New: Password hashing (refs #48)

fabbricadigitale · Feb 13, 2018 · c6fccc3 · c6fccc3
1 parent 58c6233
commit c6fccc3
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/storage/mongo/adapter.go b/storage/mongo/adapter.go
@@ -7,10 +7,12 @@ import (
 	"github.com/fabbricadigitale/scimd/api/filter"
 	"github.com/fabbricadigitale/scimd/event"
 	"github.com/fabbricadigitale/scimd/schemas/core"
+	"github.com/fabbricadigitale/scimd/schemas/datatype"
 	"github.com/fabbricadigitale/scimd/schemas/resource"
 	"github.com/fabbricadigitale/scimd/storage"
 	"github.com/globalsign/mgo/bson"
 	"github.com/olebedev/emitter"
+	"golang.org/x/crypto/bcrypt"
 )
 
 // Adapter is the repository Adapter
@@ -51,6 +53,7 @@ func New(url, db, collection string) (storage.Storer, error) {
 	adapter.adaptee = driver
 	adapter.Dispatcher = event.NewDispatcher(0)
 	adapter.Emitter().Use("*", emitter.Void)
+	adapter.addListeners()
 
 	return adapter, nil
 }
@@ -284,3 +287,52 @@ func toMeta(m map[string]interface{}) core.Meta {
 
 	return meta
 }
+
+func (a *Adapter) addListeners() {
+	a.Emitter().On("create", func(event *emitter.Event) {
+		res, ok := event.Args[0].(*resource.Resource)
+
+		if ok != true {
+			return
+		}
+
+		hashPassword(res)
+
+	})
+	a.Emitter().On("update", func(event *emitter.Event) {
+		res, ok := event.Args[0].(*resource.Resource)
+
+		if ok != true {
+			return
+		}
+
+		hashPassword(res)
+
+	})
+}
+
+// hash the password value if there is the password attribute
+func hashPassword(res *resource.Resource) {
+	values := res.Values("urn:ietf:params:scim:schemas:core:2.0:User")
+	if values == nil {
+		return
+	}
+
+	passwordValue, ok := (*values)["password"]
+	if ok != true {
+		return
+	}
+
+	password := []byte(passwordValue.(datatype.String))
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 10)
+
+	if err != nil {
+		panic(err)
+	}
+
+	res.SetValues("urn:ietf:params:scim:schemas:core:2.0:User", &datatype.Complex{
+		"password": datatype.String(hashedPassword),
+	})
+
+}