// IsAdminRole returns whether the user is admin. func IsAdminRole(userIDOrUsername interface{}) (bool, error) { u := models.User{} switch v := userIDOrUsername.(type) { case int: u.UserID = v case string: u.Username = v default: return false, fmt.Errorf("invalid parameter, only int and string are supported: %v", userIDOrUsername) } if u.UserID == NonExistUserID && len(u.Username) == 0 { return false, nil } user, err := GetUser(u) if err != nil { return false, err } if user == nil { return false, nil } return user.HasAdminRole == 1, nil }
// Authenticate checks user's credential agains LDAP based on basedn template and LDAP URL, // if the check is successful a dummy record will be insert into DB, such that this user can // be associated to other entities in the system. func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) { ldapURL := os.Getenv("LDAP_URL") if ldapURL == "" { return nil, errors.New("Can not get any available LDAP_URL.") } log.Debug("ldapURL:", ldapURL) p := m.Principal for _, c := range metaChars { if strings.ContainsRune(p, c) { return nil, fmt.Errorf("the principal contains meta char: %q", c) } } ldap, err := openldap.Initialize(ldapURL) if err != nil { return nil, err } ldap.SetOption(openldap.LDAP_OPT_PROTOCOL_VERSION, openldap.LDAP_VERSION3) ldapBaseDn := os.Getenv("LDAP_BASE_DN") if ldapBaseDn == "" { return nil, errors.New("Can not get any available LDAP_BASE_DN.") } baseDn := fmt.Sprintf(ldapBaseDn, m.Principal) log.Debug("baseDn:", baseDn) err = ldap.Bind(baseDn, m.Password) if err != nil { return nil, err } defer ldap.Close() scope := openldap.LDAP_SCOPE_SUBTREE // LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE filter := "objectClass=*" attributes := []string{"mail"} result, err := ldap.SearchAll(baseDn, scope, filter, attributes) if err != nil { return nil, err } u := models.User{} if len(result.Entries()) == 1 { en := result.Entries()[0] for _, attr := range en.Attributes() { val := attr.Values()[0] if attr.Name() == "mail" { u.Email = val } } } u.Username = m.Principal log.Debug("username:"******",email:", u.Email) exist, err := dao.UserExists(u, "username") if err != nil { return nil, err } if exist { currentUser, err := dao.GetUser(u) if err != nil { return nil, err } u.UserID = currentUser.UserID } else { u.Realname = m.Principal u.Password = "******" u.Comment = "registered from LDAP." userID, err := dao.Register(u) if err != nil { return nil, err } u.UserID = int(userID) } return &u, nil }