feat(api): add support for multiple user authentication methods

- Added a list to represent the authentication methods available for each user. - Introduced an `authentication` attribute to manage authentication method settings, such as enabling or disabling specific methods. - Updated the `/info` endpoint to include authentication details in its response.
shellhub-io · Jan 8, 2025 · 3f98228 · 3f98228
1 parent 3800fc0
commit 3f98228
Show file tree

Hide file tree

Showing 19 changed files with 1,116 additions and 158 deletions.
diff --git a/api/pkg/responses/system.go b/api/pkg/responses/system.go
@@ -0,0 +1,17 @@
+package responses
+
+type SystemInfo struct {
+	Version        string                    `json:"version"`
+	Endpoints      *SystemEndpointsInfo      `json:"endpoints"`
+	Setup          bool                      `json:"setup"`
+	Authentication *SystemAuthenticationInfo `json:"authentication"`
+}
+
+type SystemAuthenticationInfo struct {
+	Local bool `json:"local"`
+}
+
+type SystemEndpointsInfo struct {
+	API string `json:"api"`
+	SSH string `json:"ssh"`
+}
diff --git a/api/routes/stats.go b/api/routes/stats.go
@@ -23,17 +23,16 @@ func (h *Handler) GetStats(c gateway.Context) error {
 }
 
 func (h *Handler) GetSystemInfo(c gateway.Context) error {
-	var req requests.SystemGetInfo
-
-	if err := c.Bind(&req); err != nil {
+	req := new(requests.GetSystemInfo)
+	if err := c.Bind(req); err != nil {
 		return err
 	}
 
 	if req.Host == "" {
 		req.Host = c.Request().Host
 	}
 
-	info, err := h.service.SystemGetInfo(c.Ctx(), req)
+	info, err := h.service.GetSystemInfo(c.Ctx(), req)
 	if err != nil {
 		return err
 	}

diff --git a/api/routes/stats_test.go b/api/routes/stats_test.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/shellhub-io/shellhub/api/pkg/responses"
 	"github.com/shellhub-io/shellhub/api/services/mocks"
 	"github.com/shellhub-io/shellhub/pkg/api/authorizer"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
@@ -20,22 +21,25 @@ func TestGetSystemInfo(t *testing.T) {
 
 	cases := []struct {
 		title          string
-		request        requests.SystemGetInfo
-		requiredMocks  func(updatePayloadMock requests.SystemGetInfo)
+		request        requests.GetSystemInfo
+		requiredMocks  func(updatePayloadMock requests.GetSystemInfo)
 		expectedStatus int
 	}{
 		{
 			title: "success when try to get infos of a existing system",
-			request: requests.SystemGetInfo{
+			request: requests.GetSystemInfo{
 				Host: "example.com",
 				Port: 0,
 			},
-			requiredMocks: func(_ requests.SystemGetInfo) {
-				mock.On("SystemGetInfo", gomock.Anything, requests.SystemGetInfo{
-					Host: "example.com",
-					Port: 0,
-				},
-				).Return(&models.SystemInfo{}, nil)
+			requiredMocks: func(_ requests.GetSystemInfo) {
+				mock.
+					On(
+						"GetSystemInfo",
+						gomock.Anything,
+						&requests.GetSystemInfo{Host: "example.com", Port: 0},
+					).
+					Return(&responses.SystemInfo{}, nil).
+					Once()
 			},
 			expectedStatus: http.StatusOK,
 		},

diff --git a/api/services/auth.go b/api/services/auth.go
@@ -11,6 +11,7 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"net"
+	"slices"
 	"strings"
 	"time"
 
@@ -171,6 +172,10 @@ func (s *service) AuthDevice(ctx context.Context, req requests.DeviceAuth, remot
 }
 
 func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser, sourceIP string) (*models.UserAuthResponse, int64, string, error) {
+	if s, err := s.store.SystemGet(ctx); err != nil || !s.Authentication.Local.Enabled {
+		return nil, 0, "", NewErrAuthMethodNotAllowed()
+	}
+
 	var err error
 	var user *models.User
 
@@ -184,7 +189,7 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 		return nil, 0, "", NewErrAuthUnathorized(nil)
 	}
 
-	if user.Origin != models.UserOriginLocal {
+	if !slices.Contains(user.Preferences.AuthMethods, models.UserAuthMethodLocal) {
 		return nil, 0, "", NewErrAuthUnathorized(nil)
 	}
 
@@ -290,6 +295,7 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 	res := &models.UserAuthResponse{
 		ID:            user.ID,
 		Origin:        user.Origin.String(),
+		AuthMethods:   user.Preferences.AuthMethods,
 		User:          user.Username,
 		Name:          user.Name,
 		Email:         user.Email,
@@ -373,6 +379,7 @@ func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserT
 	return &models.UserAuthResponse{
 		ID:            user.ID,
 		Origin:        user.Origin.String(),
+		AuthMethods:   user.Preferences.AuthMethods,
 		User:          user.Username,
 		Name:          user.Name,
 		Email:         user.Email,