func (s *SAMLAuthScheme) callback(params map[string]string) error {
xml, ok := params["xml"]
if !ok {
return ErrMissingFormValueError
}
log.Debugf("Data received from identity provider: %s", xml)
response, err := s.Parser.Parse(xml)
if err != nil {
log.Errorf("Got error while parsing IDP data: %s", err)
return ErrParseResponseError
}
sp, err := s.createSP()
if err != nil {
return err
}
err = validateResponse(response, sp)
if err != nil {
log.Errorf("Got error while validing IDP data: %s", err)
if strings.Contains(err.Error(), "assertion has expired") {
return ErrRequestNotFound
}
return ErrParseResponseError
}
requestId, err := getRequestIdFromResponse(response)
if requestId == "" && err == ErrRequestIdNotFound {
log.Debugf("Request ID %s not found: %s", requestId, err.Error())
return err
}
req := request{}
err = req.getById(requestId)
if err != nil {
return err
}
email, err := getUserIdentity(response)
if err != nil {
return err
}
if !validation.ValidateEmail(email) {
if strings.Contains(email, "@") {
return &tsuruErrors.ValidationError{Message: "attribute user identity contains invalid character"}
}
// we need create a unique email for the user
email = strings.Join([]string{email, "@", s.idpHost()}, "")
if !validation.ValidateEmail(email) {
return &tsuruErrors.ValidationError{Message: "could not create valid email with auth:saml:idp-attribute-user-identity"}
}
}
req.Authed = true
req.Email = email
req.Update()
return nil
}
func createUser(w http.ResponseWriter, r *http.Request) error {
var u auth.User
err := json.NewDecoder(r.Body).Decode(&u)
if err != nil {
return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
}
if !validation.ValidateEmail(u.Email) {
return &errors.HTTP{Code: http.StatusBadRequest, Message: emailError}
}
if !validation.ValidateLength(u.Password, passwordMinLen, passwordMaxLen) {
return &errors.HTTP{Code: http.StatusBadRequest, Message: passwordError}
}
if _, err = auth.GetUserByEmail(u.Email); err == nil {
return &errors.HTTP{Code: http.StatusConflict, Message: "This email is already registered"}
}
gURL := repository.ServerURL()
c := gandalf.Client{Endpoint: gURL}
if _, err := c.NewUser(u.Email, keyToMap(u.Keys)); err != nil {
return fmt.Errorf("Failed to create user in the git server: %s", err)
}
u.Quota = quota.Unlimited
if limit, err := config.GetInt("quota:apps-per-user"); err == nil && limit > -1 {
u.Quota.Limit = limit
}
if err := u.Create(); err == nil {
rec.Log(u.Email, "create-user")
w.WriteHeader(http.StatusCreated)
return nil
}
return err
}
func GetUserByEmail(email string) (*User, error) {
if !validation.ValidateEmail(email) {
return nil, &errors.ValidationError{Message: "invalid email"}
}
var u User
conn, err := db.Conn()
if err != nil {
return nil, err
}
defer conn.Close()
err = conn.Users().Find(bson.M{"email": email}).One(&u)
if err != nil {
return nil, ErrUserNotFound
}
return &u, nil
}
func (s NativeScheme) Create(user *auth.User) (*auth.User, error) {
if !validation.ValidateEmail(user.Email) {
return nil, ErrInvalidEmail
}
if !validation.ValidateLength(user.Password, passwordMinLen, passwordMaxLen) {
return nil, ErrInvalidPassword
}
if _, err := auth.GetUserByEmail(user.Email); err == nil {
return nil, ErrEmailRegistered
}
if err := hashPassword(user); err != nil {
return nil, err
}
if err := user.Create(); err != nil {
return nil, err
}
return user, nil
}
