MCPcopy
hub / github.com/kopia/kopia / getAuthenticator

Method getAuthenticator

cli/command_server_start.go:344–409  ·  view source on GitHub ↗
(ctx context.Context)

Source from the content-addressed store, hash-verified

342}
343
344func (c *commandServerStart) getAuthenticator(ctx context.Context) (auth.Authenticator, error) {
345 var authenticators []auth.Authenticator
346
347 // handle passwords (UI and remote) from htpasswd file.
348 if c.serverStartHtpasswdFile != "" {
349 f, err := htpasswd.New(c.serverStartHtpasswdFile, htpasswd.DefaultSystems, nil)
350 if err != nil {
351 return nil, errors.Wrap(err, "error initializing htpasswd")
352 }
353
354 authenticators = append(authenticators, auth.AuthenticateHtpasswdFile(f))
355 }
356
357 // handle UI password (--without-password, --password or --random-password)
358 switch {
359 case c.serverStartWithoutPassword:
360 if !c.serverStartInsecure {
361 return nil, errors.New("--without-password specified without --insecure, refusing to start server")
362 }
363
364 return nil, nil
365
366 case c.sf.serverPassword != "":
367 authenticators = append(authenticators, auth.AuthenticateSingleUser(c.sf.serverUsername, c.sf.serverPassword))
368
369 case c.serverStartRandomPassword:
370 // generate very long random one-time password
371 b := make([]byte, serverRandomPasswordLength)
372 io.ReadFull(rand.Reader, b) //nolint:errcheck
373
374 randomPassword := hex.EncodeToString(b)
375
376 // print it to the stderr bypassing any log file so that the user or calling process can connect
377 fmt.Fprintln(c.out.stderr(), "SERVER PASSWORD:", randomPassword) //nolint:errcheck
378
379 authenticators = append(authenticators, auth.AuthenticateSingleUser(c.sf.serverUsername, randomPassword))
380 }
381
382 // handle server control password
383 switch {
384 case c.serverControlPassword != "":
385 authenticators = append(authenticators, auth.AuthenticateSingleUser(c.serverControlUsername, c.serverControlPassword))
386
387 case c.randomServerControlPassword:
388 // generate very long random one-time password
389 b := make([]byte, serverRandomPasswordLength)
390 io.ReadFull(rand.Reader, b) //nolint:errcheck
391
392 randomPassword := hex.EncodeToString(b)
393
394 // print it to the stderr bypassing any log file so that the user or calling process can connect
395 fmt.Fprintln(c.out.stderr(), "SERVER CONTROL PASSWORD:", randomPassword) //nolint:errcheck
396
397 authenticators = append(authenticators, auth.AuthenticateSingleUser(c.serverControlUsername, randomPassword))
398 }
399
400 log(ctx).Infof(`
401Server will allow connections from users whose accounts are stored in the repository.

Callers 1

serverStartOptionsMethod · 0.95

Calls 5

AuthenticateHtpasswdFileFunction · 0.92
AuthenticateSingleUserFunction · 0.92
CombineAuthenticatorsFunction · 0.92
stderrMethod · 0.80

Tested by

no test coverage detected