From 81fc5c6a2c6df38025961945cb496ccc4d432036 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Tue, 26 Nov 2019 00:58:00 -0500
Subject: allow configuring the allowed login methods for the web server

---
 teleterm/src/config.rs | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'teleterm/src/config.rs')

diff --git a/teleterm/src/config.rs b/teleterm/src/config.rs
index 6dd18b9..7454a2a 100644
--- a/teleterm/src/config.rs
+++ b/teleterm/src/config.rs
@@ -570,6 +570,13 @@ pub struct Web {
         default = "default_connect_address"
     )]
     pub server_address: (String, std::net::SocketAddr),
+
+    #[serde(
+        deserialize_with = "allowed_login_methods",
+        default = "default_allowed_login_methods"
+    )]
+    pub allowed_login_methods:
+        std::collections::HashSet<crate::protocol::AuthType>,
 }
 
 impl Web {
@@ -580,6 +587,7 @@ impl Web {
             "Host and port that the web server will be publicly available on (defaults to the listen address)";
         let server_address_help =
             "Host and port of the teleterm server (defaults to localhost:4144)";
+        let allowed_login_methods_help = "Comma separated list containing the auth methods this server should allow. Allows everything by default, valid values are plain, recurse_center";
         app.arg(
             clap::Arg::with_name(LISTEN_ADDRESS_OPTION)
                 .long(LISTEN_ADDRESS_OPTION)
@@ -601,6 +609,14 @@ impl Web {
                 .value_name("HOST:PORT")
                 .help(server_address_help),
         )
+        .arg(
+            clap::Arg::with_name(ALLOWED_LOGIN_METHODS_OPTION)
+                .long(ALLOWED_LOGIN_METHODS_OPTION)
+                .use_delimiter(true)
+                .takes_value(true)
+                .value_name("AUTH_METHODS")
+                .help(allowed_login_methods_help),
+        )
     }
 
     pub fn merge_args<'a>(
@@ -625,6 +641,15 @@ impl Web {
             let address = matches.value_of(SERVER_ADDRESS_OPTION).unwrap();
             self.server_address = to_connect_address(address)?;
         }
+        if matches.is_present(ALLOWED_LOGIN_METHODS_OPTION) {
+            self.allowed_login_methods = matches
+                .values_of(ALLOWED_LOGIN_METHODS_OPTION)
+                .unwrap()
+                .map(crate::protocol::AuthType::try_from)
+                .collect::<Result<
+                    std::collections::HashSet<crate::protocol::AuthType>,
+                >>()?;
+        }
         Ok(())
     }
 }
@@ -635,6 +660,7 @@ impl Default for Web {
             listen_address: default_web_listen_address(),
             public_address: default_web_public_address(),
             server_address: default_connect_address(),
+            allowed_login_methods: default_allowed_login_methods(),
         }
     }
 }
-- 
cgit v1.2.3-54-g00ecf