pep update

go.mod

@@ -1,27 +1,28 @@
 module github.com/vs-uulm/ztsfc_http_pep
 
-go 1.20
+go 1.21
+
+toolchain go1.21.3
 
 require (
-	github.com/go-webauthn/webauthn v0.8.4
-	github.com/golang-jwt/jwt/v5 v5.0.0
+	github.com/go-webauthn/webauthn v0.10.0
+	github.com/golang-jwt/jwt/v5 v5.2.0
 	github.com/leobrada/golang_convenience_tools v0.0.0-20231027190949-23729c408209
 	github.com/leobrada/yaml_tools v0.0.0-20220115205103-7f6e1de7ab2e
 	github.com/vs-uulm/ztsfc_http_attributes v0.0.0-20230718145859-e9c5fbffbfa7
 	github.com/vs-uulm/ztsfc_http_logger v0.0.0-20220504121928-852f30c337e5
 )
 
 require (
-	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/go-webauthn/x v0.1.4 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.5.0 // indirect
+	github.com/go-webauthn/x v0.1.6 // indirect
 	github.com/google/go-tpm v0.9.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/uuid v1.5.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,20 +1,18 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
-github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
-github.com/go-webauthn/webauthn v0.8.4 h1:/emQ9b9Rj4flWO94Fo8KJeYvZ6VzPywXsmqyDA/WicY=
-github.com/go-webauthn/webauthn v0.8.4/go.mod h1:ZqEa9OnSCdQf6CJvTWTDCsUcPRi8F3h7XCIDINwbBgI=
-github.com/go-webauthn/x v0.1.4 h1:sGmIFhcY70l6k7JIDfnjVBiAAFEssga5lXIUXe0GtAs=
-github.com/go-webauthn/x v0.1.4/go.mod h1:75Ug0oK6KYpANh5hDOanfDI+dvPWHk788naJVG/37H8=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE=
+github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/go-webauthn/webauthn v0.10.0 h1:yuW2e1tXnRAwAvKrR4q4LQmc6XtCMH639/ypZGhZCwk=
+github.com/go-webauthn/webauthn v0.10.0/go.mod h1:l0NiauXhL6usIKqNLCUM3Qir43GK7ORg8ggold0Uv/Y=
+github.com/go-webauthn/x v0.1.6 h1:QNAX+AWeqRt9loE8mULeWJCqhVG5D/jvdmJ47fIWCkQ=
+github.com/go-webauthn/x v0.1.6/go.mod h1:W8dFVZ79o4f+nY1eOUICy/uq5dhrRl7mxQkYhXTo0FA=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
 github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/leobrada/golang_convenience_tools v0.0.0-20231027190949-23729c408209 h1:LceJohOLR4c3Th+aS9p+XEuTmKWmKtxUSHkrfcs4sz4=
 github.com/leobrada/golang_convenience_tools v0.0.0-20231027190949-23729c408209/go.mod h1:dFsd7aKdV12xS9hk+9raiGEYRBsuwbXRjm9mVq2cxoo=
 github.com/leobrada/yaml_tools v0.0.0-20220115205103-7f6e1de7ab2e h1:n4X/33vxeWGlhENDCMUKufuZifF47Qmo/9hOa8BwBrY=
@@ -28,19 +26,20 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/vs-uulm/ztsfc_http_attributes v0.0.0-20230718145859-e9c5fbffbfa7 h1:pH6seXj8/nr3zYukY7ORGGfjD3pi6XPVYr0owyyDWUI=
 github.com/vs-uulm/ztsfc_http_attributes v0.0.0-20230718145859-e9c5fbffbfa7/go.mod h1:UtWW5IW19hJTM0sEwrq1zXYtl5Rn8F9ZhNJMl2nGktM=
 github.com/vs-uulm/ztsfc_http_logger v0.0.0-20220504121928-852f30c337e5 h1:eAWkREs64xbx/J/Zpaz0hcntd1ETTJpWGs3jhP6ZEM0=
 github.com/vs-uulm/ztsfc_http_logger v0.0.0-20220504121928-852f30c337e5/go.mod h1:nMQjdzVj5ytXMyxmRBPqWuM04x05OdhLuy6eK/99UCc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/app/basic_auth/basic_auth.go

@@ -13,6 +13,7 @@ import (
 	logger "github.com/vs-uulm/ztsfc_http_logger"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/config"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/metadata"
+	"github.com/vs-uulm/ztsfc_http_pep/internal/app/resources"
 )
 
 type ZTSFCClaims struct {
@@ -49,20 +50,6 @@ func ClientHasValidSession(sysLogger *logger.Logger, w http.ResponseWriter, req
 		sysLogger.Errorf("basic_auth: ClientHasValidSession(): could not parse jwt claims")
 	}
 
-	/*
-		failedAttempts, err := getFailedAuthAttempts(sysLogger, username)
-		if err != nil {
-			sysLogger.Errorf("basic_auth: validUser(): For presented username '%s' the failed PW authentication attempts could not retrieved from PIP: %v.", username, err)
-			HandleFormResponse("Internal Error. Try again later", w)
-			return false
-		}
-		if failedAttempts > 3 {
-			sysLogger.Errorf("basic_auth: validUser(): Presented username '%s' has too many failed PW authentication attempts", username)
-			HandleFormResponse("You user account has been suspended", w)
-			return false
-		}
-	*/
-
 	cpm.User = claims.Subject
 	if claims.UserAuthType == "password" {
 		cpm.PwAuthenticated = true
@@ -76,49 +63,45 @@ func ClientHasValidSession(sysLogger *logger.Logger, w http.ResponseWriter, req
 
 	cpm.CertAuthenticated = performX509auth(req)
 
-	return true
+	return cpm.CertAuthenticated
 }
 
-func BasicAuth(sysLogger *logger.Logger, w http.ResponseWriter, req *http.Request, cpm *metadata.CpMetadata) bool {
+func PerformAuthentication(sysLogger *logger.Logger, w http.ResponseWriter, req *http.Request, cpm *metadata.CpMetadata) {
 	// Device Authentication
 	cpm.CertAuthenticated = performX509auth(req)
 	if !cpm.CertAuthenticated {
-		return false
+		return
 	}
 
 	// User Authentication
 	switch req.URL.Path {
 	// Password Authentication
-	case "/password-authentication":
-		cpm.PwAuthenticated = performPasswdAuth(sysLogger, w, req)
-		return cpm.PwAuthenticated
+	case "/40d2343b/welcome-page":
+		HandleAuthenticationWelcome("", w)
+		return
+	case "/40d2343b/password-authentication":
+		performPasswdAuth(sysLogger, w, req)
+		return
 	// Passkey Authentication
-	case "/passkey-authentication":
+	case "/40d2343b/passkey-authentication":
 		HandlePasskeyAuthentication("", w)
-		return false
-	case "/begin-passkey-register":
+		return
+	case "/40d2343b/begin-passkey-register":
 		BeginPasskeyRegistration(w, req)
-		return false
-	case "/finish-passkey-register":
+		return
+	case "/40d2343b/finish-passkey-register":
 		FinishPasskeyRegistration(w, req)
-		return false
-	case "/begin-passkey-login":
+		return
+	case "/40d2343b/begin-passkey-login":
 		BeginPasskeyLogin(w, req)
-		return false
-	case "/finish-passkey-login":
+		return
+	case "/40d2343b/finish-passkey-login":
 		FinishPasskeyLogin(sysLogger, w, req)
-		return false
-	// All other cases for user without valid session
+		return
 	default:
-		HandleAuthenticationWelcome("", w)
-		return false
+		http.Redirect(w, req, "https://"+req.Host+"/40d2343b/welcome-page", http.StatusFound) // 302
+		return
 	}
-	//HandleFormResponse("", w)
-	//cpm.PwAuthenticated = performPasswdAuth(sysLogger, w, req)
-	//if !cpm.PwAuthenticated {
-	//	return false
-	//}
-	//return true
 }
 
 func setCookieAndFinishAuthentication(sysLogger *logger.Logger, w http.ResponseWriter, req *http.Request, username, authType string) error {
@@ -212,7 +195,6 @@ func pushAuthSuccess(sysLogger *logger.Logger, username string) error {
 	return nil
 }
 
-// TODO: Writing an own endpoint for getting failed PW authentications?
 func getFailedAuthAttempts(sysLogger *logger.Logger, username string) (int, error) {
 
 	usr := rattr.NewEmptyUser()
@@ -242,120 +224,8 @@ func getFailedAuthAttempts(sysLogger *logger.Logger, username string) (int, erro
 }
 
 func HandleAuthenticationWelcome(msg string, w http.ResponseWriter) {
-	response := `
-	<!DOCTYPE html>
-	<html>
-    	<head>
-        	<meta charset="UTF-8">
-        	<title>Zero Trust Service Function Chaining</title>
-        	<meta name="viewport" content="width=device-width, initial-scale=1">
-        	<link rel="stylesheet" href="/welcome/style.css">
-        	<script src="/welcome/script.js" defer></script>
-    	</head>
-		<body>
-			<div class="container">
-				<h1>Zero Trust Service Function Chaining<br>Login Portal</h1>
-				<h3>` + msg + `</h3>
-				<div class="button-container">
-					<button id="password-auth-button">Password Authentication</button>
-					<button id="passkey-auth-button">Passkey Authentication</button>
-				</div>
-			</div>
-		</body>
-	</html>	
-	`
-
-	w.WriteHeader(http.StatusOK)
+	welcomePage := resources.GenerateWelcomePage(msg)
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	fmt.Fprint(w, response)
+	w.WriteHeader(http.StatusOK)
+	fmt.Fprint(w, welcomePage)
 }
-
-//response := `<!DOCTYPE html>
-//	<html>
-//		<head>
-//			<meta charset="UTF-8">
-//			<title>Zero Trust Service Function Chaining</title>
-//			<meta name="viewport" content="width=device-width, initial-scale=1">
-//			<style>
-//				body {
-//					font-family: "Segoe UI", "Roboto", sans-serif;
-//					background-color: #f2f2f2;
-//					margin: 0;
-//				}
-//
-//				.container {
-//					background-color: #fff;
-//					border-radius: 5px;
-//					box-shadow: 0 0 20px rgba(0,0,0,0.2);
-//					margin: 50px auto;
-//					padding: 30px;
-//					max-width: 700px;
-//				}
-//
-//				h1 {
-//					font-size: 36px;
-//					margin: 0 0 20px;
-//					text-align: center;
-//					color: #333;
-//				}
-//
-//				h3 {
-//					font-size: 18px;
-//					margin: 0 0 10px;
-//					text-align: center;
-//					color: #f44336;
-//				}
-//
-//				.button-container {
-//					display: flex;
-//					justify-content: center;
-//					margin-top: 30px;
-//				}
-//
-//				.button-container button {
-//					padding: 12px 20px;
-//					border-radius: 5px;
-//					border: none;
-//					background-color: #4caf50;
-//					color: #fff;
-//					font-size: 16px;
-//					cursor: pointer;
-//					margin: 0 10px;
-//					transition: background-color 0.3s ease-in-out;
-//				}
-//
-//				.button-container button:hover {
-//					background-color: #3e8e41;
-//				}
-//			</style>
-//			<script>
-//				function navigateToWebsite(path) {
-//					window.location.href = path;
-//				}
-//
-//				document.addEventListener('DOMContentLoaded', function() {
-//					var passwordAuthButton = document.getElementById('password-auth-button');
-//					var passkeyAuthButton = document.getElementById('passkey-auth-button');
-//
-//					passwordAuthButton.addEventListener('click', function() {
-//						navigateToWebsite('/password-authentication');
-//					});
-//
-//					passkeyAuthButton.addEventListener('click', function() {
-//						navigateToWebsite('/passkey-authentication');
-//					});
-//				});
-//			</script>
-//		</head>
-//		<body>
-//			<div class="container">
-//				<h1>Zero Trust Service Function Chaining<br>Login Portal</h1>
-//				<h3>` + msg + `</h3>
-//				<div class="button-container">
-//					<button id="password-auth-button">Password Authentication</button>
-//					<button id="passkey-auth-button">Passkey Authentication</button>
-//				</div>
-//			</div>
-//		</body>
-//	</html>
-//	`

internal/app/basic_auth/passkey_authentication.go

@@ -155,7 +155,7 @@ func HandlePasskeyAuthentication(msg string, w http.ResponseWriter) {
 					// Function for WebAuthn Registration
 					async function register(username) {
 						// Get challenge from server
-						const response = await fetch('/begin-passkey-register', {
+						const response = await fetch('/40d2343b/begin-passkey-register', {
 							method: 'POST',
 							headers: {
 								'Content-Type': 'application/json'
@@ -186,7 +186,7 @@ func HandlePasskeyAuthentication(msg string, w http.ResponseWriter) {
 							// authenticatorAttachment: ...,
 						};
 	
-						await fetch('/finish-passkey-register', {
+						await fetch('/40d2343b/finish-passkey-register', {
 							method: 'POST',
 							headers: {
 								'Content-Type': 'application/json'
@@ -198,7 +198,7 @@ func HandlePasskeyAuthentication(msg string, w http.ResponseWriter) {
 					// Function for WebAuthn Login
 					async function login(username) {
 						// Get challenge from server
-						const response = await fetch('/begin-passkey-login', {
+						const response = await fetch('/40d2343b/begin-passkey-login', {
 							method: 'POST',
 							headers: {
 								'Content-Type': 'application/json'
@@ -227,7 +227,7 @@ func HandlePasskeyAuthentication(msg string, w http.ResponseWriter) {
 							},
 						};
 	
-						await fetch('/finish-passkey-login', {
+						await fetch('/40d2343b/finish-passkey-login', {
 							method: 'POST',
 							headers: {
 								'Content-Type': 'application/json'