func NewCompanyManager(r *http.Request) *CompanyManager {
session := db.GetDBSession(r)
return &CompanyManager{
session: session,
collection: getCompanyCollection(session),
}
}
//NewInvitationManager creates and initializes a new InvitationManager
func NewInvitationManager(r *http.Request) *InvitationManager {
session := db.GetDBSession(r)
return &InvitationManager{
session: session,
collection: getOrganizationRequestCollection(session),
}
}
//NewManager creates and initializes a new Manager
func NewManager(r *http.Request) *Manager {
session := db.GetDBSession(r)
return &Manager{
session: session,
collection: db.GetCollection(session, mongoCollectionName),
}
}
//NewManager creates a new Manager
func NewManager(r *http.Request) *Manager {
session := db.GetDBSession(r)
return &Manager{
session: session,
collection: getTotpCollection(session),
}
}
//NewLogoManager creates and initializes a new LogoManager
func NewLogoManager(r *http.Request) *LogoManager {
session := db.GetDBSession(r)
return &LogoManager{
session: session,
collection: getLogoCollection(session),
}
}
// NewLast2FAManager creates and initializes a new Last2FAManager
func NewLast2FAManager(r *http.Request) *Last2FAManager {
session := db.GetDBSession(r)
return &Last2FAManager{
session: session,
collection: getLast2FACollection(session),
}
}
//NewManager creates a new Manager
func NewManager(r *http.Request) *Manager {
session := db.GetDBSession(r)
return &Manager{
session: session,
collection: getPasswordCollection(session),
tokencollection: getPasswordResetTokenCollection(session),
}
}
//GetSmsCode returns an sms code for a specified phone label
func (service *Service) GetSmsCode(w http.ResponseWriter, request *http.Request) {
phoneLabel := mux.Vars(request)["phoneLabel"]
loginSession, err := service.GetSession(request, SessionLogin, "loginsession")
if err != nil {
log.Error("Error getting login session", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
sessionInfo, err := newLoginSessionInformation()
if err != nil {
log.Error("Error creating login session information", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
username, ok := loginSession.Values["username"].(string)
if username == "" || !ok {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
userMgr := user.NewManager(request)
userFromDB, err := userMgr.GetByName(username)
if err != nil {
log.Error("Error getting user", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
phoneNumber, err := userFromDB.GetPhonenumberByLabel(phoneLabel)
if err != nil {
log.Debug(userFromDB.Phonenumbers)
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
return
}
loginSession.Values["sessionkey"] = sessionInfo.SessionKey
authClientId := loginSession.Values["auth_client_id"]
authenticatingOrganization := ""
if authClientId != nil {
authenticatingOrganization = authClientId.(string)
}
mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName)
mgoCollection.Insert(sessionInfo)
organizationText := ""
if authenticatingOrganization != "" {
split := strings.Split(authenticatingOrganization, ".")
organizationText = fmt.Sprintf("to authorize the organization %s, ", split[len(split)-1])
}
smsmessage := fmt.Sprintf("To continue signing in at itsyou.online %senter the code %s in the form or use this link: https://%s/sc?c=%s&k=%s",
organizationText, sessionInfo.SMSCode, request.Host, sessionInfo.SMSCode, url.QueryEscape(sessionInfo.SessionKey))
sessions.Save(request, w)
go service.smsService.Send(phoneNumber.Phonenumber, smsmessage)
w.WriteHeader(http.StatusNoContent)
}
func (service *Service) getLoginSessionInformation(request *http.Request, sessionKey string) (sessionInfo *loginSessionInformation, err error) {
if sessionKey == "" {
sessionKey, err = service.getSessionKey(request)
if err != nil || sessionKey == "" {
return
}
}
mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName)
sessionInfo = &loginSessionInformation{}
err = mgoCollection.Find(bson.M{"sessionkey": sessionKey}).One(sessionInfo)
if err == mgo.ErrNotFound {
sessionInfo = nil
err = nil
}
return
}
//MobileSMSConfirmation is the page that is linked to in the SMS and is thus accessed on the mobile phone
func (service *Service) MobileSMSConfirmation(w http.ResponseWriter, request *http.Request) {
err := request.ParseForm()
if err != nil {
log.Debug("ERROR parsing mobile smsconfirmation form", err)
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
values := request.Form
sessionKey := values.Get("k")
smscode := values.Get("c")
var validsmscode bool
sessionInfo, err := service.getLoginSessionInformation(request, sessionKey)
if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
if sessionInfo == nil {
service.renderSMSConfirmationPage(w, request, "Invalid or expired link")
return
}
validsmscode = (smscode == sessionInfo.SMSCode)
if !validsmscode { //TODO: limit to 3 failed attempts
service.renderSMSConfirmationPage(w, request, "Invalid or expired link")
return
}
mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName)
_, err = mgoCollection.UpdateAll(bson.M{"sessionkey": sessionKey}, bson.M{"$set": bson.M{"confirmed": true}})
if err != nil {
log.Error("Error while confirming sms 2fa - ", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
service.renderSMSConfirmationPage(w, request, "You will be logged in within a few seconds")
}
//NewManager creates and initializes a new Manager
func NewManager(r *http.Request) *Manager {
session := db.GetDBSession(r)
return &Manager{
session: session,
}
}