From c6fccc3c5e6068f988e8539bed8c2bb3ee620c83 Mon Sep 17 00:00:00 2001
From: Marco Menoni <m.menoni@fabbricadigitale.it>
Date: Tue, 13 Feb 2018 11:00:59 +0100
Subject: [PATCH] New: Password hashing (refs #48)

---
 storage/mongo/adapter.go | 52 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/storage/mongo/adapter.go b/storage/mongo/adapter.go
index fa031b3..221fb2a 100644
--- a/storage/mongo/adapter.go
+++ b/storage/mongo/adapter.go
@@ -7,10 +7,12 @@ import (
 	"github.com/fabbricadigitale/scimd/api/filter"
 	"github.com/fabbricadigitale/scimd/event"
 	"github.com/fabbricadigitale/scimd/schemas/core"
+	"github.com/fabbricadigitale/scimd/schemas/datatype"
 	"github.com/fabbricadigitale/scimd/schemas/resource"
 	"github.com/fabbricadigitale/scimd/storage"
 	"github.com/globalsign/mgo/bson"
 	"github.com/olebedev/emitter"
+	"golang.org/x/crypto/bcrypt"
 )
 
 // Adapter is the repository Adapter
@@ -51,6 +53,7 @@ func New(url, db, collection string) (storage.Storer, error) {
 	adapter.adaptee = driver
 	adapter.Dispatcher = event.NewDispatcher(0)
 	adapter.Emitter().Use("*", emitter.Void)
+	adapter.addListeners()
 
 	return adapter, nil
 }
@@ -284,3 +287,52 @@ func toMeta(m map[string]interface{}) core.Meta {
 
 	return meta
 }
+
+func (a *Adapter) addListeners() {
+	a.Emitter().On("create", func(event *emitter.Event) {
+		res, ok := event.Args[0].(*resource.Resource)
+
+		if ok != true {
+			return
+		}
+
+		hashPassword(res)
+
+	})
+	a.Emitter().On("update", func(event *emitter.Event) {
+		res, ok := event.Args[0].(*resource.Resource)
+
+		if ok != true {
+			return
+		}
+
+		hashPassword(res)
+
+	})
+}
+
+// hash the password value if there is the password attribute
+func hashPassword(res *resource.Resource) {
+	values := res.Values("urn:ietf:params:scim:schemas:core:2.0:User")
+	if values == nil {
+		return
+	}
+
+	passwordValue, ok := (*values)["password"]
+	if ok != true {
+		return
+	}
+
+	password := []byte(passwordValue.(datatype.String))
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 10)
+
+	if err != nil {
+		panic(err)
+	}
+
+	res.SetValues("urn:ietf:params:scim:schemas:core:2.0:User", &datatype.Complex{
+		"password": datatype.String(hashedPassword),
+	})
+
+}