diff --git a/backend/config/config.go b/backend/config/config.go index 44086165c..33c00b60f 100644 --- a/backend/config/config.go +++ b/backend/config/config.go @@ -2,12 +2,13 @@ package config import ( "fmt" + "log" + "github.com/kelseyhightower/envconfig" "github.com/knadh/koanf" "github.com/knadh/koanf/parsers/yaml" "github.com/knadh/koanf/providers/file" "github.com/teamhanko/hanko/backend/ee/saml/config" - "log" ) // Config is the central configuration type @@ -34,8 +35,10 @@ type Config struct { Log LoggerConfig `yaml:"log" json:"log,omitempty" koanf:"log" jsonschema:"title=log"` // Deprecated. See child properties for suggested replacements. Passcode Passcode `yaml:"passcode" json:"passcode,omitempty" koanf:"passcode" jsonschema:"title=passcode"` - // `passkey` configures how passkeys are acquired and used. + // `passkey` configures how passkeys are acquired and used. Passkey Passkey `yaml:"passkey" json:"passkey,omitempty" koanf:"passkey" jsonschema:"title=passkey"` + // `passlink` congigures how passlinks are acquired and used. + Passlink Passlink `yaml:"passlink" json:"passlink,omitempty" koanf:"passlink"` // `password` configures how passwords are acquired and used. Password Password `yaml:"password" json:"password,omitempty" koanf:"password" jsonschema:"title=password"` // `rate_limiter` configures rate limits for rate limited API operations and storage modalities for rate limit data. @@ -167,6 +170,10 @@ func (c *Config) Validate() error { if err != nil { return fmt.Errorf("failed to validate webhook settings: %w", err) } + err = c.Passlink.Validate() + if err != nil { + return fmt.Errorf("failed to validate passlink settings: %w", err) + } return nil } diff --git a/backend/config/config.yaml b/backend/config/config.yaml index 255e24a35..ecc139fb8 100644 --- a/backend/config/config.yaml +++ b/backend/config/config.yaml @@ -44,6 +44,9 @@ password: acquire_on_login: never recovery: true min_length: 8 +passlink: + enabled: true + url: http://localhost:3000 rate_limiter: enabled: true store: in_memory diff --git a/backend/config/config_default.go b/backend/config/config_default.go index 1a093099e..581828f0a 100644 --- a/backend/config/config_default.go +++ b/backend/config/config_default.go @@ -60,6 +60,10 @@ func DefaultConfig() *Config { Recovery: true, MinLength: 8, }, + Passlink: Passlink{ + Enabled: false, + URL: "http://localhost:8888", + }, Database: Database{ Database: "hanko", User: "hanko", @@ -98,6 +102,10 @@ func DefaultConfig() *Config { Tokens: 3, Interval: 1 * time.Minute, }, + PasslinkLimits: RateLimits{ + Tokens: 3, + Interval: 1 * time.Minute, + }, TokenLimits: RateLimits{ Tokens: 3, Interval: 1 * time.Minute, diff --git a/backend/config/config_email.go b/backend/config/config_email.go index e57093afe..98e3d81be 100644 --- a/backend/config/config_email.go +++ b/backend/config/config_email.go @@ -18,6 +18,8 @@ type Email struct { Optional bool `yaml:"optional" json:"optional,omitempty" koanf:"optional" jsonschema:"default=false"` // `passcode_ttl` specifies, in seconds, how long a passcode is valid for. PasscodeTtl int `yaml:"passcode_ttl" json:"passcode_ttl,omitempty" koanf:"passcode_ttl" jsonschema:"default=300"` + // `passlink_ttl` specifies, in seconds, how long a passlink is valid for. + PasslinkTtl int `yaml:"passlink_ttl" json:"passlink_ttl,omitempty" koanf:"passlink_ttl" jsonschema:"default=300"` // `require_verification` determines whether newly created emails must be verified by providing a passcode sent // to respective address. RequireVerification bool `yaml:"require_verification" json:"require_verification,omitempty" koanf:"require_verification" split_words:"true" jsonschema:"default=true"` diff --git a/backend/config/config_passlink.go b/backend/config/config_passlink.go new file mode 100644 index 000000000..f4d33f4ed --- /dev/null +++ b/backend/config/config_passlink.go @@ -0,0 +1,29 @@ +package config + +import ( + "errors" + "fmt" + "net/url" + "strings" +) + +type Passlink struct { + // `enabled` determines whether users can authenticate via a link containing a short-living token send by mail. + Enabled bool `yaml:"enabled" json:"enabled,omitempty" koanf:"enabled" jsonschema:"default=false"` + // `url` is the redirect target URL for passlinks to your frontend. + // Frontend must be able to handle the passlink token and call the passlink finalize endpoint to complete the authentication. + // The passlink id (plid) and the token (pltk) are added as query parameters to that URL. + URL string `yaml:"url" json:"url,omitempty" koanf:"url"` +} + +func (p *Passlink) Validate() error { + if len(strings.TrimSpace(p.URL)) == 0 { + return errors.New("url must not be empty") + } + if url, err := url.Parse(p.URL); err != nil { + return fmt.Errorf("failed to parse url: %w", err) + } else if url.Scheme == "" || url.Host == "" { + return errors.New("url must be a valid URL") + } + return nil +} diff --git a/backend/config/config_rate_limiter.go b/backend/config/config_rate_limiter.go index 2bf37bdd8..64dd5465e 100644 --- a/backend/config/config_rate_limiter.go +++ b/backend/config/config_rate_limiter.go @@ -16,6 +16,8 @@ type RateLimiter struct { Redis *RedisConfig `yaml:"redis_config" json:"redis_config,omitempty" koanf:"redis_config"` // `passcode_limits` controls rate limits for passcode operations. PasscodeLimits RateLimits `yaml:"passcode_limits" json:"passcode_limits,omitempty" koanf:"passcode_limits" split_words:"true"` + // `passlink_limits` controls rate limits for passlink operations. + PasslinkLimits RateLimits `yaml:"passlink_limits" json:"passlink_limits,omitempty" koanf:"passlink_limits" split_words:"true"` // `password_limits` controls rate limits for password login operations. PasswordLimits RateLimits `yaml:"password_limits" json:"password_limits,omitempty" koanf:"password_limits" split_words:"true"` // `token_limits` controls rate limits for token exchange operations. diff --git a/backend/crypto/passlink.go b/backend/crypto/passlink.go new file mode 100644 index 000000000..85fb383cd --- /dev/null +++ b/backend/crypto/passlink.go @@ -0,0 +1,28 @@ +package crypto + +import ( + "crypto/rand" + "encoding/hex" + "log" +) + +// PasslinkGenerator will generate a random passlink token +type PasslinkGenerator interface { + Generate() (string, error) +} + +type passlinkGenerator struct { +} + +func NewPasslinkGenerator() PasslinkGenerator { + return &passlinkGenerator{} +} + +func (g *passlinkGenerator) Generate() (string, error) { + bytes := make([]byte, 32) + _, err := rand.Read(bytes) + if err != nil { + log.Fatal(err) + } + return hex.EncodeToString(bytes), nil +} diff --git a/backend/dto/admin/passlink.go b/backend/dto/admin/passlink.go new file mode 100644 index 000000000..c41684994 --- /dev/null +++ b/backend/dto/admin/passlink.go @@ -0,0 +1,43 @@ +package admin + +import ( + "time" + + "github.com/gofrs/uuid" + "github.com/teamhanko/hanko/backend/persistence/models" +) + +type Passlink struct { + ID uuid.UUID `json:"id"` + UserID uuid.UUID `json:"user_id"` + EmailID uuid.UUID `json:"email_id"` + Email *Email `json:"email,omitempty"` + TTL int `json:"ttl"` // in seconds + LoginCount int `json:"login_count"` + Reusable bool `json:"reusable"` // by default a passlink can only used once, if reusable is set true, it can be used to authenticate the user multiple times by clicking the same link (e.g. in a newsletter) + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` +} + +// FromPasslinkModel Converts the DB model to a DTO object +func FromPasslinkModel(model models.Passlink) Passlink { + return Passlink{ + ID: model.ID, + UserID: model.UserID, + EmailID: model.EmailID, + Email: FromEmailModel(&model.Email), + TTL: model.TTL, + LoginCount: model.LoginCount, + Reusable: model.Reusable, + CreatedAt: model.CreatedAt, + UpdatedAt: model.UpdatedAt, + } +} + +type CreatePasslink struct { + ID *uuid.UUID `json:"id,omitempty"` + UserID uuid.UUID `json:"user_id"` + EmailID uuid.UUID `json:"email_id"` + TTL int `json:"ttl"` // in seconds + Reusable bool `json:"reusable"` // by default a passlink can only used once, if reusable is set true, it can be used to authenticate the user multiple times by clicking the same link (e.g. in a newsletter) +} diff --git a/backend/dto/config.go b/backend/dto/config.go index ced547131..e8020877a 100644 --- a/backend/dto/config.go +++ b/backend/dto/config.go @@ -9,6 +9,7 @@ import ( // PublicConfig is the part of the configuration that will be shared with the frontend type PublicConfig struct { Password Password `json:"password"` + Passlink bool `json:"passlink"` Emails Emails `json:"emails"` Providers []string `json:"providers"` Account Account `json:"account"` @@ -37,6 +38,7 @@ func FromConfig(cfg config.Config) PublicConfig { Enabled: cfg.Password.Enabled, MinLength: cfg.Password.MinLength, }, + Passlink: cfg.Passlink.Enabled, Emails: Emails{ RequireVerification: cfg.Email.RequireVerification, MaxNumOfAddresses: cfg.Email.Limit, diff --git a/backend/dto/passlink.go b/backend/dto/passlink.go new file mode 100644 index 000000000..533bd47aa --- /dev/null +++ b/backend/dto/passlink.go @@ -0,0 +1,22 @@ +package dto + +import ( + "time" +) + +type PasslinkFinishRequest struct { + ID string `json:"id" validate:"required,uuid4"` + Token string `json:"token" validate:"required"` +} + +type PasslinkInitRequest struct { + UserID string `json:"user_id" validate:"required,uuid4"` + EmailID *string `json:"email_id"` + RedirectPath string `json:"redirect_path" validate:"required"` +} + +type PasslinkReturn struct { + ID string `json:"id"` + CreatedAt time.Time `json:"created_at"` + UserID string `json:"user_id"` +} diff --git a/backend/dto/webhook/email.go b/backend/dto/webhook/email.go index 40d49237a..37f5a2102 100644 --- a/backend/dto/webhook/email.go +++ b/backend/dto/webhook/email.go @@ -13,14 +13,25 @@ type EmailSend struct { } type PasscodeData struct { - ServiceName string `json:"service_name"` - OtpCode string `json:"otp_code"` - TTL int `json:"ttl"` - ValidUntil int64 `json:"valid_until"` // UnixTimestamp + ServiceName string `json:"service_name" mapstructure:"service_name"` + OtpCode string `json:"otp_code" mapstructure:"otp_code"` + TTL int `json:"ttl" mapstructure:"ttl"` + ValidUntil int64 `json:"valid_until" mapstructure:"valid_until"` // UnixTimestamp +} + +type PasslinkData struct { + ServiceName string `json:"service_name" mapstructure:"service_name"` + Token string `json:"token" mapstructure:"token"` + URL string `json:"url" mapstructure:"url"` + TTL int `json:"ttl" mapstructure:"ttl"` + ValidUntil int64 `json:"valid_until" mapstructure:"valid_until"` // UnixTimestamp + RedirectPath string `json:"redirect_path" mapstructure:"redirect_path"` + RetryLimit int `json:"retry_limit" mapstructure:"retry_limit"` } type EmailType string var ( EmailTypePasscode EmailType = "passcode" + EmailTypePasslink EmailType = "passlink" ) diff --git a/backend/go.mod b/backend/go.mod index 1ab92fe06..668287199 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -1,6 +1,8 @@ module github.com/teamhanko/hanko/backend -go 1.20 +go 1.21 + +toolchain go1.22.3 require ( github.com/brianvoe/gofakeit/v6 v6.28.0 @@ -41,6 +43,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.16.0 github.com/tidwall/sjson v1.2.5 + github.com/wk8/go-ordered-map/v2 v2.1.8 golang.org/x/crypto v0.24.0 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 golang.org/x/oauth2 v0.21.0 @@ -150,7 +153,6 @@ require ( github.com/tidwall/pretty v1.2.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect - github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/backend/go.sum b/backend/go.sum index 861c3e1fa..f5a8b1370 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -6,6 +6,7 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/ClickHouse/ch-go v0.55.0 h1:jw4Tpx887YXrkyL5DfgUome/po8MLz92nz2heOQ6RjQ= github.com/ClickHouse/ch-go v0.55.0/go.mod h1:kQT2f+yp2p+sagQA/7kS6G3ukym+GQ5KAu1kuFAFDiU= github.com/ClickHouse/clickhouse-go/v2 v2.9.1 h1:IeE2bwVvAba7Yw5ZKu98bKI4NpDmykEy6jUaQdJJCk8= @@ -78,12 +79,14 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/denisenkom/go-mssqldb v0.12.3 h1:pBSGx9Tq67pBOTLmxNuirNTeB8Vjmf886Kx+8Y+8shw= +github.com/denisenkom/go-mssqldb v0.12.3/go.mod h1:k0mtMFOnU+AihqFxPMiF05rtiDrorD1Vrm1KEz5hxDo= github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM= github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= @@ -126,6 +129,7 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= @@ -188,7 +192,9 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= +github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= +github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -222,6 +228,7 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk= github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -372,6 +379,7 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -883,6 +891,7 @@ gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo= +gotest.tools/v3 v3.3.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= diff --git a/backend/handler/passcode.go b/backend/handler/passcode.go index e5cd8d5bf..578abeafc 100644 --- a/backend/handler/passcode.go +++ b/backend/handler/passcode.go @@ -3,13 +3,17 @@ package handler import ( "errors" "fmt" + "net/http" + "strings" + "time" + "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" "github.com/labstack/echo/v4" "github.com/lestrrat-go/jwx/v2/jwt" zeroLogger "github.com/rs/zerolog/log" "github.com/sethvargo/go-limiter" - "github.com/teamhanko/hanko/backend/audit_log" + auditlog "github.com/teamhanko/hanko/backend/audit_log" "github.com/teamhanko/hanko/backend/config" "github.com/teamhanko/hanko/backend/crypto" "github.com/teamhanko/hanko/backend/dto" @@ -23,9 +27,6 @@ import ( "github.com/teamhanko/hanko/backend/webhooks/utils" "golang.org/x/crypto/bcrypt" "gopkg.in/gomail.v2" - "net/http" - "strings" - "time" ) type PasscodeHandler struct { @@ -229,14 +230,12 @@ func (h *PasscodeHandler) Init(c echo.Context) error { } err = utils.TriggerWebhooks(c, h.persister.GetConnection(), events.EmailSend, webhookData) - if err != nil { zeroLogger.Warn().Err(err).Msg("failed to trigger webhook") } } else { webhookData.DeliveredByHanko = false err = utils.TriggerWebhooks(c, h.persister.GetConnection(), events.EmailSend, webhookData) - if err != nil { return fmt.Errorf(fmt.Sprintf("failed to trigger webhook: %s", err)) } @@ -453,7 +452,7 @@ func (h *PasscodeHandler) Finish(c echo.Context) error { func (h *PasscodeHandler) GetSessionToken(c echo.Context) jwt.Token { var token jwt.Token - sessionCookie, _ := c.Cookie("hanko") + sessionCookie, _ := c.Cookie(h.cfg.Session.Cookie.GetName()) // we don't need to check the error, because when the cookie can not be found, the user is not logged in if sessionCookie != nil { token, _ = h.sessionManager.Verify(sessionCookie.Value) diff --git a/backend/handler/passlink.go b/backend/handler/passlink.go new file mode 100644 index 000000000..3de689f42 --- /dev/null +++ b/backend/handler/passlink.go @@ -0,0 +1,516 @@ +package handler + +import ( + "errors" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "github.com/gobuffalo/pop/v6" + "github.com/gofrs/uuid" + "github.com/labstack/echo/v4" + "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/rs/zerolog/log" + "github.com/sethvargo/go-limiter" + auditlog "github.com/teamhanko/hanko/backend/audit_log" + "github.com/teamhanko/hanko/backend/config" + "github.com/teamhanko/hanko/backend/crypto" + "github.com/teamhanko/hanko/backend/dto" + "github.com/teamhanko/hanko/backend/dto/webhook" + "github.com/teamhanko/hanko/backend/mail" + "github.com/teamhanko/hanko/backend/persistence" + "github.com/teamhanko/hanko/backend/persistence/models" + "github.com/teamhanko/hanko/backend/rate_limiter" + "github.com/teamhanko/hanko/backend/session" + "github.com/teamhanko/hanko/backend/webhooks/events" + "github.com/teamhanko/hanko/backend/webhooks/utils" + "golang.org/x/crypto/bcrypt" + "gopkg.in/gomail.v2" +) + +type PasslinkHandler struct { + mailer mail.Mailer + renderer *mail.Renderer + passlinkGenerator crypto.PasslinkGenerator + persister persistence.Persister + emailConfig config.EmailDelivery + serviceConfig config.Service + URL string + TTL int + sessionManager session.Manager + cfg *config.Config + auditLogger auditlog.Logger + rateLimiter limiter.Store +} + +func NewPasslinkHandler(cfg *config.Config, persister persistence.Persister, sessionManager session.Manager, mailer mail.Mailer, auditLogger auditlog.Logger) (*PasslinkHandler, error) { + renderer, err := mail.NewRenderer() + if err != nil { + return nil, fmt.Errorf("failed to create new renderer: %w", err) + } + var rateLimiter limiter.Store + if cfg.RateLimiter.Enabled { + rateLimiter = rate_limiter.NewRateLimiter(cfg.RateLimiter, cfg.RateLimiter.PasslinkLimits) + } + return &PasslinkHandler{ + mailer: mailer, + renderer: renderer, + passlinkGenerator: crypto.NewPasslinkGenerator(), + persister: persister, + emailConfig: cfg.EmailDelivery, + serviceConfig: cfg.Service, + URL: cfg.Passlink.URL, + TTL: cfg.Email.PasslinkTtl, + sessionManager: sessionManager, + cfg: cfg, + auditLogger: auditLogger, + rateLimiter: rateLimiter, + }, nil +} + +func (h *PasslinkHandler) Init(c echo.Context) error { + + var body dto.PasslinkInitRequest + if err := (&echo.DefaultBinder{}).BindBody(c, &body); err != nil { + return dto.ToHttpError(err) + } + + if err := c.Validate(body); err != nil { + return dto.ToHttpError(err) + } + + userId, err := uuid.FromString(body.UserID) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to parse userId as uuid").SetInternal(err) + } + + user, err := h.persister.GetUserPersister().Get(userId) + if err != nil { + return fmt.Errorf("failed to get user: %w", err) + } + if user == nil { + err = h.auditLogger.Create(c, models.AuditLogPasslinkLoginInitFailed, nil, fmt.Errorf("unknown user")) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + return echo.NewHTTPError(http.StatusBadRequest).SetInternal(errors.New("user not found")) + } + + if h.rateLimiter != nil { + err := rate_limiter.Limit(h.rateLimiter, userId, c) + if err != nil { + return err + } + } + + var emailId uuid.UUID + if body.EmailID != nil { + emailId, err = uuid.FromString(*body.EmailID) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to parse emailId as uuid").SetInternal(err) + } + } + + // Determine where to send the passlink + var email *models.Email + if !emailId.IsNil() { + // Send the passlink to the specified email address + email, err = h.persister.GetEmailPersister().Get(emailId) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to get email by id").SetInternal(err) + } + if email == nil { + return echo.NewHTTPError(http.StatusBadRequest, "the specified emailId is not available") + } + } else if e := user.Emails.GetPrimary(); e != nil { + // Send the passlink to the primary email address + email = e + } else { + // Workaround to support hanko element versions before v0.1.0-alpha: + // If user has no primary email, check if a cookie with an email id is present + emailIdCookie, err := c.Cookie("hanko_email_id") + if err != nil { + return fmt.Errorf("failed to get email id cookie: %w", err) + } + + if emailIdCookie != nil && emailIdCookie.Value != "" { + emailId, err = uuid.FromString(emailIdCookie.Value) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to parse emailId as uuid").SetInternal(err) + } + email, err = h.persister.GetEmailPersister().Get(emailId) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to get email by id").SetInternal(err) + } + if email == nil { + return echo.NewHTTPError(http.StatusBadRequest, "the specified emailId is not available") + } + } else { + // Can't determine email address to which the passlink should be sent to + return echo.NewHTTPError(http.StatusBadRequest, "an emailId needs to be specified") + } + } + + sessionToken := h.GetSessionToken(c) + if sessionToken != nil && sessionToken.Subject() != user.ID.String() { + // if the user is logged in and the requested user in the body does not match the user from the session then sending and finalizing passlinks is not allowed + return echo.NewHTTPError(http.StatusForbidden).SetInternal(errors.New("session.userId does not match requested userId")) + } + + if email.User != nil && email.User.ID.String() != user.ID.String() { + return echo.NewHTTPError(http.StatusForbidden).SetInternal(errors.New("email address is assigned to another user")) + } + + redirectPath := "/" + if strings.HasPrefix(body.RedirectPath, "/") { + redirectPath = body.RedirectPath + } + + now := time.Now().UTC() + id, err := uuid.NewV4() + if err != nil { + return fmt.Errorf("failed to create passlinkId: %w", err) + } + token, err := h.passlinkGenerator.Generate() + if err != nil { + return fmt.Errorf("failed to generate passlink: %w", err) + } + tokenHashed, err := bcrypt.GenerateFromPassword([]byte(token), 12) + if err != nil { + return fmt.Errorf("failed to hash passlink: %w", err) + } + + passlinkModel := models.Passlink{ + ID: id, + UserID: userId, + EmailID: email.ID, + IP: c.RealIP(), + TTL: h.TTL, + LoginCount: 0, + Reusable: false, + Token: string(tokenHashed), + CreatedAt: now, + UpdatedAt: now, + } + + redirectURL, err := h.createRedirectURL(c, id, token, redirectPath) + if err != nil { + return fmt.Errorf("failed to create passlink redirect URL: %w", err) + } + + err = h.persister.GetPasslinkPersister().Create(passlinkModel) + if err != nil { + return fmt.Errorf("failed to store passlink: %w", err) + } + + durationTTL := time.Duration(h.TTL) * time.Second + data := map[string]interface{}{ + "ServiceName": h.serviceConfig.Name, + "Token": token, + "URL": redirectURL, + "TTL": fmt.Sprintf("%.0f", durationTTL.Minutes()), + } + + lang := c.Request().Header.Get("Accept-Language") + subject := h.renderer.Translate(lang, "email_subject_login_passlink", data) + bodyPlain, err := h.renderer.Render("passlinkLoginTextMail", lang, data) + if err != nil { + return fmt.Errorf("failed to render email template: %w", err) + } + + webhookData := webhook.EmailSend{ + Subject: subject, + BodyPlain: bodyPlain, + ToEmailAddress: email.Address, + DeliveredByHanko: true, + AcceptLanguage: lang, + Type: webhook.EmailTypePasslink, + Data: webhook.PasslinkData{ + ServiceName: h.cfg.Service.Name, + Token: token, + URL: redirectURL, + TTL: h.TTL, + ValidUntil: passlinkModel.CreatedAt.Add(time.Duration(h.TTL) * time.Second).UTC().Unix(), + RedirectPath: redirectPath, + RetryLimit: 1, + }, + } + + if h.cfg.EmailDelivery.Enabled { + message := gomail.NewMessage() + message.SetAddressHeader("To", email.Address, "") + message.SetAddressHeader("From", h.emailConfig.FromAddress, h.emailConfig.FromName) + + message.SetHeader("Subject", subject) + + message.SetBody("text/plain", bodyPlain) + + err = h.mailer.Send(message) + if err != nil { + return fmt.Errorf("failed to send passlink: %w", err) + } + + err = utils.TriggerWebhooks(c, h.persister.GetConnection(), events.EmailSend, webhookData) + + if err != nil { + log.Warn().Err(err).Msg("failed to trigger webhook") + } + } else { + webhookData.DeliveredByHanko = false + err = utils.TriggerWebhooks(c, h.persister.GetConnection(), events.EmailSend, webhookData) + + if err != nil { + return fmt.Errorf(fmt.Sprintf("failed to trigger webhook: %s", err)) + } + } + + err = h.auditLogger.Create(c, models.AuditLogPasslinkLoginInitSucceeded, user, nil) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + + return c.JSON(http.StatusOK, dto.PasslinkReturn{ + ID: id.String(), + CreatedAt: passlinkModel.CreatedAt, + UserID: userId.String(), + }) +} + +func (h *PasslinkHandler) Finish(c echo.Context) error { + startTime := time.Now().UTC() + var body dto.PasslinkFinishRequest + if err := (&echo.DefaultBinder{}).BindBody(c, &body); err != nil { + return dto.ToHttpError(err) + } + + if err := c.Validate(body); err != nil { + return dto.ToHttpError(err) + } + + passlinkID, err := uuid.FromString(body.ID) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to parse passlinkId as uuid").SetInternal(err) + } + + // only if an internal server error occurs the transaction should be rolled back + var businessError error + transactionError := h.persister.Transaction(func(tx *pop.Connection) error { + passlinkPersister := h.persister.GetPasslinkPersisterWithConnection(tx) + userPersister := h.persister.GetUserPersisterWithConnection(tx) + emailPersister := h.persister.GetEmailPersisterWithConnection(tx) + primaryEmailPersister := h.persister.GetPrimaryEmailPersisterWithConnection(tx) + passlink, err := passlinkPersister.Get(passlinkID) + if err != nil { + return fmt.Errorf("failed to get passlink: %w", err) + } + if passlink == nil { + err = h.auditLogger.CreateWithConnection(tx, c, models.AuditLogPasslinkLoginFinalFailed, nil, fmt.Errorf("unknown passlink")) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + businessError = echo.NewHTTPError(http.StatusUnauthorized, "passlink not found") + return nil + } + + userModel, err := userPersister.Get(passlink.UserID) + if err != nil { + return fmt.Errorf("failed to get user: %w", err) + } + + lastVerificationTime := passlink.CreatedAt.Add(time.Duration(passlink.TTL) * time.Second) + if lastVerificationTime.Before(startTime) { + err = passlinkPersister.Delete(*passlink) + if err != nil { + return fmt.Errorf("failed to delete passlink: %w", err) + } + + err = h.auditLogger.CreateWithConnection(tx, c, models.AuditLogPasslinkLoginFinalFailed, userModel, fmt.Errorf("timed out passlink: createdAt: %s -> lastVerificationTime: %s", passlink.CreatedAt, lastVerificationTime)) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + businessError = echo.NewHTTPError(http.StatusRequestTimeout, "passlink request timed out").SetInternal(fmt.Errorf("createdAt: %s -> lastVerificationTime: %s", passlink.CreatedAt, lastVerificationTime)) // TODO: maybe we should use BadRequest, because RequestTimeout might be too technical and can refer to different error + return nil + } + + err = bcrypt.CompareHashAndPassword([]byte(passlink.Token), []byte(body.Token)) + if err != nil { + err = passlinkPersister.Delete(*passlink) + if err != nil { + return fmt.Errorf("failed to delete passlink: %w", err) + } + err = h.auditLogger.CreateWithConnection(tx, c, models.AuditLogPasslinkLoginFinalFailed, userModel, fmt.Errorf("invalid token")) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + businessError = echo.NewHTTPError(http.StatusForbidden, "invalid token") + return nil + } + + // a passlink is valid only once, except it is explicitly marked as reusable + // a reusable passlink token is a security risk, but might be useful to authenticate a again and again from same link (e.g. link in a newsletter) + if passlink.Reusable { + passlink.LoginCount += 1 + + err = passlinkPersister.Update(*passlink) + if err != nil { + return fmt.Errorf("failed to update passlink: %w", err) + } + } else { + err = passlinkPersister.Delete(*passlink) + if err != nil { + return fmt.Errorf("failed to delete passlink: %w", err) + } + } + + if passlink.Email.User != nil && passlink.Email.User.ID.String() != userModel.ID.String() { + return echo.NewHTTPError(http.StatusForbidden, "email address has been claimed by another user") + } + + emailExistsForUser := false + for _, email := range userModel.Emails { + emailExistsForUser = email.ID == passlink.Email.ID + if emailExistsForUser { + break + } + } + + existingSessionToken := h.GetSessionToken(c) + // return forbidden when none of these cases matches + if !((existingSessionToken == nil && emailExistsForUser) || // normal login: when user logs in and the email used is associated with the user + (existingSessionToken == nil && len(userModel.Emails) == 0) || // register: when user register and the user has no emails + (existingSessionToken != nil && existingSessionToken.Subject() == userModel.ID.String())) { // add email through profile: when the user adds an email while having a session and the userIds requested in the passlink and the one in the session matches + return echo.NewHTTPError(http.StatusForbidden).SetInternal(errors.New("passlink finalization not allowed")) + } + + wasUnverified := false + hasEmails := len(userModel.Emails) >= 1 // check if we need to trigger a UserCreate webhook or a UserEmailCreate one + + if !passlink.Email.Verified { + wasUnverified = true + + // Update email verified status and assign the email address to the user. + passlink.Email.Verified = true + passlink.Email.UserID = &userModel.ID + + err = emailPersister.Update(passlink.Email) + if err != nil { + return fmt.Errorf("failed to update the email verified status: %w", err) + } + + if userModel.Emails.GetPrimary() == nil { + primaryEmail := models.NewPrimaryEmail(passlink.Email.ID, userModel.ID) + err = primaryEmailPersister.Create(*primaryEmail) + if err != nil { + return fmt.Errorf("failed to create primary email: %w", err) + } + + userModel.Emails = models.Emails{passlink.Email} + userModel.SetPrimaryEmail(primaryEmail) + err = h.auditLogger.CreateWithConnection(tx, c, models.AuditLogPrimaryEmailChanged, userModel, nil) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + } + + err = h.auditLogger.CreateWithConnection(tx, c, models.AuditLogEmailVerified, userModel, nil) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + } + + var emailJwt *dto.EmailJwt + if e := userModel.Emails.GetPrimary(); e != nil { + emailJwt = dto.JwtFromEmailModel(e) + } + + token, err := h.sessionManager.GenerateJWT(passlink.UserID, emailJwt) + if err != nil { + return fmt.Errorf("failed to generate jwt: %w", err) + } + + cookie, err := h.sessionManager.GenerateCookie(token) + if err != nil { + return fmt.Errorf("failed to create session token: %w", err) + } + + c.Response().Header().Set("X-Session-Lifetime", fmt.Sprintf("%d", cookie.MaxAge)) + + if h.cfg.Session.EnableAuthTokenHeader { + c.Response().Header().Set("X-Auth-Token", token) + } else { + c.SetCookie(cookie) + } + + err = h.auditLogger.CreateWithConnection(tx, c, models.AuditLogPasslinkLoginFinalSucceeded, userModel, nil) + if err != nil { + return fmt.Errorf("failed to create audit log: %w", err) + } + + // notify about email verification result. Last step to prevent a trigger and rollback scenario + if h.cfg.Emails.RequireVerification && wasUnverified { + var evt events.Event + + if hasEmails { + evt = events.UserEmailCreate + } else { + evt = events.UserCreate + } + + utils.NotifyUserChange(c, tx, h.persister, evt, userModel.ID) + } + + return c.JSON(http.StatusOK, dto.PasslinkReturn{ + ID: passlink.ID.String(), + CreatedAt: passlink.CreatedAt, + UserID: passlink.UserID.String(), + }) + }) + + if businessError != nil { + return businessError + } + + return transactionError +} + +func (h *PasslinkHandler) GetSessionToken(c echo.Context) jwt.Token { + var token jwt.Token + sessionCookie, _ := c.Cookie("hanko") + // we don't need to check the error, because when the cookie can not be found, the user is not logged in + if sessionCookie != nil { + token, _ = h.sessionManager.Verify(sessionCookie.Value) + // we don't need to check the error, because when the token is not returned, the user is not logged in + } + + if token == nil { + authorizationHeader := c.Request().Header.Get("Authorization") + sessionToken := strings.TrimPrefix(authorizationHeader, "Bearer") + if strings.TrimSpace(sessionToken) != "" { + token, _ = h.sessionManager.Verify(sessionToken) + } + } + + return token +} + +func (h *PasslinkHandler) createRedirectURL(c echo.Context, id uuid.UUID, token string, path string) (string, error) { + redirect, err := url.Parse(h.URL) + if err != nil { + return "", fmt.Errorf("failed to parse URL for passlink finalization: %w", err) + } + + upath, err := url.Parse(path) + if err != nil { + return "", fmt.Errorf("failed to parse URL for passlink finalization: %w", err) + } + + redirect.Path = upath.Path + pqueryValues := upath.Query() + pqueryValues.Set("plid", id.String()) + pqueryValues.Set("pltk", token) + redirect.RawQuery = pqueryValues.Encode() + + return redirect.String(), nil +} diff --git a/backend/handler/passlink_admin.go b/backend/handler/passlink_admin.go new file mode 100644 index 000000000..a6eab4596 --- /dev/null +++ b/backend/handler/passlink_admin.go @@ -0,0 +1,155 @@ +package handler + +import ( + "fmt" + "net/http" + "time" + + "github.com/go-sql-driver/mysql" + "github.com/gobuffalo/pop/v6" + "github.com/gofrs/uuid" + "github.com/jackc/pgconn" + "github.com/labstack/echo/v4" + "github.com/pkg/errors" + "github.com/teamhanko/hanko/backend/crypto" + "github.com/teamhanko/hanko/backend/dto" + "github.com/teamhanko/hanko/backend/dto/admin" + "github.com/teamhanko/hanko/backend/persistence" + "github.com/teamhanko/hanko/backend/persistence/models" + "golang.org/x/crypto/bcrypt" +) + +type PasslinkHandlerAdmin struct { + passlinkGenerator crypto.PasslinkGenerator + persister persistence.Persister +} + +func NewPasslinkHandlerAdmin(persister persistence.Persister) *PasslinkHandlerAdmin { + return &PasslinkHandlerAdmin{persister: persister} +} + +func (h *PasslinkHandlerAdmin) Delete(c echo.Context) error { + passlinkId, err := uuid.FromString(c.Param("id")) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to parse passlinkId as uuid").SetInternal(err) + } + + p := h.persister.GetPasslinkPersister() + passlink, err := p.Get(passlinkId) + if err != nil { + return fmt.Errorf("failed to get passlink: %w", err) + } + + if passlink == nil { + return echo.NewHTTPError(http.StatusNotFound, "passlink not found") + } + + err = p.Delete(*passlink) + if err != nil { + return fmt.Errorf("failed to delete passlink: %w", err) + } + + return c.NoContent(http.StatusNoContent) +} + +func (h *PasslinkHandlerAdmin) Get(c echo.Context) error { + passlinkId, err := uuid.FromString(c.Param("id")) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "failed to parse passlinkId as uuid").SetInternal(err) + } + + p := h.persister.GetPasslinkPersister() + passlink, err := p.Get(passlinkId) + if err != nil { + return fmt.Errorf("failed to get passlink: %w", err) + } + + if passlink == nil { + return echo.NewHTTPError(http.StatusNotFound, "passlink not found") + } + + return c.JSON(http.StatusOK, admin.FromPasslinkModel(*passlink)) +} + +func (h *PasslinkHandlerAdmin) Create(c echo.Context) error { + var body admin.CreatePasslink + if err := (&echo.DefaultBinder{}).BindBody(c, &body); err != nil { + return dto.ToHttpError(err) + } + + if err := c.Validate(body); err != nil { + return dto.ToHttpError(err) + } + + // if no passlinkID is provided, create a new one + if body.ID == nil || body.ID.IsNil() { + passlinkId, err := uuid.NewV4() + if err != nil { + return fmt.Errorf("failed to create new passlinkId: %w", err) + } + body.ID = &passlinkId + } + + now := time.Now().UTC() + token, err := h.passlinkGenerator.Generate() + if err != nil { + return fmt.Errorf("failed to generate passlink: %w", err) + } + tokenHashed, err := bcrypt.GenerateFromPassword([]byte(token), 12) + if err != nil { + return fmt.Errorf("failed to hash passlink: %w", err) + } + + err = h.persister.GetConnection().Transaction(func(tx *pop.Connection) error { + passlink := models.Passlink{ + ID: *body.ID, + UserID: body.UserID, // FIXME: validate us + EmailID: body.EmailID, // FIXME: validate emailID + IP: c.RealIP(), + TTL: body.TTL, + LoginCount: 0, + Reusable: body.Reusable, + Token: string(tokenHashed), + CreatedAt: now, + UpdatedAt: now, + } + + err := tx.Create(&passlink) + if err != nil { + var pgErr *pgconn.PgError + var mysqlErr *mysql.MySQLError + if errors.As(err, &pgErr) { + if pgErr.Code == "23505" { + return echo.NewHTTPError(http.StatusConflict, fmt.Errorf("failed to create passlink with id '%v': %w", passlink.ID, fmt.Errorf("passlink already exists"))) + } + } else if errors.As(err, &mysqlErr) { + if mysqlErr.Number == 1062 { + return echo.NewHTTPError(http.StatusConflict, fmt.Errorf("failed to create passlink with id '%v': %w", passlink.ID, fmt.Errorf("passlink already exists"))) + } + } + return fmt.Errorf("failed to create passlink with id '%v': %w", passlink.ID, err) + } + + return nil + }) + + if httpError, ok := err.(*echo.HTTPError); ok { + return httpError + } else if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, err) + } + + p := h.persister.GetPasslinkPersister() + passlink, err := p.Get(*body.ID) + if err != nil { + return fmt.Errorf("failed to get passlink: %w", err) + } + + if passlink == nil { + return echo.NewHTTPError(http.StatusNotFound, "passlink not found") + } + + passlinkDto := admin.FromPasslinkModel(*passlink) + + return c.JSON(http.StatusOK, passlinkDto) +} diff --git a/backend/handler/password.go b/backend/handler/password.go index 593f75d46..426e78736 100644 --- a/backend/handler/password.go +++ b/backend/handler/password.go @@ -3,12 +3,15 @@ package handler import ( "errors" "fmt" + "net/http" + "unicode/utf8" + "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" "github.com/labstack/echo/v4" "github.com/lestrrat-go/jwx/v2/jwt" "github.com/sethvargo/go-limiter" - "github.com/teamhanko/hanko/backend/audit_log" + auditlog "github.com/teamhanko/hanko/backend/audit_log" "github.com/teamhanko/hanko/backend/config" "github.com/teamhanko/hanko/backend/dto" "github.com/teamhanko/hanko/backend/persistence" @@ -16,8 +19,6 @@ import ( "github.com/teamhanko/hanko/backend/rate_limiter" "github.com/teamhanko/hanko/backend/session" "golang.org/x/crypto/bcrypt" - "net/http" - "unicode/utf8" ) type PasswordHandler struct { diff --git a/backend/handler/public_router.go b/backend/handler/public_router.go index 4639acfe3..0bde6a84d 100644 --- a/backend/handler/public_router.go +++ b/backend/handler/public_router.go @@ -2,11 +2,12 @@ package handler import ( "fmt" + "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" "github.com/sethvargo/go-limiter" "github.com/sethvargo/go-limiter/httplimit" - "github.com/teamhanko/hanko/backend/audit_log" + auditlog "github.com/teamhanko/hanko/backend/audit_log" "github.com/teamhanko/hanko/backend/config" "github.com/teamhanko/hanko/backend/crypto/jwk" "github.com/teamhanko/hanko/backend/dto" @@ -153,6 +154,18 @@ func NewPublicRouter(cfg *config.Config, persister persistence.Persister, promet healthHandler := NewHealthHandler() + if cfg.Passlink.Enabled { + passlinkHandler, err := NewPasslinkHandler(cfg, persister, sessionManager, mailer, auditLogger) + if err != nil { + panic(fmt.Errorf("failed to create public passlink handler: %w", err)) + } + + passlink := g.Group("/passlink") + passlinkLogin := passlink.Group("/login", webhookMiddleware) + passlinkLogin.POST("/initialize", passlinkHandler.Init).Name = "passlink_login_initialize" + passlinkLogin.POST("/finalize", passlinkHandler.Finish).Name = "passlink_login_finalize" + } + health := e.Group("/health") health.GET("/alive", healthHandler.Alive) health.GET("/ready", healthHandler.Ready) diff --git a/backend/mail/locales/passcode.en.yaml b/backend/mail/locales/passcode.en.yaml index 3e2420ae8..92e1510de 100644 --- a/backend/mail/locales/passcode.en.yaml +++ b/backend/mail/locales/passcode.en.yaml @@ -37,3 +37,12 @@ email_registration_attempted_text: description: "Notifies the recipient that either they or someone else attempted to register for a specific service using an email address that is already in use." other: "You or someone else tried to register an email for {{ .ServiceName }}, but the provided email address is already registered. Please try to log in instead." +passlink_login_text: + description: "The sign in content of the text email." + other: "Click the link below to securely log into your account at {{ .ServiceName }}:" +passlink_ttl_text: + description: "The length how long the passcode is valid." + other: "This link is valid for {{ .TTL }} minutes and can only be used once. If you did not request this link, please ignore this email." +email_subject_login_passlink: + description: "" + other: "Confirm your sign in request to {{ .ServiceName }}" diff --git a/backend/mail/render.go b/backend/mail/render.go index 52c6f96d0..98f7c0d17 100644 --- a/backend/mail/render.go +++ b/backend/mail/render.go @@ -4,11 +4,12 @@ import ( "bytes" "embed" "fmt" + "strings" + "text/template" + "github.com/nicksnyder/go-i18n/v2/i18n" "golang.org/x/text/language" "gopkg.in/yaml.v3" - "html/template" - "strings" ) //go:embed templates/* locales/* diff --git a/backend/mail/templates/passlink-login.tmpl b/backend/mail/templates/passlink-login.tmpl new file mode 100644 index 000000000..7c21a7c1f --- /dev/null +++ b/backend/mail/templates/passlink-login.tmpl @@ -0,0 +1,7 @@ +{{define "passlinkLoginTextMail"}} +{{t "passlink_login_text" .}} + +{{ .URL }} + +{{t "passlink_ttl_text" .}} +{{end}} diff --git a/backend/persistence/migrations/20240522233121_create_passlinks.down.fizz b/backend/persistence/migrations/20240522233121_create_passlinks.down.fizz new file mode 100644 index 000000000..6056dc5ef --- /dev/null +++ b/backend/persistence/migrations/20240522233121_create_passlinks.down.fizz @@ -0,0 +1 @@ +drop_table("passlinks") diff --git a/backend/persistence/migrations/20240522233121_create_passlinks.up.fizz b/backend/persistence/migrations/20240522233121_create_passlinks.up.fizz new file mode 100644 index 000000000..f57f370c1 --- /dev/null +++ b/backend/persistence/migrations/20240522233121_create_passlinks.up.fizz @@ -0,0 +1,13 @@ +create_table("passlinks") { + t.Column("id", "uuid", {primary: true}) + t.Column("user_id", "uuid", {}) + t.Column("email_id", "uuid", {null: true}) + t.Column("ttl", "integer", {}) + t.Column("ip", "string", {}) + t.Column("token", "string", {}) + t.Column("login_count", "integer", {}) + t.Column("reusable", "bool", {}) + t.Timestamps() + t.ForeignKey("user_id", {"users": ["id"]}, {"on_delete": "cascade", "on_update": "cascade"}) + t.ForeignKey("email_id", {"emails": ["id"]}, {"on_delete": "cascade", "on_update": "cascade"}) +} diff --git a/backend/persistence/models/audit_log.go b/backend/persistence/models/audit_log.go index 5bc39bf47..86852ec0f 100644 --- a/backend/persistence/models/audit_log.go +++ b/backend/persistence/models/audit_log.go @@ -2,9 +2,10 @@ package models import ( "fmt" + "time" + "github.com/gobuffalo/pop/v6/slices" "github.com/gofrs/uuid" - "time" ) type AuditLog struct { @@ -82,6 +83,11 @@ var ( AuditLogPasscodeLoginFinalSucceeded AuditLogType = "passcode_login_final_succeeded" AuditLogPasscodeLoginFinalFailed AuditLogType = "passcode_login_final_failed" + AuditLogPasslinkLoginInitSucceeded AuditLogType = "passlink_login_init_succeeded" + AuditLogPasslinkLoginInitFailed AuditLogType = "passlink_login_init_failed" + AuditLogPasslinkLoginFinalSucceeded AuditLogType = "passlink_login_final_succeeded" + AuditLogPasslinkLoginFinalFailed AuditLogType = "passlink_login_final_failed" + AuditLogWebAuthnRegistrationInitSucceeded AuditLogType = "webauthn_registration_init_succeeded" AuditLogWebAuthnRegistrationInitFailed AuditLogType = "webauthn_registration_init_failed" AuditLogWebAuthnRegistrationFinalSucceeded AuditLogType = "webauthn_registration_final_succeeded" diff --git a/backend/persistence/models/passlink.go b/backend/persistence/models/passlink.go new file mode 100644 index 000000000..b4b3777f5 --- /dev/null +++ b/backend/persistence/models/passlink.go @@ -0,0 +1,37 @@ +package models + +import ( + "time" + + "github.com/gobuffalo/pop/v6" + "github.com/gobuffalo/validate/v3" + "github.com/gobuffalo/validate/v3/validators" + "github.com/gofrs/uuid" +) + +// Passlink is used by pop to map your passlink database table to your go code. +type Passlink struct { + ID uuid.UUID `db:"id"` + UserID uuid.UUID `db:"user_id"` + EmailID uuid.UUID `db:"email_id"` + TTL int `db:"ttl"` // in seconds + IP string `db:"ip"` + Token string `db:"token"` + LoginCount int `db:"login_count"` + Reusable bool `db:"reusable"` // by default a passlink can only used once, if reusable is set true, it can be used to authenticate the user multiple times by clicking the same link (e.g. in a newsletter) + CreatedAt time.Time `db:"created_at"` + UpdatedAt time.Time `db:"updated_at"` + Email Email `belongs_to:"email"` +} + +// Validate gets run every time you call a "pop.Validate*" (pop.ValidateAndSave, pop.ValidateAndCreate, pop.ValidateAndUpdate) method. +func (passlink *Passlink) Validate(tx *pop.Connection) (*validate.Errors, error) { + tests := []validate.Validator{ + &validators.UUIDIsPresent{Name: "ID", Field: passlink.ID}, + &validators.UUIDIsPresent{Name: "UserID", Field: passlink.UserID}, + &validators.StringLengthInRange{Name: "Token", Field: passlink.Token, Min: 16}, + &validators.TimeIsPresent{Name: "CreatedAt", Field: passlink.CreatedAt}, + &validators.TimeIsPresent{Name: "UpdatedAt", Field: passlink.UpdatedAt}, + } + return validate.Validate(tests...), nil +} diff --git a/backend/persistence/passlink_persister.go b/backend/persistence/passlink_persister.go new file mode 100644 index 000000000..4a07d4cea --- /dev/null +++ b/backend/persistence/passlink_persister.go @@ -0,0 +1,74 @@ +package persistence + +import ( + "database/sql" + "errors" + "fmt" + + "github.com/gobuffalo/pop/v6" + "github.com/gofrs/uuid" + "github.com/teamhanko/hanko/backend/persistence/models" +) + +type PasslinkPersister interface { + Get(uuid.UUID) (*models.Passlink, error) + Create(models.Passlink) error + Update(models.Passlink) error + Delete(models.Passlink) error +} + +type passlinkPersister struct { + db *pop.Connection +} + +func NewPasslinkPersister(db *pop.Connection) PasslinkPersister { + return &passlinkPersister{db: db} +} + +func (p *passlinkPersister) Get(id uuid.UUID) (*models.Passlink, error) { + passlink := models.Passlink{} + err := p.db.EagerPreload("Email.User").Find(&passlink, id) + if err != nil && errors.Is(err, sql.ErrNoRows) { + return nil, nil + } + if err != nil { + return nil, fmt.Errorf("failed to get passlink: %w", err) + } + + return &passlink, nil +} + +func (p *passlinkPersister) Create(passlink models.Passlink) error { + vErr, err := p.db.ValidateAndCreate(&passlink) + if err != nil { + return fmt.Errorf("failed to store passlink: %w", err) + } + + if vErr != nil && vErr.HasAny() { + return fmt.Errorf("passlink object validation failed: %w", vErr) + } + + return nil +} + +func (p *passlinkPersister) Update(passlink models.Passlink) error { + vErr, err := p.db.ValidateAndUpdate(&passlink) + if err != nil { + return fmt.Errorf("failed to update passlink: %w", err) + } + + if vErr != nil && vErr.HasAny() { + return fmt.Errorf("passlink object validation failed: %w", vErr) + } + + return nil +} + +func (p *passlinkPersister) Delete(passlink models.Passlink) error { + err := p.db.Destroy(&passlink) + if err != nil { + return fmt.Errorf("failed to delete passlink: %w", err) + } + + return nil +} diff --git a/backend/persistence/persister.go b/backend/persistence/persister.go index 07d2f5494..f23038cb0 100644 --- a/backend/persistence/persister.go +++ b/backend/persistence/persister.go @@ -2,6 +2,7 @@ package persistence import ( "embed" + "github.com/gobuffalo/pop/v6" "github.com/teamhanko/hanko/backend/config" "time" @@ -24,6 +25,8 @@ type Persister interface { GetUserPersisterWithConnection(tx *pop.Connection) UserPersister GetPasscodePersister() PasscodePersister GetPasscodePersisterWithConnection(tx *pop.Connection) PasscodePersister + GetPasslinkPersister() PasslinkPersister + GetPasslinkPersisterWithConnection(tx *pop.Connection) PasslinkPersister GetPasswordCredentialPersister() PasswordCredentialPersister GetPasswordCredentialPersisterWithConnection(tx *pop.Connection) PasswordCredentialPersister GetWebauthnCredentialPersister() WebauthnCredentialPersister @@ -147,6 +150,14 @@ func (p *persister) GetPasscodePersisterWithConnection(tx *pop.Connection) Passc return NewPasscodePersister(tx) } +func (p *persister) GetPasslinkPersister() PasslinkPersister { + return NewPasslinkPersister(p.DB) +} + +func (p *persister) GetPasslinkPersisterWithConnection(tx *pop.Connection) PasslinkPersister { + return NewPasslinkPersister(tx) +} + func (p *persister) GetPasswordCredentialPersister() PasswordCredentialPersister { return NewPasswordCredentialPersister(p.DB) } diff --git a/backend/test/passlink_persister.go b/backend/test/passlink_persister.go new file mode 100644 index 000000000..be5c8d7bb --- /dev/null +++ b/backend/test/passlink_persister.go @@ -0,0 +1,54 @@ +package test + +import ( + "github.com/gofrs/uuid" + "github.com/teamhanko/hanko/backend/persistence" + "github.com/teamhanko/hanko/backend/persistence/models" +) + +func NewPasslinkPersister(init []models.Passlink) persistence.PasslinkPersister { + return &passlinkPersister{append([]models.Passlink{}, init...)} +} + +type passlinkPersister struct { + passlinks []models.Passlink +} + +func (p *passlinkPersister) Get(id uuid.UUID) (*models.Passlink, error) { + var found *models.Passlink + for _, data := range p.passlinks { + if data.ID == id { + d := data + found = &d + } + } + return found, nil +} + +func (p *passlinkPersister) Create(passlink models.Passlink) error { + p.passlinks = append(p.passlinks, passlink) + return nil +} + +func (p *passlinkPersister) Update(passlink models.Passlink) error { + for i, data := range p.passlinks { + if data.ID == passlink.ID { + p.passlinks[i] = passlink + } + } + return nil +} + +func (p *passlinkPersister) Delete(passlink models.Passlink) error { + index := -1 + for i, data := range p.passlinks { + if data.ID == passlink.ID { + index = i + } + } + if index > -1 { + p.passlinks = append(p.passlinks[:index], p.passlinks[index+1:]...) + } + + return nil +} diff --git a/backend/test/persister.go b/backend/test/persister.go index 43aede38d..16b258eaf 100644 --- a/backend/test/persister.go +++ b/backend/test/persister.go @@ -10,6 +10,7 @@ import ( func NewPersister( user []models.User, passcodes []models.Passcode, + passlinks []models.Passlink, jwks []models.Jwk, credentials []models.WebauthnCredential, sessionData []models.WebauthnSessionData, @@ -27,6 +28,7 @@ func NewPersister( return &persister{ userPersister: NewUserPersister(user), passcodePersister: NewPasscodePersister(passcodes), + passlinkPersister: NewPasslinkPersister(passlinks), jwkPersister: NewJwkPersister(jwks), webauthnCredentialPersister: NewWebauthnCredentialPersister(credentials), webauthnSessionDataPersister: NewWebauthnSessionDataPersister(sessionData), @@ -46,6 +48,7 @@ func NewPersister( type persister struct { userPersister persistence.UserPersister passcodePersister persistence.PasscodePersister + passlinkPersister persistence.PasslinkPersister jwkPersister persistence.JwkPersister webauthnCredentialPersister persistence.WebauthnCredentialPersister webauthnSessionDataPersister persistence.WebauthnSessionDataPersister @@ -93,6 +96,14 @@ func (p *persister) GetPasscodePersisterWithConnection(tx *pop.Connection) persi return p.passcodePersister } +func (p *persister) GetPasslinkPersister() persistence.PasslinkPersister { + return p.passlinkPersister +} + +func (p *persister) GetPasslinkPersisterWithConnection(tx *pop.Connection) persistence.PasslinkPersister { + return p.passlinkPersister +} + func (p *persister) GetWebauthnCredentialPersister() persistence.WebauthnCredentialPersister { return p.webauthnCredentialPersister }