registration: add admin email Caddyfile directive

greenpau · Feb 11, 2022 · 7d3de72 · 7d3de72
1 parent f9f1ae3
commit 7d3de72
Show file tree

Hide file tree

Showing 10 changed files with 65 additions and 12 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -81,10 +81,10 @@ module github.com/greenpau/caddy-security
 go 1.16
 
 require (
-    github.com/greenpau/go-authcrunch v1.0.14
+    github.com/greenpau/go-authcrunch v1.0.15
 )
 
-replace github.com/greenpau/go-authcrunch v1.0.14 => /home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
+replace github.com/greenpau/go-authcrunch v1.0.15 => /home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
 ```
 
 Then, modify `Makefile` such that that replacement passes to `xcaddy` builder:
@@ -93,7 +93,7 @@ Then, modify `Makefile` such that that replacement passes to `xcaddy` builder:
         @mkdir -p ../xcaddy-$(PLUGIN_NAME) && cd ../xcaddy-$(PLUGIN_NAME) && \
                 xcaddy build $(CADDY_VERSION) --output ../$(PLUGIN_NAME)/bin/caddy \
                 --with github.com/greenpau/caddy-security@$(LATEST_GIT_COMMIT)=$(BUILD_DIR) \
-                --with github.com/greenpau/[email protected].14=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
+                --with github.com/greenpau/[email protected].15=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
 ```
 
 Once all the necessary packages are installed, you should be ready to compile

diff --git a/Makefile b/Makefile
@@ -17,7 +17,7 @@ all: info
 		xcaddy build $(CADDY_VERSION) --output ../$(PLUGIN_NAME)/bin/caddy \
 		--with github.com/greenpau/caddy-security@$(LATEST_GIT_COMMIT)=$(BUILD_DIR) \
 		--with github.com/greenpau/[email protected]
-	@#--with github.com/greenpau/[email protected].14=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
+	@#--with github.com/greenpau/[email protected].15=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
 	@#bin/caddy run -config assets/config/Caddyfile
 	@for f in `find ./assets -type f -name 'Caddyfile'`; do bin/caddy fmt -overwrite $$f; done
 

diff --git a/assets/config/Caddyfile b/assets/config/Caddyfile
@@ -5,10 +5,17 @@
 	https_port 8443
 
 	security {
-		credentials smtp.contoso.com {
-			username foo
-			password bar
-			domain contoso.com
+		credentials root@localhost {
+			username root
+			password foobar
+		}
+
+		messaging email provider localhost-smtp-server {
+			address 127.0.0.1:1025
+			protocol smtp
+			passwordless
+			sender root@localhost "My Auth Portal"
+			bcc greenpau@localhost
 		}
 
 		authentication portal myportal {
@@ -26,6 +33,15 @@
 				action add role authp/user
 				ui link "Portal Settings" /auth/settings icon "las la-cog"
 			}
+			registration {
+				dropbox assets/config/registrations.json
+				title "User Registration"
+				code "NY2020"
+				require accept terms
+				require domain mx
+				email provider localhost-smtp-server
+				admin email root@localhost
+			}
 		}
 
 		authorization policy mypolicy {

diff --git a/assets/config/registrations.json b/assets/config/registrations.json
@@ -0,0 +1,24 @@
+{
+  "version": "1.0.14",
+  "policy": {
+    "password": {
+      "keep_versions": 10,
+      "min_length": 8,
+      "max_length": 128,
+      "require_uppercase": false,
+      "require_lowercase": false,
+      "require_number": false,
+      "require_non_alpha_numeric": false,
+      "block_reuse": false,
+      "block_password_change": false
+    },
+    "user": {
+      "min_length": 3,
+      "max_length": 50,
+      "allow_non_alpha_numeric": false,
+      "allow_uppercase": false
+    }
+  },
+  "revision": 1,
+  "last_modified": "2022-02-11T02:28:16.795785781Z"
+}
diff --git a/caddyfile_authn.go b/caddyfile_authn.go
@@ -99,6 +99,7 @@ const (
 //       dropbox <file/path/to/registration/dir/>
 //       require accept terms
 //       require domain mx
+//       admin email <email_address> [<email_address_N>]
 //     }
 //
 //     validate source address

diff --git a/caddyfile_authn_registration.go b/caddyfile_authn_registration.go
@@ -70,6 +70,15 @@ func parseCaddyfileAuthPortalRegistration(h *caddyfile.Dispenser, repl *caddy.Re
 				return h.Errf("%s directive must be followed by provider keyword", rootDirective)
 			}
 			portal.UserRegistrationConfig.EmailProvider = args[1]
+		case "admin":
+			args := util.FindReplaceAll(repl, h.RemainingArgs())
+			if len(args) < 2 {
+				return h.Errf("%s directive %q invalid number of args", rootDirective, args)
+			}
+			if args[0] != "email" {
+				return h.Errf("%s directive must be followed by email keyword", rootDirective)
+			}
+			portal.UserRegistrationConfig.AdminEmails = args[1:]
 		default:
 			return h.Errf("unsupported subdirective for %s: %s", rootDirective, subDirective)
 		}

diff --git a/caddyfile_messaging.go b/caddyfile_messaging.go
@@ -38,6 +38,7 @@ const (
 //     sender <email_address> [name]
 //     template password_recovery <path>
 //     template registration_confirmation <path>
+//     template registration_ready <path>
 //     template registration_verdict <path>
 //     template mfa_otp <path>
 //     bcc <email_address_1> <email_address2>

diff --git a/caddyfile_messaging_test.go b/caddyfile_messaging_test.go
@@ -48,6 +48,7 @@ func TestParseCaddyfileMessaging(t *testing.T) {
 				sender root@localhost "Auth Portal"
 				template password_recovery path/to/password_recovery.tmpl
 				template registration_confirmation path/to/registration_confirmation.tmpl
+				template registration_ready path/to/registration_ready.tmpl
 				template registration_verdict path/to/registration_verdict.tmpl
 				template mfa_otp path/to/mfa_otp.tmpl
             }`),
@@ -75,7 +76,8 @@ func TestParseCaddyfileMessaging(t *testing.T) {
                         "mfa_otp": "path/to/mfa_otp.tmpl",
                         "password_recovery": "path/to/password_recovery.tmpl",
                         "registration_confirmation": "path/to/registration_confirmation.tmpl",
-                        "registration_verdict": "path/to/registration_verdict.tmpl"
+                        "registration_ready": "path/to/registration_ready.tmpl",
+						"registration_verdict": "path/to/registration_verdict.tmpl"
                       }
                     }
                   ]

diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.16
 require (
 	github.com/caddyserver/caddy/v2 v2.4.6
 	github.com/google/go-cmp v0.5.7
-	github.com/greenpau/go-authcrunch v1.0.14
+	github.com/greenpau/go-authcrunch v1.0.15
 	github.com/satori/go.uuid v1.2.0
 	go.uber.org/zap v1.20.0
 )
diff --git a/go.sum b/go.sum
@@ -476,8 +476,8 @@ github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/greenpau/go-authcrunch v1.0.14 h1:qhU7INhMgwWQRqTbqB1yEmA75qnfNRtHz6XkA/aS1To=
-github.com/greenpau/go-authcrunch v1.0.14/go.mod h1:M/Np8/Vtfa7swLjXyQgpUBEzPDl0gr8Sqdm6GUCNQeI=
+github.com/greenpau/go-authcrunch v1.0.15 h1:hXEy1QFBRIph5uZlFGA4G0JvKfX6WZjXBR568ChcHwU=
+github.com/greenpau/go-authcrunch v1.0.15/go.mod h1:M/Np8/Vtfa7swLjXyQgpUBEzPDl0gr8Sqdm6GUCNQeI=
 github.com/greenpau/versioned v1.0.27 h1:aFJ16tzsUkbc6WT7DRia60S0VrgWzBNuul3h0RXFKxM=
 github.com/greenpau/versioned v1.0.27/go.mod h1:rtFCvaWWNbMH4CJnje/xicgmrM63j++rUh5juSu0k/A=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=