From 81fc5c6a2c6df38025961945cb496ccc4d432036 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Tue, 26 Nov 2019 00:58:00 -0500
Subject: allow configuring the allowed login methods for the web server

---
 teleterm/src/cmd/web.rs  |  1 +
 teleterm/src/config.rs   | 26 ++++++++++++++++++++++++++
 teleterm/src/protocol.rs |  2 +-
 teleterm/src/web.rs      |  9 +++++++++
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/teleterm/src/cmd/web.rs b/teleterm/src/cmd/web.rs
index 0ec1daa..e292288 100644
--- a/teleterm/src/cmd/web.rs
+++ b/teleterm/src/cmd/web.rs
@@ -21,6 +21,7 @@ impl crate::config::Config for Config {
             self.web.listen_address,
             self.web.public_address.clone(),
             self.web.server_address.clone(),
+            self.web.allowed_login_methods.clone(),
         ))
     }
 }
diff --git a/teleterm/src/config.rs b/teleterm/src/config.rs
index 6dd18b9..7454a2a 100644
--- a/teleterm/src/config.rs
+++ b/teleterm/src/config.rs
@@ -570,6 +570,13 @@ pub struct Web {
         default = "default_connect_address"
     )]
     pub server_address: (String, std::net::SocketAddr),
+
+    #[serde(
+        deserialize_with = "allowed_login_methods",
+        default = "default_allowed_login_methods"
+    )]
+    pub allowed_login_methods:
+        std::collections::HashSet<crate::protocol::AuthType>,
 }
 
 impl Web {
@@ -580,6 +587,7 @@ impl Web {
             "Host and port that the web server will be publicly available on (defaults to the listen address)";
         let server_address_help =
             "Host and port of the teleterm server (defaults to localhost:4144)";
+        let allowed_login_methods_help = "Comma separated list containing the auth methods this server should allow. Allows everything by default, valid values are plain, recurse_center";
         app.arg(
             clap::Arg::with_name(LISTEN_ADDRESS_OPTION)
                 .long(LISTEN_ADDRESS_OPTION)
@@ -601,6 +609,14 @@ impl Web {
                 .value_name("HOST:PORT")
                 .help(server_address_help),
         )
+        .arg(
+            clap::Arg::with_name(ALLOWED_LOGIN_METHODS_OPTION)
+                .long(ALLOWED_LOGIN_METHODS_OPTION)
+                .use_delimiter(true)
+                .takes_value(true)
+                .value_name("AUTH_METHODS")
+                .help(allowed_login_methods_help),
+        )
     }
 
     pub fn merge_args<'a>(
@@ -625,6 +641,15 @@ impl Web {
             let address = matches.value_of(SERVER_ADDRESS_OPTION).unwrap();
             self.server_address = to_connect_address(address)?;
         }
+        if matches.is_present(ALLOWED_LOGIN_METHODS_OPTION) {
+            self.allowed_login_methods = matches
+                .values_of(ALLOWED_LOGIN_METHODS_OPTION)
+                .unwrap()
+                .map(crate::protocol::AuthType::try_from)
+                .collect::<Result<
+                    std::collections::HashSet<crate::protocol::AuthType>,
+                >>()?;
+        }
         Ok(())
     }
 }
@@ -635,6 +660,7 @@ impl Default for Web {
             listen_address: default_web_listen_address(),
             public_address: default_web_public_address(),
             server_address: default_connect_address(),
+            allowed_login_methods: default_allowed_login_methods(),
         }
     }
 }
diff --git a/teleterm/src/protocol.rs b/teleterm/src/protocol.rs
index dd928e2..d2b7806 100644
--- a/teleterm/src/protocol.rs
+++ b/teleterm/src/protocol.rs
@@ -52,7 +52,7 @@ impl<T: tokio::io::AsyncWrite> FramedWriter<T> {
 pub const PROTO_VERSION: u8 = 1;
 
 #[repr(u8)]
-#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq)]
+#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, serde::Serialize)]
 pub enum AuthType {
     Plain = 0,
     RecurseCenter,
diff --git a/teleterm/src/web.rs b/teleterm/src/web.rs
index bf39c47..d3a79d4 100644
--- a/teleterm/src/web.rs
+++ b/teleterm/src/web.rs
@@ -14,6 +14,8 @@ use gotham::state::FromState as _;
 struct Config {
     server_address: (String, std::net::SocketAddr),
     public_address: String,
+    allowed_login_methods:
+        std::collections::HashSet<crate::protocol::AuthType>,
 }
 
 #[derive(Default, serde::Deserialize, serde::Serialize)]
@@ -25,6 +27,8 @@ struct SessionData {
 struct WebConfig<'a> {
     username: Option<&'a str>,
     public_address: &'a str,
+    allowed_login_methods:
+        &'a std::collections::HashSet<crate::protocol::AuthType>,
 }
 
 impl<'a> WebConfig<'a> {
@@ -35,6 +39,7 @@ impl<'a> WebConfig<'a> {
                 .as_ref()
                 .map(std::string::String::as_str),
             public_address: &config.public_address,
+            allowed_login_methods: &config.allowed_login_methods,
         }
     }
 }
@@ -48,10 +53,14 @@ impl Server {
         listen_address: std::net::SocketAddr,
         public_address: String,
         server_address: (String, std::net::SocketAddr),
+        allowed_login_methods: std::collections::HashSet<
+            crate::protocol::AuthType,
+        >,
     ) -> Self {
         let data = Config {
             server_address,
             public_address,
+            allowed_login_methods,
         };
         Self {
             server: Box::new(gotham::init_server(
-- 
cgit v1.2.3-54-g00ecf