Beispiel #1
0
func (a Authorizer) AddUser(user models.User, password string) error {
	if user.Username == "" {
		logger.Get().Error("no user name given")
		return mkerror("no username given")
	}
	if user.Email == "" {
		logger.Get().Error("no email given")
		return mkerror("no email given")
	}
	if password == "" {
		logger.Get().Error("no password given")
		return mkerror("no password given")
	}

	//Set the usertype to internal
	user.Type = authprovider.Internal
	user.Status = true

	// Validate username
	_, err := a.userDao.User(user.Username)
	if err == nil {
		return mkerror("user already exists")
	} else if err.Error() != ErrMissingUser.Error() {
		if err != nil {
			logger.Get().Error("Error retrieving user: %s. error: %v", user.Username, err)
			return mkerror(err.Error())
		}
		return nil
	}

	// Generate and save hash
	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		logger.Get().Error("couldn't save password for user: %s. error: %v", user.Username, err)
		return mkerror("couldn't save password: " + err.Error())
	}
	user.Hash = hash

	// Validate role
	if user.Role == "" {
		user.Role = a.defaultRole
	} else {
		if _, ok := a.roles[user.Role]; !ok {
			logger.Get().Error("Non Existing Role: %s", user.Role)
			return mkerror("non-existant role")
		}
	}

	err = a.userDao.SaveUser(user)
	if err != nil {
		logger.Get().Error("Erro Saving the User: %s. error: %v", user, err)
		return mkerror(err.Error())
	}
	return nil
}
Beispiel #2
0
// List the LDAP users
func (a Authorizer) ListExternalUsers(search string, page, count int) (externalUsers models.ExternalUsers, err error) {
	directory, err := a.GetDirectory()
	if err != nil {
		return externalUsers, err
	}
	url := GetUrl(directory.LdapServer, directory.Port)
	DisplayName := "DisplayName"
	FirstName := "CN"
	LastName := "SN"
	Email := "mail"
	if directory.DisplayName != "" {
		DisplayName = directory.DisplayName
	}
	if directory.FirstName != "" {
		FirstName = directory.FirstName
	}
	if directory.LastName != "" {
		LastName = directory.LastName
	}
	if directory.Email != "" {
		Email = directory.Email
	}

	ldap, err := openldap.Initialize(url)
	if err != nil {
		logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
		return externalUsers, err
	}

	if directory.DomainAdmin != "" {
		block, err := aes.NewCipher([]byte(CipherKey))
		if err != nil {
			logger.Get().Error("failed to generate new cipher")
			return externalUsers, nil
		}

		ciphertext := []byte(directory.Password)
		iv := ciphertext[:aes.BlockSize]
		stream := cipher.NewOFB(block, iv)
		hkey := make([]byte, 100)
		stream = cipher.NewOFB(block, iv)
		stream.XORKeyStream(hkey, ciphertext[aes.BlockSize:])
		err = ldap.Bind(fmt.Sprintf("%s=%s,%s", directory.Uid, directory.DomainAdmin, directory.Base), string(hkey))
		if err != nil {
			logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
			return externalUsers, err
		}
	}

	scope := openldap.LDAP_SCOPE_SUBTREE
	// If the search string is empty, it will list all the users
	// If the search string contains 'mail=tjey*' it will returns the list of all
	// users start with 'tjey'
	// If the search string contains 'tim' this will return list of all users
	// names contains the word 'tim'
	// Possible search strings 'mail=t*redhat.com' / 'tim*' / '*john*' / '*peter'
	filter := "(objectclass=*)"
	if len(search) > 0 {
		if strings.Contains(search, "=") {
			filter = fmt.Sprintf("(%s*)", search)
		} else if strings.Contains(search, "*") {
			filter = fmt.Sprintf("(%s=%s)", directory.Uid, search)
		} else {
			filter = fmt.Sprintf("(%s=*%s*)", directory.Uid, search)
		}
	}

	attributes := []string{directory.Uid, DisplayName, FirstName, LastName, Email}
	rv, err := ldap.SearchAll(directory.Base, scope, filter, attributes)

	if err != nil {
		logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
		return externalUsers, err
	}

	from := (page-1)*count + 1
	to := from + count - 1
	i := 0

	for _, entry := range rv.Entries() {
		i++
		if i < from {
			continue
		}
		if i > to {
			break
		}
		user := models.User{}
		for _, attr := range entry.Attributes() {
			switch attr.Name() {
			case directory.Uid:
				user.Username = strings.Join(attr.Values(), ", ")
			case Email:
				user.Email = strings.Join(attr.Values(), ", ")
			// Some setup may have an attribute like mail or email
			// or operator can't be used between strings to combind cases
			case "email":
				user.Email = strings.Join(attr.Values(), ", ")
			case FirstName:
				user.FirstName = strings.Join(attr.Values(), ", ")
			case LastName:
				user.LastName = strings.Join(attr.Values(), ", ")
			}
		}
		// Assiging the default roles
		user.Role = a.defaultRole
		user.Groups = append(user.Groups, a.defaultGroup)
		user.Type = authprovider.External
		if len(user.Username) != 0 {
			externalUsers.Users = append(externalUsers.Users, user)
		}
	}
	externalUsers.TotalCount = rv.Count()
	externalUsers.StartIndex = from
	externalUsers.EndIndex = to
	if externalUsers.EndIndex > externalUsers.TotalCount {
		externalUsers.EndIndex = externalUsers.TotalCount
	}
	return externalUsers, nil
}
Beispiel #3
0
func (a *App) addUsers(rw http.ResponseWriter, req *http.Request) {
	ctxt, err := GetContext(req)
	if err != nil {
		logger.Get().Error("Error Getting the context. error: %v", err)
	}

	var user models.User

	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
		logger.Get().Error("%s-Error parsing http request body:%s", ctxt, err)
		HandleHttpError(rw, err)
		return
	}
	var m map[string]interface{}

	if err = json.Unmarshal(body, &m); err != nil {
		logger.Get().Error("%s-Unable to Unmarshall the data:%s", ctxt, err)
		HandleHttpError(rw, err)
		return
	}
	var password string
	if val, ok := m["username"]; ok {
		user.Username = val.(string)
	}
	if val, ok := m["email"]; ok {
		user.Email = val.(string)
	}
	if val, ok := m["role"]; ok {
		user.Role = val.(string)
	}
	if val, ok := m["type"]; ok {
		user.Type = int(val.(float64))
	}
	if val, ok := m["firstname"]; ok {
		user.FirstName = val.(string)
	}
	if val, ok := m["lastname"]; ok {
		user.LastName = val.(string)
	}
	if val, ok := m["notificationenabled"]; ok {
		if user.Email == "" {
			user.NotificationEnabled = false
		} else {
			user.NotificationEnabled = val.(bool)
		}
	}
	if val, ok := m["password"]; ok {
		password = val.(string)
	}

	if err := GetAuthProvider().AddUser(user, password); err != nil {
		if err := logAuditEvent(
			EventTypes["USER_ADDED"],
			fmt.Sprintf("Addition of user: %s failed", user.Username),
			fmt.Sprintf("Addition of user: %s failed. Reason: %v", user.Username, err),
			nil,
			nil,
			models.NOTIFICATION_ENTITY_USER,
			nil,
			false,
			ctxt); err != nil {
			logger.Get().Error("%s- Unable to log User event. Error: %v", ctxt, err)
		}
		logger.Get().Error("%s-Unable to create User:%s", ctxt, err)
		HandleHttpError(rw, err)
		return
	}
	if err := logAuditEvent(
		EventTypes["USER_ADDED"],
		fmt.Sprintf("New user: %s added to skyring", user.Username),
		fmt.Sprintf("New user: %s with role: %s added to skyring", user.Username, user.Role),
		nil,
		nil,
		models.NOTIFICATION_ENTITY_USER,
		nil,
		false,
		ctxt); err != nil {
		logger.Get().Error("%s- Unable to log User event. Error: %v", ctxt, err)
	}

}