify_test.go
new file mode 100644
index 0000000..08eb380
--- /dev/null
+++ b/internal/command/twofactorverify/twofactorverify_test.go
@@ -0,0 +1,122 @@
+package twofactorverify
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "io/ioutil"
+ "net/http"
+ "testing"
+
+ "github.com/stretchr/testify/require"
+
+ "gitlab.com/gitlab-org/gitlab-shell/client/testserver"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/command/commandargs"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/command/readwriter"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/config"
+ "gitlab.com/gitlab-org/gitlab-shell/internal/gitlabnet/twofactorverify"
+)
+
+func setup(t *testing.T) []testserver.TestRequestHandler {
+ requests := []testserver.TestRequestHandler{
+ {
+ Path: "/api/v4/internal/two_factor_otp_check",
+ Handler: func(w http.ResponseWriter, r *http.Request) {
+ b, err := ioutil.ReadAll(r.Body)
+ defer r.Body.Close()
+
+ require.NoError(t, err)
+
+ var requestBody *twofactorverify.RequestBody
+ require.NoError(t, json.Unmarshal(b, &requestBody))
+
+ switch requestBody.KeyId {
+ case "1":
+ body := map[string]interface{}{
+ "success": true,
+ }
+ json.NewEncoder(w).Encode(body)
+ case "error":
+ body := map[string]interface{}{
+ "success": false,
+ "message": "error message",
+ }
+ require.NoError(t, json.NewEncoder(w).Encode(body))
+ case "broken":
+ w.WriteHeader(http.StatusInternalServerError)
+ }
+ },
+ },
+ }
+
+ return requests
+}
+
+const (
+ question = "OTP: \n"
+ errorHeader = "OTP validation failed.\n"
+)
+
+func TestExecute(t *testing.T) {
+ requests := setup(t)
+
+ url, cleanup := testserver.StartSocketHttpServer(t, requests)
+ defer cleanup()
+
+ testCases := []struct {
+ desc string
+ arguments *commandargs.Shell
+ answer string
+ expectedOutput string
+ }{
+ {
+ desc: "With a known key id",
+ arguments: &commandargs.Shell{GitlabKeyId: "1"},
+ answer: "123456\n",
+ expectedOutput: question +
+ "OTP validation successful. Git operations are allowed for the next 15 minutes.\n",
+ },
+ {
+ desc: "With bad response",
+ arguments: &commandargs.Shell{GitlabKeyId: "-1"},
+ answer: "123456\n",
+ expectedOutput: question + errorHeader + "Parsing failed\n",
+ },
+ {
+ desc: "With API returns an error",
+ arguments: &commandargs.Shell{GitlabKeyId: "error"},
+ answer: "yes\n",
+ expectedOutput: question + errorHeader + "error message\n",
+ },
+ {
+ desc: "With API fails",
+ arguments: &commandargs.Shell{GitlabKeyId: "broken"},
+ answer: "yes\n",
+ expectedOutput: question + errorHeader + "Internal API error (500)\n",
+ },
+ {
+ desc: "With missing arguments",
+ arguments: &commandargs.Shell{},
+ answer: "yes\n",
+ expectedOutput: question + errorHeader + "who='' is invalid\n",
+ },
+ }
+
+ for _, tc := range testCases {
+ t.Run(tc.desc, func(t *testing.T) {
+ output := &bytes.Buffer{}
+ input := bytes.NewBufferString(tc.answer)
+
+ cmd := &Command{
+ Config: &config.Config{GitlabUrl: url},
+ Args: tc.arguments,
+ ReadWriter: &readwriter.ReadWriter{Out: output, In: input},
+ }
+
+ err := cmd.Execute(context.Background())
+
+ require.NoError(t, err)
+ require.Equal(t, tc.expectedOutput, output.String())
+ })
+ }
+}