Skip to content

Commit

Permalink
chore: more cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
mistahj67 committed Nov 22, 2024
1 parent a73d48a commit c9b8bba
Show file tree
Hide file tree
Showing 8 changed files with 39 additions and 371 deletions.
266 changes: 1 addition & 265 deletions cmd/api/src/api/v2/apiclient/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,39 +17,18 @@
package apiclient

import (
"bytes"
"fmt"
"io"
"mime/multipart"
"net/http"
"net/url"
"strconv"

"github.com/gofrs/uuid"
"github.com/specterops/bloodhound/headers"
"github.com/specterops/bloodhound/src/api"
v2 "github.com/specterops/bloodhound/src/api/v2"
authapi "github.com/specterops/bloodhound/src/api/v2/auth"
"github.com/specterops/bloodhound/src/auth"
"github.com/specterops/bloodhound/src/model"
)

func (s Client) ListSAMLSignOnEndpoints() (v2.ListSAMLSignOnEndpointsResponse, error) {
var providersResponse v2.ListSAMLSignOnEndpointsResponse

if response, err := s.Request(http.MethodGet, "api/v2/saml/sso", nil, nil); err != nil {
return providersResponse, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return providersResponse, ReadAPIError(response)
}

return providersResponse, api.ReadAPIV2ResponsePayload(&providersResponse, response)
}
}

// TODO when formally deprecated update this to another endpoint
func (s Client) ListSAMLIdentityProviders() (v2.ListSAMLProvidersResponse, error) {
var providersResponse v2.ListSAMLProvidersResponse

Expand All @@ -66,57 +45,6 @@ func (s Client) ListSAMLIdentityProviders() (v2.ListSAMLProvidersResponse, error
}
}

func (s Client) CreateSAMLIdentityProvider(request v2.CreateSAMLAuthProviderRequest) (model.SAMLProvider, error) {
var newProvider model.SAMLProvider

if response, err := s.Request(http.MethodPost, "api/v2/saml", nil, request); err != nil {
return newProvider, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return newProvider, ReadAPIError(response)
}

return newProvider, api.ReadAPIV2ResponsePayload(&newProvider, response)
}
}

func (s Client) CreateSAMLIdentityProviderMultipart(name, metadata string) (model.SAMLProvider, error) {
var (
newProvider model.SAMLProvider

buffer = &bytes.Buffer{}
header = make(http.Header)
multipartWriter = multipart.NewWriter(buffer)
)

if err := multipartWriter.WriteField("name", name); err != nil {
return newProvider, err
} else if fileWriter, err := multipartWriter.CreateFormFile("metadata", "metadata.xml"); err != nil {
return newProvider, err
} else {
if _, err := io.Copy(fileWriter, bytes.NewBufferString(metadata)); err != nil {
return newProvider, fmt.Errorf("failed to copy metadata to file: %w", err)
}
multipartWriter.Close()

header.Set(headers.ContentType.String(), multipartWriter.FormDataContentType())

if response, err := s.Request(http.MethodPost, "api/v2/saml/providers", nil, buffer.Bytes(), header); err != nil {
return newProvider, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return newProvider, ReadAPIError(response)
}

return newProvider, api.ReadJsonResponsePayload(&newProvider, response)
}
}
}

func (s Client) ListAuthTokens() (v2.ListTokensResponse, error) {
var tokens v2.ListTokensResponse

Expand Down Expand Up @@ -151,118 +79,6 @@ func (s Client) ListUserTokens(id uuid.UUID) (v2.ListTokensResponse, error) {
}
}

func (s Client) EnrollMFA(id uuid.UUID, secret string) (authapi.MFAEnrollmentReponse, error) {
var (
enrollmentResponse authapi.MFAEnrollmentReponse
payload = authapi.MFAEnrollmentRequest{
Secret: secret,
}
)

if response, err := s.Request(http.MethodPost, fmt.Sprintf("api/v2/bloodhound-users/%s/mfa", id), nil, payload); err != nil {
return enrollmentResponse, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return enrollmentResponse, ReadAPIError(response)
}

return enrollmentResponse, api.ReadAPIV2ResponsePayload(&enrollmentResponse, response)
}
}

func (s Client) ActivateMFA(id uuid.UUID, otp string) (authapi.MFAStatusResponse, error) {
var (
mfaStatusResponse authapi.MFAStatusResponse
payload = authapi.MFAActivationRequest{
OTP: otp,
}
)

if response, err := s.Request(http.MethodPost, fmt.Sprintf("api/v2/bloodhound-users/%s/mfa-activation", id), nil, payload); err != nil {
return mfaStatusResponse, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return mfaStatusResponse, ReadAPIError(response)
}

return mfaStatusResponse, api.ReadAPIV2ResponsePayload(&mfaStatusResponse, response)
}
}

func (s Client) GetMFAActivationStatus(id uuid.UUID) (authapi.MFAStatusResponse, error) {
var mfaStatusResponse authapi.MFAStatusResponse

if response, err := s.Request(http.MethodGet, fmt.Sprintf("api/v2/bloodhound-users/%s/mfa-activation", id), nil, nil); err != nil {
return mfaStatusResponse, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return mfaStatusResponse, ReadAPIError(response)
}

return mfaStatusResponse, api.ReadAPIV2ResponsePayload(&mfaStatusResponse, response)
}
}

func (s Client) LookupSelf() (model.User, error) {
var self model.User
if response, err := s.Request(http.MethodGet, "api/v2/auth/self", nil, nil); err != nil {
return self, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return self, ReadAPIError(response)
}

return self, api.ReadAPIV2ResponsePayload(&self, response)
}
}

func (s Client) CreateSAMLUser(userPrincipal, userEmailAddress string, samlProviderID int32, roles []int32) (model.User, error) {
var newUser model.User

payload := v2.CreateUserRequest{
UpdateUserRequest: v2.UpdateUserRequest{
Principal: userPrincipal,
EmailAddress: userEmailAddress,
Roles: roles,
SAMLProviderID: strconv.FormatInt(int64(samlProviderID), 10),
},
}

if response, err := s.Request(http.MethodPost, "api/v2/bloodhound-users", nil, payload); err != nil {
return newUser, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return newUser, ReadAPIError(response)
}

return newUser, api.ReadAPIV2ResponsePayload(&newUser, response)
}
}

func (s Client) UpdateUser(userID uuid.UUID, updateUserRequest v2.UpdateUserRequest) error {
if response, err := s.Request(http.MethodPut, fmt.Sprintf("api/v2/bloodhound-users/%s", userID), nil, updateUserRequest); err != nil {
return err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return ReadAPIError(response)
}

return nil
}
}

func (s Client) CreateUser(userPrincipal, userEmailAddress string, roles []int32) (model.User, error) {
var newUser model.User

Expand Down Expand Up @@ -301,22 +117,6 @@ func (s Client) DeleteUser(userID uuid.UUID) error {
return nil
}

func (s Client) GetUser(id uuid.UUID) (model.User, error) {
var user model.User

if response, err := s.Request(http.MethodGet, fmt.Sprintf("api/v2/bloodhound-users/%s", id), nil, nil); err != nil {
return user, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return user, ReadAPIError(response)
}

return user, api.ReadAPIV2ResponsePayload(&user, response)
}
}

func (s Client) ListUsers() (v2.ListUsersResponse, error) {
var users v2.ListUsersResponse

Expand All @@ -333,50 +133,6 @@ func (s Client) ListUsers() (v2.ListUsersResponse, error) {
}
}

func (s Client) UserAddRole(userID uuid.UUID, roleID int32) error {
if response, err := s.Request(http.MethodPost, fmt.Sprintf("api/v2/bloodhound-users/%s/roles/%d", userID, roleID), nil, nil); err != nil {
return err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return ReadAPIError(response)
}
}

return nil
}

func (s Client) UserRemoveRole(userID uuid.UUID, roleID int32) error {
if response, err := s.Request(http.MethodDelete, fmt.Sprintf("api/v2/bloodhound-users/%s/roles/%d", userID, roleID), nil, nil); err != nil {
return err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return ReadAPIError(response)
}
}

return nil
}

func (s Client) GetPermission(id int32) (model.Permission, error) {
var permission model.Permission

if response, err := s.Request(http.MethodGet, fmt.Sprintf("api/v2/permissions/%d", id), nil, nil); err != nil {
return permission, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return permission, ReadAPIError(response)
}

return permission, api.ReadAPIV2ResponsePayload(&permission, response)
}
}

func (s Client) ListPermissions() (v2.ListPermissionsResponse, error) {
var permissions v2.ListPermissionsResponse

Expand All @@ -393,22 +149,6 @@ func (s Client) ListPermissions() (v2.ListPermissionsResponse, error) {
}
}

func (s Client) GetRole(id int32) (model.Role, error) {
var role model.Role

if response, err := s.Request(http.MethodGet, fmt.Sprintf("api/v2/auth/roles/%d", id), nil, nil); err != nil {
return role, err
} else {
defer response.Body.Close()

if api.IsErrorResponse(response) {
return role, ReadAPIError(response)
}

return role, api.ReadAPIV2ResponsePayload(&role, response)
}
}

func (s Client) ListRoles() (v2.ListRolesResponse, error) {
var roles v2.ListRolesResponse

Expand Down Expand Up @@ -516,7 +256,3 @@ func (s Client) LoginSecret(username, secret string) (api.LoginResponse, error)
return loginResponse, api.ReadAPIV2ResponsePayload(&loginResponse, response)
}
}

func (s Client) LoginSAML(organization, username string) error {
panic("TODO")
}
Loading

0 comments on commit c9b8bba

Please sign in to comment.