From bc6cd9141d767388235c175e34f8baf48408e8b5 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Fri, 29 Apr 2022 11:55:56 +0200 Subject: [PATCH] [WIP] add missing secret checks Signed-off-by: Christian Richter --- extensions/accounts/pkg/config/parser/parse.go | 4 ++++ .../appprovider/pkg/config/defaults/defaultconfig.go | 9 +++++++++ extensions/auth-basic/pkg/config/parser/parse.go | 8 ++++++++ ocis-pkg/shared/errors.go | 7 +++++++ 4 files changed, 28 insertions(+) diff --git a/extensions/accounts/pkg/config/parser/parse.go b/extensions/accounts/pkg/config/parser/parse.go index 514de074f7..69ee34934e 100644 --- a/extensions/accounts/pkg/config/parser/parse.go +++ b/extensions/accounts/pkg/config/parser/parse.go @@ -6,6 +6,7 @@ import ( "github.com/owncloud/ocis/extensions/accounts/pkg/config" defaults "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) @@ -33,5 +34,8 @@ func ParseConfig(cfg *config.Config) error { } func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } return nil } diff --git a/extensions/appprovider/pkg/config/defaults/defaultconfig.go b/extensions/appprovider/pkg/config/defaults/defaultconfig.go index c42cfa27ef..978c6d2edb 100644 --- a/extensions/appprovider/pkg/config/defaults/defaultconfig.go +++ b/extensions/appprovider/pkg/config/defaults/defaultconfig.go @@ -2,6 +2,7 @@ package defaults import ( "github.com/owncloud/ocis/extensions/appprovider/pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" ) func FullDefaultConfig() *config.Config { @@ -80,3 +81,11 @@ func EnsureDefaults(cfg *config.Config) { func Sanitize(cfg *config.Config) { // nothing to sanitize here atm } + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/auth-basic/pkg/config/parser/parse.go b/extensions/auth-basic/pkg/config/parser/parse.go index f24e99c95b..ed21b39871 100644 --- a/extensions/auth-basic/pkg/config/parser/parse.go +++ b/extensions/auth-basic/pkg/config/parser/parse.go @@ -6,6 +6,7 @@ import ( "github.com/owncloud/ocis/extensions/auth-basic/pkg/config" "github.com/owncloud/ocis/extensions/auth-basic/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) @@ -33,5 +34,12 @@ func ParseConfig(cfg *config.Config) error { } func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.AuthProviders.LDAP.BindPassword == "" && cfg.AuthProvider == "ldap" { + return shared.MissingLDAPBindPassword(cfg.Service.Name) + } return nil } diff --git a/ocis-pkg/shared/errors.go b/ocis-pkg/shared/errors.go index 899def9121..3190edc3ad 100644 --- a/ocis-pkg/shared/errors.go +++ b/ocis-pkg/shared/errors.go @@ -26,3 +26,10 @@ func MissingRevaTransferSecretError(service string) error { "(e.g. by running ocis init or setting STORAGE_TRANSFER_SECRET).\n", service, defaults.BaseConfigPath()) } + +func MissingLDAPBindPassword(service string) error { + return fmt.Errorf("bind_password has not been set properly in your config for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting LDAP_BIND_PASSWORD).\n", + service, defaults.BaseConfigPath()) +}