feat: add caldav tokens (#1065)

# Description This PR adds API routes to create and manage caldav tokens. These tokens can be used instead of a user password - required for users who are using external auth providers and don't have a password. Fixes #842 Frontend: https://kolaente.dev/vikunja/frontend/pulls/1186 Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1065
2022-03-30 18:25:56 +00:00
parent 726a517bec
commit e4b50e84a4
13 changed files with 697 additions and 38 deletions
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -75,7 +75,6 @@ import (
 	apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
 	"code.vikunja.io/api/pkg/routes/caldav"
 	_ "code.vikunja.io/api/pkg/swagger" // To generate swagger docs
-	"code.vikunja.io/api/pkg/user"
 	"code.vikunja.io/api/pkg/version"
 	"code.vikunja.io/web"
 	"code.vikunja.io/web/handler"
@ -194,7 +193,7 @@ func RegisterRoutes(e *echo.Echo) {
 	if config.ServiceEnableCaldav.GetBool() {
 		// Caldav routes
 		wkg := e.Group("/.well-known")
-		wkg.Use(middleware.BasicAuth(caldavBasicAuth))
+		wkg.Use(middleware.BasicAuth(caldav.BasicAuth))
 		wkg.Any("/caldav", caldav.PrincipalHandler)
 		wkg.Any("/caldav/", caldav.PrincipalHandler)
 		c := e.Group("/dav")
@ -323,6 +322,9 @@ func registerAPIRoutes(a *echo.Group) {
 	u.POST("/export/request", apiv1.RequestUserDataExport)
 	u.POST("/export/download", apiv1.DownloadUserDataExport)
 	u.GET("/timezones", apiv1.GetAvailableTimezones)
+	u.PUT("/settings/token/caldav", apiv1.GenerateCaldavToken)
+	u.GET("/settings/token/caldav", apiv1.GetCaldavTokens)
+	u.DELETE("/settings/token/caldav/:id", apiv1.DeleteCaldavToken)

 	if config.ServiceEnableTotp.GetBool() {
 		u.GET("/settings/totp", apiv1.UserTOTP)
@ -663,7 +665,7 @@ func registerMigrations(m *echo.Group) {
 func registerCalDavRoutes(c *echo.Group) {

 	// Basic auth middleware
-	c.Use(middleware.BasicAuth(caldavBasicAuth))
+	c.Use(middleware.BasicAuth(caldav.BasicAuth))

 	// THIS is the entry point for caldav clients, otherwise lists will show up double
 	c.Any("", caldav.EntryHandler)
@ -675,26 +677,3 @@ func registerCalDavRoutes(c *echo.Group) {
 	c.Any("/lists/:list/", caldav.ListHandler)
 	c.Any("/lists/:list/:task", caldav.TaskHandler) // Mostly used for editing
 }
-
-func caldavBasicAuth(username, password string, c echo.Context) (bool, error) {
-	creds := &user.Login{
-		Username: username,
-		Password: password,
-	}
-	s := db.NewSession()
-	defer s.Close()
-	u, err := user.CheckUserCredentials(s, creds)
-	if err != nil {
-		_ = s.Rollback()
-		log.Errorf("Error during basic auth for caldav: %v", err)
-		return false, nil
-	}
-
-	if err := s.Commit(); err != nil {
-		return false, err
-	}
-
-	// Save the user in echo context for later use
-	c.Set("userBasicAuth", u)
-	return true, nil
-}