mirror of
https://github.com/bpg/terraform-provider-proxmox.git
synced 2025-06-30 10:33:46 +00:00
bf9e31ecfc
* chore: reformat code * chore: add commitlint config * reformat README.md * add linter config * lint & reformat docs * go linter: only new issues * fix some linting errors * more reformatting * disable linter warning for some duplicated code
116 lines
2.7 KiB
Go
116 lines
2.7 KiB
Go
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
|
|
|
package proxmox
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
)
|
|
|
|
const (
|
|
// DefaultRootAccount contains the default username and realm for the root account.
|
|
DefaultRootAccount = "root@pam"
|
|
)
|
|
|
|
// Authenticate authenticates against the specified endpoint.
|
|
func (c *VirtualEnvironmentClient) Authenticate(ctx context.Context, reset bool) error {
|
|
if c.authenticationData != nil && !reset {
|
|
return nil
|
|
}
|
|
|
|
var reqBody *bytes.Buffer
|
|
|
|
if c.OTP != nil {
|
|
reqBody = bytes.NewBufferString(fmt.Sprintf(
|
|
"username=%s&password=%s&otp=%s",
|
|
url.QueryEscape(c.Username),
|
|
url.QueryEscape(c.Password),
|
|
url.QueryEscape(*c.OTP),
|
|
))
|
|
} else {
|
|
reqBody = bytes.NewBufferString(fmt.Sprintf(
|
|
"username=%s&password=%s",
|
|
url.QueryEscape(c.Username),
|
|
url.QueryEscape(c.Password),
|
|
))
|
|
}
|
|
|
|
req, err := http.NewRequestWithContext(
|
|
ctx,
|
|
hmPOST,
|
|
fmt.Sprintf("%s/%s/access/ticket", c.Endpoint, basePathJSONAPI),
|
|
reqBody,
|
|
)
|
|
if err != nil {
|
|
return errors.New("failed to create authentication request")
|
|
}
|
|
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
res, err := c.httpClient.Do(req)
|
|
if err != nil {
|
|
return errors.New("failed to retrieve authentication response")
|
|
}
|
|
|
|
err = c.ValidateResponseCode(res)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
resBody := VirtualEnvironmentAuthenticationResponseBody{}
|
|
err = json.NewDecoder(res.Body).Decode(&resBody)
|
|
|
|
if err != nil {
|
|
return errors.New("failed to decode authentication response")
|
|
}
|
|
|
|
if resBody.Data == nil {
|
|
return errors.New("the server did not include a data object in the authentication response")
|
|
}
|
|
|
|
if resBody.Data.CSRFPreventionToken == nil {
|
|
return errors.New(
|
|
"the server did not include a CSRF prevention token in the authentication response",
|
|
)
|
|
}
|
|
|
|
if resBody.Data.Ticket == nil {
|
|
return errors.New("the server did not include a ticket in the authentication response")
|
|
}
|
|
|
|
if resBody.Data.Username == "" {
|
|
return errors.New("the server did not include the username in the authentication response")
|
|
}
|
|
|
|
c.authenticationData = resBody.Data
|
|
|
|
return nil
|
|
}
|
|
|
|
// AuthenticateRequest adds authentication data to a new request.
|
|
func (c *VirtualEnvironmentClient) AuthenticateRequest(ctx context.Context, req *http.Request) error {
|
|
err := c.Authenticate(ctx, false)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "PVEAuthCookie",
|
|
Value: *c.authenticationData.Ticket,
|
|
})
|
|
|
|
if req.Method != "GET" {
|
|
req.Header.Add("CSRFPreventionToken", *c.authenticationData.CSRFPreventionToken)
|
|
}
|
|
|
|
return nil
|
|
}
|