// CreateUser create a new user. Checks for duplicate users and password-length requirement func CreateUser(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) { var user models.User user.Enable = true user.Domains = nil user.Variables = nil err := rest.Parse(handle.R, &user) if err != nil { return nil, tools.NewError(err, 400, "bad request: couldn't parse body") } if user.Username == "" { return nil, tools.NewError(nil, 400, "bad request: username is missing") } if user.Password == "" { return nil, tools.NewError(nil, 400, "bad request: password is missing") } if len(user.Password) < handle.C.PasswordMinLength { return nil, tools.NewError(nil, 400, "bad request: password is too short") } if user.Domains == nil || len(user.Domains) == 0 { return nil, tools.NewError(nil, 400, "bad request: domains is missing") } if user.Variables == nil { user.Variables = make(map[string]interface{}) } if govalidator.IsEmail(user.Username) == false { return nil, tools.NewError(nil, 400, "bad request: username must be a valid email") } user.Username, err = govalidator.NormalizeEmail(user.Username) if err != nil { return nil, tools.NewError(nil, 400, "bad request: username must be a valid email") } uid, err := user.Create(db) return CreateResponse{ Status: "ok", UserID: uid.Hex(), }, err }
// InfosUser returns informations about the user. It does not lists its sessions, yet (TODO) func InfosUser(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) { var user models.User uid := handle.P.ByName("uid") if handle.C.Public == true { ret, err := CheckSession(CheckRequest{ Domain: "/io/konek/app/user", Token: handle.Sid, }, db) if err != nil { return nil, err } sess := ret.(CheckResponse) if uid == "" { uid = sess.Session.UserID } if sess.Session.UserID != uid { return nil, tools.NewError(nil, 403, "forbiden: this is not your account") } } if tools.CheckID(uid) == false { return nil, tools.NewError(nil, 400, "bad request: invalid userID") } user.IDFromHex(uid) err := user.Get(db) if err != nil { return nil, err } user.Password = "" user.Salt = "" return InfosUserResponse{ Status: "ok", Infos: user, }, nil }
// Login a user, creating a new session. func Login(handle tools.Handle, db *mgo.DbQueue) (interface{}, error) { var q LoginRequest var user models.User var session models.Session var resp LoginResponse err := rest.Parse(handle.R, &q) if err != nil { return nil, tools.NewError(err, 400, "bad request: couldn't parse body") } if q.Domain == "" { return nil, tools.NewError(nil, 400, "bad request: domain is missing") } if q.Domain == "/" { return nil, tools.NewError(nil, 400, "bad request: illegal domain") } if q.Username == "" { return nil, tools.NewError(nil, 400, "bad request: username is missing") } if q.Password == "" { return nil, tools.NewError(nil, 400, "bad request: password is missing") } user.Username = q.Username user.Password = q.Password if govalidator.IsEmail(user.Username) == false { return nil, tools.NewError(nil, 400, "bad request: username must be a valid email") } user.Username, err = govalidator.NormalizeEmail(user.Username) if err != nil { return nil, tools.NewError(nil, 400, "bad request: username must be a valid email") } ok, err := user.Check(db) if err != nil { return nil, err } if ok == false { return nil, tools.NewError(nil, 403, "forbidden: invalid user or password") } if user.Enable == false { return nil, tools.NewError(nil, 403, "forbidden: user is diabled") } ok = user.CheckDomain(q.Domain) if ok == false { return nil, tools.NewError(nil, 403, "forbidden: restricted domain") } session.UserID = user.ID session.Domain = q.Domain remaining, err := session.Create(db, handle.C.SessionLifespan) if err != nil { return nil, err } resp.Status = "ok" resp.Session.Token = session.ID.Hex() resp.Session.UserID = session.UserID.Hex() resp.Session.Expire = session.Expire resp.Session.Remaining = remaining return resp, nil }