Beispiel #1
0
func (a Authorizer) AddUser(user models.User, password string) error {
	if user.Username == "" {
		logger.Get().Error("no user name given")
		return mkerror("no username given")
	}
	if user.Email == "" {
		logger.Get().Error("no email given")
		return mkerror("no email given")
	}
	if password == "" {
		logger.Get().Error("no password given")
		return mkerror("no password given")
	}

	//Set the usertype to internal
	user.Type = authprovider.Internal
	user.Status = true

	// Validate username
	_, err := a.userDao.User(user.Username)
	if err == nil {
		logger.Get().Error("Username: %s already exists", user.Username)
		return mkerror("user already exists")
	} else if err.Error() != ErrMissingUser.Error() {
		if err != nil {
			logger.Get().Error("Error retrieving user: %s. error: %v", user.Username, err)
			return mkerror(err.Error())
		}
		return nil
	}

	// Generate and save hash
	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		logger.Get().Error("couldn't save password for user: %s. error: %v", user.Username, err)
		return mkerror("couldn't save password: "******"" {
		user.Role = a.defaultRole
	} else {
		if _, ok := a.roles[user.Role]; !ok {
			logger.Get().Error("Non Existing Role: %s", user.Role)
			return mkerror("non-existant role")
		}
	}

	err = a.userDao.SaveUser(user)
	if err != nil {
		logger.Get().Error("Erro Saving the User: %s. error: %v", user, err)
		return mkerror(err.Error())
	}
	return nil
}
Beispiel #2
0
func (a *App) addUsers(rw http.ResponseWriter, req *http.Request) {

	var user models.User

	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
		logger.Get().Error("Error parsing http request body:%s", err)
		util.HandleHttpError(rw, err)
		return
	}
	var m map[string]interface{}

	if err = json.Unmarshal(body, &m); err != nil {
		logger.Get().Error("Unable to Unmarshall the data:%s", err)
		util.HandleHttpError(rw, err)
		return
	}
	var password string
	if val, ok := m["username"]; ok {
		user.Username = val.(string)
	}
	if val, ok := m["email"]; ok {
		user.Email = val.(string)
	}
	if val, ok := m["role"]; ok {
		user.Role = val.(string)
	}
	if val, ok := m["type"]; ok {
		user.Type = int(val.(float64))
	}
	if val, ok := m["firstname"]; ok {
		user.FirstName = val.(string)
	}
	if val, ok := m["lastname"]; ok {
		user.LastName = val.(string)
	}
	if val, ok := m["notificationenabled"]; ok {
		user.NotificationEnabled = val.(bool)
	}
	if val, ok := m["password"]; ok {
		password = val.(string)
	}

	if err := GetAuthProvider().AddUser(user, password); err != nil {
		logger.Get().Error("Unable to create User:%s", err)
		util.HandleHttpError(rw, err)
		return
	}
}
Beispiel #3
0
// List the LDAP users
func (a Authorizer) ListExternalUsers() (users []models.User, err error) {
	url := GetUrl(a.directory.Address, a.directory.Port)
	Uid := "Uid"
	DisplayName := "DisplayName"
	FullName := "CN"
	if a.directory.Uid != "" {
		Uid = a.directory.Uid
	}
	if a.directory.DisplayName != "" {
		DisplayName = a.directory.DisplayName
	}
	if a.directory.FullName != "" {
		FullName = a.directory.FullName
	}

	ldap, err := openldap.Initialize(url)
	if err != nil {
		logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
		return nil, err
	}

	if a.directory.DomainAdmin != "" {
		err = ldap.Bind(fmt.Sprintf("%s=%s,%s", Uid, a.directory.DomainAdmin, a.directory.Base), a.directory.Password)
		if err != nil {
			logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
			return nil, err
		}
	}

	scope := openldap.LDAP_SCOPE_SUBTREE
	filter := "(objectclass=*)"
	attributes := []string{Uid, DisplayName, FullName, "Mail"}

	rv, err := ldap.SearchAll(a.directory.Base, scope, filter, attributes)

	if err != nil {
		logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
		return nil, err
	}

	for _, entry := range rv.Entries() {
		user := models.User{}
		fullName := ""
		for _, attr := range entry.Attributes() {
			switch attr.Name() {
			case Uid:
				user.Username = strings.Join(attr.Values(), ", ")
			case "Mail":
				user.Email = strings.Join(attr.Values(), ", ")
			case DisplayName:
				user.FirstName = strings.Join(attr.Values(), ", ")
			case FullName:
				fullName = strings.Join(attr.Values(), ", ")
			}
			if len(fullName) != 0 && len(user.FirstName) != 0 {
				lastName := strings.Split(fullName, user.FirstName)
				if len(lastName) > 1 {
					user.LastName = strings.TrimSpace(lastName[1])
				}
			}

		}
		// Assiging the default roles
		user.Role = a.defaultRole
		user.Groups = append(user.Groups, a.defaultGroup)
		user.Type = authprovider.External
		if len(user.Username) != 0 {
			users = append(users, user)
		}
	}
	return users, nil
}