calendar-webapp/source/calendarwebapp/authenticator.d

module calendarwebapp.authenticator;

import calendarwebapp.passhash : PasswordHasher;

import poodinis;

import std.range : InputRange;
import std.typecons : nullable, Nullable;

import vibe.data.bson;
import vibe.db.mongo.collection : MongoCollection;

interface Authenticator
{
    Nullable!AuthInfo checkUser(string username, string password) @safe;
    void addUser(AuthInfo authInfo) @safe;
    InputRange!AuthInfo getAllUsers() @safe;
    void removeUser(BsonObjectID id) @safe;
}

class MongoDBAuthenticator(Collection = MongoCollection) : Authenticator
{
private:
    @Value("users")
    Collection users;
    @Autowire PasswordHasher passwordHasher;

public:
    Nullable!AuthInfo checkUser(string username, string password) @safe
    {
        auto result = users.findOne(["username" : username]);
        /* checkHash should be called using vibe.core.concurrency.async to
           avoid blocking, but https://github.com/vibe-d/vibe.d/issues/1521 is
           blocking this */
        if (result != Bson(null))
        {
            auto authInfo = result.deserializeBson!AuthInfo;
            import vibe.core.log : logInfo;
            logInfo(passwordHasher.generateHash(password));
            if (passwordHasher.checkHash(password, authInfo.passwordHash))
            {
                return authInfo.nullable;
            }
        }
        return Nullable!AuthInfo.init;
    }

    void addUser(AuthInfo authInfo) @safe
    {
        if (!authInfo.id.valid)
            authInfo.id = BsonObjectID.generate;

        users.insert(authInfo.serializeToBson);
    }

    InputRange!AuthInfo getAllUsers() @safe
    {
        import std.algorithm : map;
        import std.range : inputRangeObject;

        return users.find().map!(deserializeBson!AuthInfo).inputRangeObject;
    }

    void removeUser(BsonObjectID id) @safe
    {
        users.remove(["_id" : id]);
    }
}

enum Privilege
{
    None,
    User,
    Admin
}

struct AuthInfo
{
    import vibe.data.serialization : name;

    @name("_id") BsonObjectID id;
    string username;
    string passwordHash;
    Privilege privilege;

    mixin(generateAuthMethods);

private:
    static string generateAuthMethods() pure @safe
    {
        import std.conv : to;
        import std.format : format;
        import std.traits : EnumMembers;

        string ret;
        foreach (member; EnumMembers!Privilege)
        {
            ret ~= q{
                bool is%s() const pure @safe nothrow
                {
                    return privilege == Privilege.%s;
                }
            }.format(member.to!string, member.to!string);
        }
        return ret;
    }
}
initial addition of unittests 2017-09-17 17:52:41 +02:00			`module calendarwebapp.authenticator;`

added abstraction layer for password hashing 2017-10-27 18:58:46 +02:00			`import calendarwebapp.passhash : PasswordHasher;`

initial addition of unittests 2017-09-17 17:52:41 +02:00			`import poodinis;`

Added possibility for admins to add and remove users 2017-10-27 17:09:55 +02:00			`import std.range : InputRange;`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`import std.typecons : nullable, Nullable;`

Added possibility for admins to add and remove users 2017-10-27 17:09:55 +02:00			`import vibe.data.bson;`
initial addition of unittests 2017-09-17 17:52:41 +02:00			`import vibe.db.mongo.collection : MongoCollection;`

			`interface Authenticator`
			`{`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`Nullable!AuthInfo checkUser(string username, string password) @safe;`
Added possibility for admins to add and remove users 2017-10-27 17:09:55 +02:00			`void addUser(AuthInfo authInfo) @safe;`
			`InputRange!AuthInfo getAllUsers() @safe;`
			`void removeUser(BsonObjectID id) @safe;`
initial addition of unittests 2017-09-17 17:52:41 +02:00			`}`

			`class MongoDBAuthenticator(Collection = MongoCollection) : Authenticator`
			`{`
			`private:`
			`@Value("users")`
			`Collection users;`
added abstraction layer for password hashing 2017-10-27 18:58:46 +02:00			`@Autowire PasswordHasher passwordHasher;`
initial addition of unittests 2017-09-17 17:52:41 +02:00
			`public:`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`Nullable!AuthInfo checkUser(string username, string password) @safe`
initial addition of unittests 2017-09-17 17:52:41 +02:00			`{`
Store passwords as salted hashes using bcrypt 2017-10-15 16:43:39 +02:00			`auto result = users.findOne(["username" : username]);`
added abstraction layer for password hashing 2017-10-27 18:58:46 +02:00			`/* checkHash should be called using vibe.core.concurrency.async to`
Store passwords as salted hashes using bcrypt 2017-10-15 16:43:39 +02:00			`avoid blocking, but https://github.com/vibe-d/vibe.d/issues/1521 is`
			`blocking this */`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`if (result != Bson(null))`
			`{`
			`auto authInfo = result.deserializeBson!AuthInfo;`
Use DAuth instead of botan for password hashing. Fixes #7 2017-11-10 18:20:55 +01:00			`import vibe.core.log : logInfo;`
			`logInfo(passwordHasher.generateHash(password));`
added abstraction layer for password hashing 2017-10-27 18:58:46 +02:00			`if (passwordHasher.checkHash(password, authInfo.passwordHash))`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`{`
			`return authInfo.nullable;`
			`}`
			`}`
Added possibility for admins to add and remove users 2017-10-27 17:09:55 +02:00			`return Nullable!AuthInfo.init;`
			`}`

			`void addUser(AuthInfo authInfo) @safe`
			`{`
			`if (!authInfo.id.valid)`
			`authInfo.id = BsonObjectID.generate;`

			`users.insert(authInfo.serializeToBson);`
			`}`

			`InputRange!AuthInfo getAllUsers() @safe`
			`{`
			`import std.algorithm : map;`
			`import std.range : inputRangeObject;`

			`return users.find().map!(deserializeBson!AuthInfo).inputRangeObject;`
			`}`

			`void removeUser(BsonObjectID id) @safe`
			`{`
			`users.remove(["_id" : id]);`
initial addition of unittests 2017-09-17 17:52:41 +02:00			`}`
			`}`

Only show menu when authenticated and only show user management when logged in as admin 2017-10-27 18:03:55 +02:00			`enum Privilege`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`{`
Only show menu when authenticated and only show user management when logged in as admin 2017-10-27 18:03:55 +02:00			`None,`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`User,`
			`Admin`
			`}`

initial addition of unittests 2017-09-17 17:52:41 +02:00			`struct AuthInfo`
			`{`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`import vibe.data.serialization : name;`

			`@name("_id") BsonObjectID id;`
			`string username;`
			`string passwordHash;`
Only show menu when authenticated and only show user management when logged in as admin 2017-10-27 18:03:55 +02:00			`Privilege privilege;`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00
Automatically generate methods for checking if a user has certain privileges. Once static foreach is supported by ldc, this can be done even more elegant without the use of a helper function. 2017-10-27 15:13:02 +02:00			`mixin(generateAuthMethods);`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00
Automatically generate methods for checking if a user has certain privileges. Once static foreach is supported by ldc, this can be done even more elegant without the use of a helper function. 2017-10-27 15:13:02 +02:00			`private:`
			`static string generateAuthMethods() pure @safe`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`{`
Automatically generate methods for checking if a user has certain privileges. Once static foreach is supported by ldc, this can be done even more elegant without the use of a helper function. 2017-10-27 15:13:02 +02:00			`import std.conv : to;`
			`import std.format : format;`
			`import std.traits : EnumMembers;`

			`string ret;`
Only show menu when authenticated and only show user management when logged in as admin 2017-10-27 18:03:55 +02:00			`foreach (member; EnumMembers!Privilege)`
Automatically generate methods for checking if a user has certain privileges. Once static foreach is supported by ldc, this can be done even more elegant without the use of a helper function. 2017-10-27 15:13:02 +02:00			`{`
			`ret ~= q{`
			`bool is%s() const pure @safe nothrow`
			`{`
Only show menu when authenticated and only show user management when logged in as admin 2017-10-27 18:03:55 +02:00			`return privilege == Privilege.%s;`
Automatically generate methods for checking if a user has certain privileges. Once static foreach is supported by ldc, this can be done even more elegant without the use of a helper function. 2017-10-27 15:13:02 +02:00			`}`
			`}.format(member.to!string, member.to!string);`
			`}`
			`return ret;`
Initial work for support for different user roles. 2017-10-26 20:08:16 +02:00			`}`
initial addition of unittests 2017-09-17 17:52:41 +02:00			`}`