Example #1
0
func UserForm(w http.ResponseWriter, req *http.Request) {
	args := handlers.GetArgs(req)

	err := req.ParseForm()
	if err != nil {
		context.Set(req, "error", err)
		return
	}

	username := args.Vars["username"]
	var u *quimby.User
	if username == "new-user" {
		u = quimby.NewUser(req.PostFormValue("username"), quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
		u.Password = req.PostFormValue("password")
		pw := req.PostFormValue("password_confirm")
		if pw != u.Password {
			context.Set(req, "error", ErrPasswordsDoNotMatch)
			return
		}
	} else {
		u = quimby.NewUser(username, quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
		if err := u.Fetch(); err != nil {
			context.Set(req, "error", ErrPasswordsDoNotMatch)
			return
		}
	}
	u.Permission = req.PostFormValue("permission")
	qrData, err := u.Save()
	if err != nil {
		context.Set(req, "error", err)
		return
	}
	if username == "new-user" {
		qr := qrPage{
			userPage: userPage{
				User:  args.User.Username,
				Admin: handlers.Admin(args),
				Links: []link{
					{"quimby", "/"},
					{"admin", "/admin.html"},
				},
			},
			QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
		}
		templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
	} else {
		w.Header().Set("Location", "/admin.html")
		w.WriteHeader(http.StatusFound)
	}
}
Example #2
0
func UserTFAPage(w http.ResponseWriter, req *http.Request) {
	args := handlers.GetArgs(req)

	u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
	if err := u.Fetch(); err != nil {
		context.Set(req, "error", err)
		return
	}

	qrData, err := u.UpdateTFA()
	if err != nil {
		context.Set(req, "error", err)
		return
	}

	if _, err := u.Save(); err != nil {
		context.Set(req, "error", err)
		return
	}

	qr := qrPage{
		userPage: userPage{
			User:  args.User.Username,
			Admin: handlers.Admin(args),
			Links: []link{
				{"quimby", "/"},
				{"admin", "/admin.html"},
			},
		},
		QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
	}
	templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
}
Example #3
0
func UserChangePasswordPage(w http.ResponseWriter, req *http.Request) {
	args := handlers.GetArgs(req)
	u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB))
	if err := u.Fetch(); err != nil {
		context.Set(req, "error", err)
		return
	}
	if err := req.ParseForm(); err != nil {
		context.Set(req, "error", err)
		return
	}

	u.Password = req.PostFormValue("password")
	pw := req.PostFormValue("password_confirm")
	if pw != u.Password {
		context.Set(req, "error", ErrPasswordsDoNotMatch)
		return
	}

	if _, err := u.Save(); err != nil {
		context.Set(req, "error", ErrPasswordsDoNotMatch)
		return
	}

	w.Header().Set("Location", "/admin.html")
	w.WriteHeader(http.StatusFound)
}
Example #4
0
func UpdateUserPermission(w http.ResponseWriter, req *http.Request) {
	args := GetArgs(req)
	username := args.Vars["username"]
	u := quimby.NewUser("", quimby.UserDB(args.DB))
	dec := json.NewDecoder(req.Body)
	if err := dec.Decode(&u); err != nil {
		context.Set(req, "error", err)
		return
	}
	savedU := quimby.NewUser(username, quimby.UserDB(DB))
	if err := savedU.Fetch(); err != nil {
		context.Set(req, "error", err)
		return
	}
	savedU.Permission = u.Permission
	_, err := savedU.Save()
	context.Set(req, "error", err)
}
Example #5
0
func Bootstrap() {
	var b bootstrap
	db := getDB(&b)
	saveQuimbyUser(db)
	u := quimby.NewUser("", quimby.UserDB(db))
	AddUser(u)
	addCert(&b, db)
	addIP(&b)
	writeEnv(&b)
}
Example #6
0
func DeleteUserPage(w http.ResponseWriter, req *http.Request) {
	args := handlers.GetArgs(req)
	u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB))
	if err := u.Delete(); err != nil {
		context.Set(req, "error", err)
		return
	}
	w.Header().Set("Location", "/admin.html")
	w.WriteHeader(http.StatusFound)
}
Example #7
0
func saveQuimbyUser(db *bolt.DB) {
	u := quimby.NewUser(
		"quimby",
		quimby.UserDB(db),
		quimby.UserPassword(randString(16)),
		quimby.UserPermission("write"),
	)
	if _, err := u.Save(); err != nil {
		log.Fatal(err)
	}
}
Example #8
0
func doUser(f userNeeder) {
	db := getDB()
	u := quimby.NewUser(
		*userName,
		quimby.UserDB(db),
		quimby.UserPassword(*userPW),
		quimby.UserPermission(*userPerm),
	)
	f(u)
	defer db.Close()
}
Example #9
0
func LoginForm(w http.ResponseWriter, req *http.Request) {
	user := quimby.NewUser("", quimby.UserDB(handlers.DB), quimby.UserTFA(handlers.TFA))
	user.Username = req.PostFormValue("username")
	user.Password = req.PostFormValue("password")
	user.TFA = req.PostFormValue("tfa")
	if err := handlers.DoLogin(user, w, req); err != nil {
		w.Header().Set("Location", "/login.html?error=invalidlogin")
	} else {
		w.Header().Set("Location", "/index.html")
	}
	w.WriteHeader(http.StatusFound)
}
Example #10
0
func Login(w http.ResponseWriter, r *http.Request) {
	user := quimby.NewUser("", quimby.UserDB(DB), quimby.UserTFA(TFA))
	dec := json.NewDecoder(r.Body)
	err := dec.Decode(user)
	if err != nil {
		http.Error(w, "bad request", http.StatusBadRequest)
		return
	}
	if err := DoLogin(user, w, r); err != nil {
		http.Error(w, "bad request", http.StatusBadRequest)
	}
}
Example #11
0
func UserEditPage(w http.ResponseWriter, req *http.Request) {
	args := handlers.GetArgs(req)
	username := args.Vars["username"]
	page := editUserPage{
		userPage: userPage{
			User:  args.User.Username,
			Admin: handlers.Admin(args),
		},
		Permissions: []string{"read", "write", "admin"},
	}
	if username == "new-user" {
		page.Links = []link{
			{"quimby", "/"},
			{"admin", "/admin.html"},
			{"new user", "/admin/users/new-user"},
		}
		page.Actions = []action{
			{Name: "cancel", URI: template.URL("/admin.html"), Method: "get"},
		}
		page.End = 0
	} else {
		u := quimby.NewUser(username, quimby.UserDB(args.DB))
		if err := u.Fetch(); err != nil {
			context.Set(req, "error", err)
			return
		}

		q := url.Values{}
		q.Add("resource", fmt.Sprintf("/admin/users/%s", username))
		q.Add("name", username)
		page.EditUser = u
		page.Links = []link{
			{"quimby", "/"},
			{"admin", "/admin.html"},
			{u.Username, fmt.Sprintf("/admin/users/%s", u.Username)},
		}
		page.Actions = []action{
			{Name: "cancel", URI: template.URL("/admin.html"), Method: "get"},
			{Name: "delete", URI: template.URL(fmt.Sprintf("/admin/confirmation?%s", q.Encode())), Method: "get"},
			{Name: "update-password", URI: template.URL(fmt.Sprintf("/admin/users/%s/password", username)), Method: "get"},
			{Name: "update-tfa", URI: template.URL(fmt.Sprintf("/admin/users/%s/tfa", username)), Method: "post"},
		}

		page.End = 3
	}

	if username == "new-user" {
		templates["new-user.html"].template.ExecuteTemplate(w, "base", page)
	} else {
		templates["edit-user.html"].template.ExecuteTemplate(w, "base", page)
	}
}
Example #12
0
func GetUser(w http.ResponseWriter, req *http.Request) {
	args := GetArgs(req)
	u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB))
	err := u.Fetch()
	if err != nil {
		context.Set(req, "error", err)
		return // err
	}
	u.HashedPassword = []byte{}
	u.TFAData = []byte{}
	u.TFA = ""
	enc := json.NewEncoder(w)
	enc.Encode(u)
}
Example #13
0
func AddUser(w http.ResponseWriter, req *http.Request) {
	args := GetArgs(req)

	u := quimby.NewUser("", quimby.UserDB(args.DB), quimby.UserTFA(TFA))
	dec := json.NewDecoder(req.Body)
	if err := dec.Decode(&u); err != nil {
		context.Set(req, "error", err)
		return
	}
	qr, err := u.Save()
	if err != nil {
		context.Set(req, "error", err)
		return
	}
	str := base64.StdEncoding.EncodeToString(qr)
	w.Header().Set("Content-Type", "image/png")
	w.Write([]byte(str))
}
Example #14
0
func DeleteUser(w http.ResponseWriter, req *http.Request) {
	args := GetArgs(req)
	username := args.Vars["username"]
	u := quimby.NewUser(username, quimby.UserDB(args.DB))
	context.Set(req, "error", u.Delete())
}