Esempio n. 1
0
func (m *StrUserModel) SetUser(u kit.User) {
	if u == nil {
		m.User = nil
		m.UserId = ""
	} else {
		m.User = u.(*UserStrId)
		m.SetUserId(u.GetId())
	}
}
Esempio n. 2
0
// Creating a session is equivalent to logging in.
func (hooks SessionResourceHooks) ApiCreate(res kit.Resource, obj kit.Model, r kit.Request) kit.Response {
	userService := res.Registry().UserService()

	meta := r.GetMeta()

	isAnonymous, _ := meta.Bool("anonymous")

	// Find user.
	userIdentifier := meta.String("user")
	adaptor := meta.String("adaptor")
	data, _ := meta.Map("authData")

	var user kit.User
	if !isAnonymous {
		if adaptor == "" {
			return kit.NewErrorResponse("adaptor_missing", "Expected 'adaptor' in metadata.", true)
		}

		if data == nil {
			kit.NewErrorResponse("no_or_invalid_auth_data", "Expected 'authData' dictionary in metadata.")
		}

		var err apperror.Error
		user, err = userService.AuthenticateUser(userIdentifier, adaptor, data)
		if err != nil {
			return kit.NewErrorResponse(err)
		}
	}

	session, err := userService.StartSession(user, r.GetFrontend())
	if err != nil {
		return kit.NewErrorResponse(err)
	}

	responseMeta := make(map[string]interface{})

	if !isAnonymous {
		userData, err := res.Backend().ModelToMap(user, true, false)
		if err != nil {
			return kit.NewErrorResponse("marshal_error", err)
		}
		responseMeta["user"] = userData

		if user.GetProfile() != nil {
			profileData, err := res.Backend().ModelToMap(user.GetProfile(), true, false)
			if err != nil {
				return kit.NewErrorResponse("marshal_error", err)
			}
			responseMeta["profile"] = profileData
		}
	}

	return &kit.AppResponse{
		Data: session,
		Meta: responseMeta,
	}
}
Esempio n. 3
0
func (UserResource) AllowFind(res kit.Resource, model kit.Model, user kit.User) bool {
	if user == nil {
		return false
	}
	if model.(kit.UserModel).GetUserId() == user.GetId() {
		return true
	}
	return user.HasRole("admin")
}
Esempio n. 4
0
func (m *IntUserModel) SetUser(u kit.User) {
	if u == nil {
		m.User = nil
		m.UserId = 0
	} else {
		m.User = u.(*UserIntId)
		m.SetUserId(u.GetId())
	}
}
Esempio n. 5
0
func (h *Service) AuthenticateUser(userIdentifier string, authAdaptorName string, data map[string]interface{}) (kit.User, apperror.Error) {
	authAdaptor := h.AuthAdaptor(authAdaptorName)
	if authAdaptor == nil {
		return nil, &apperror.Err{
			Public:  true,
			Code:    "unknown_auth_adaptor",
			Message: "Unknown auth adaptor: " + authAdaptorName}
	}

	var user kit.User
	var err apperror.Error

	if userIdentifier != "" {
		user, err = h.FindUser(userIdentifier)

		if err != nil {
			return nil, err
		} else if user == nil {
			return nil, apperror.New("user_not_found", "Username/Email does not exist ", true)
		}
	}

	userId := ""
	if user != nil {
		userId = user.GetStrId()
	}

	userId, err = authAdaptor.Authenticate(userId, data)
	if err != nil {
		if err.IsPublic() {
			return nil, err
		} else {
			return nil, apperror.Wrap(err, "adaptor_error", true)
		}
	}

	if user == nil {
		// Query user to get a full user with permissions and profile.
		user, err = h.FindUser(userId)
		if err != nil {
			return nil, err
		} else if user == nil {
			return nil, &apperror.Err{
				Code:    "user_not_found",
				Message: fmt.Sprintf("User with id %v could not be found", userId),
				Public:  true,
			}
		}
	}

	if !user.IsActive() {
		return nil, apperror.New("user_inactive", true)
	}

	return user, nil
}
Esempio n. 6
0
func (PageResource) AllowFind(res kit.Resource, obj kit.Model, user kit.User) bool {
	if p, ok := obj.(*PageIntId); ok && p.Published {
		return true
	} else if p, ok := obj.(*PageStrId); ok && p.Published {
		return true
	}

	u := obj.(kit.UserModel)

	return user != nil && (u.GetUserId() == user.GetId() || user.HasRole("admin"))
}
Esempio n. 7
0
func (a *AuthAdaptorPassword) RegisterUser(user kit.User, data map[string]interface{}) (kit.AuthItem, apperror.Error) {
	if data == nil {
		return nil, apperror.New("invalid_nil_data")
	}
	pw, _ := GetStringFromMap(data, "password")
	if pw == "" {
		return nil, apperror.New("invalid_data_no_password")
	}

	hash, err := bcrypt.GenerateFromPassword([]byte(pw), 10)
	if err != nil {
		return nil, apperror.Wrap(err, "hash_errr", "")
	}

	item := &AuthItemPassword{
		Hash: string(hash),
	}
	item.SetId(user.GetId())

	return item, nil
}
Esempio n. 8
0
func (s *Service) ChangePassword(user kit.User, newPassword string) apperror.Error {
	adaptor := s.AuthAdaptor("password")
	if adaptor == nil {
		return &apperror.Err{
			Code:    "no_password_adaptor",
			Message: "The UserService does not have the password auth adaptor",
		}
	}

	passwordAdaptor := adaptor.(*password.AuthAdaptorPassword)

	if err := passwordAdaptor.ChangePassword(user.GetStrId(), newPassword); err != nil {
		if err.IsPublic() {
			return err
		} else {
			return apperror.Wrap(err, "adapter_error")
		}
		return err
	}

	return nil
}
Esempio n. 9
0
func (hooks UserResourceHooks) AllowUpdate(res kit.Resource, obj kit.Model, old kit.Model, user kit.User) bool {
	if user == nil {
		return false
	}
	if user.HasRole("admin") || user.HasPermission("users.update") {
		return true
	}
	return obj.GetId() == user.GetId()
}
Esempio n. 10
0
func (UserResource) AllowDelete(res kit.Resource, obj kit.Model, user kit.User) bool {
	if user == nil {
		return false
	}
	if obj.(kit.UserModel).GetUserId() == user.GetId() {
		return true
	}
	return user.HasRole("admin") || user.HasPermission(res.Collection()+".delete")
}
Esempio n. 11
0
func (res *Resource) Create(obj kit.Model, user kit.User) apperror.Error {
	if hook, ok := res.hooks.(CreateHook); ok {
		return hook.Create(res, obj, user)
	}

	// This has to be done before tthe AllowCreate hook to allow the hook to
	// compare UserId value.
	if userModel, ok := obj.(kit.UserModel); ok && user != nil {
		if reflector.R(userModel.GetUserId()).IsZero() {
			userModel.SetUserId(user.GetId())
		}
	}

	if allowCreate, ok := res.hooks.(AllowCreateHook); ok {
		if !allowCreate.AllowCreate(res, obj, user) {
			return apperror.New("permission_denied")
		}
	}

	if beforeCreate, ok := res.hooks.(BeforeCreateHook); ok {
		if err := beforeCreate.BeforeCreate(res, obj, user); err != nil {
			return err
		}
	}

	if err := res.backend.Create(obj); err != nil {
		return err
	}

	if afterCreate, ok := res.hooks.(AfterCreateHook); ok {
		if err := afterCreate.AfterCreate(res, obj, user); err != nil {
			return err
		}
	}

	return nil
}
Esempio n. 12
0
func (s Service) StartSession(user kit.User, sessionType string) (kit.Session, apperror.Error) {
	token := randomToken()
	if token == "" {
		return nil, apperror.New("token_creation_failed")
	}

	session := s.Sessions.CreateModel().(kit.Session)

	session.SetType(sessionType)
	session.SetToken(token)
	session.SetStartedAt(time.Now())
	session.SetValidUntil(time.Now().Add(time.Hour * 12))

	if user != nil {
		session.SetUserId(user.GetId())
	}

	err := s.Sessions.Create(session, nil)
	if err != nil {
		return nil, err
	}

	return session, nil
}
Esempio n. 13
0
func (h *Service) VerifySession(token string) (kit.User, kit.Session, apperror.Error) {
	rawSession, err := h.Sessions.FindOne(token)
	if err != nil {
		return nil, nil, err
	} else if rawSession == nil {
		return nil, nil, apperror.New("session_not_found", true)
	}
	session := rawSession.(kit.Session)

	if session.GetValidUntil().Sub(time.Now()) < 1 {
		return nil, nil, apperror.New("session_expired", true)
	}

	var user kit.User

	if !session.IsAnonymous() {
		// Load user.
		rawUser, err := h.FindUser(session.GetUserId())
		if err != nil {
			return nil, nil, err
		}
		user = rawUser.(kit.User)

		if !user.IsActive() {
			return nil, nil, apperror.New("user_inactive", true)
		}
	}

	// Prolong session.
	session.SetValidUntil(time.Now().Add(time.Hour * 12))
	if err := h.Sessions.Update(session, nil); err != nil {
		return nil, nil, err
	}

	return user, session, nil
}
Esempio n. 14
0
func (item *AuthItemOauth) SetUser(u kit.User) {
	item.SetUserId(u.GetId())
}
Esempio n. 15
0
func (s *Service) SendPasswordResetEmail(user kit.User) apperror.Error {
	// Check that an email service is configured.

	mailService := s.registry.EmailService()
	if mailService == nil {
		return apperror.New("no_email_service")
	}

	hoursValid := 48

	// Generate a token.
	expiresAt := time.Now().Add(time.Hour * time.Duration(hoursValid))
	tokenItem, err := s.BuildToken("password_reset", user.GetStrId(), expiresAt)
	if err != nil {
		return err
	}
	token := tokenItem.GetToken()

	conf := s.registry.Config()

	// Build the confirmation url.

	url := conf.UString("url")
	if url == "" {
		return &apperror.Err{
			Code:    "no_url_set",
			Message: "Config must specify url",
		}
	}

	resetPath := conf.UString("users.passwordResetPath")
	if resetPath == "" {
		return &apperror.Err{
			Code:    "no_password_reset_path",
			Message: "Config must specify users.passwordResetPath",
		}
	}

	if !strings.Contains(resetPath, "{token}") {
		return &apperror.Err{
			Code:    "invalid_password_reset_path",
			Message: "users.passwordResetPath does not contain {token} placeholder",
		}
	}
	resetUrl := url + "/" + strings.Replace(resetPath, "{token}", token, -1)

	// Render email.

	subject := conf.UString("users.passwordResetSubject", "Password reset")

	var txtContent, htmlContent []byte

	txtTpl := conf.UString("users.passwordResetTextTpl")
	htmlTpl := conf.UString("users.passwordResetHtmlTpl")
	if txtTpl != "" && htmlTpl != "" {
		// Check that a template engine is configured.
		engine := s.registry.TemplateEngine()
		if engine == nil {
			return apperror.New("no_template_engine")
		}

		data := map[string]interface{}{
			"user":        user,
			"token":       token,
			"hours_valid": hoursValid,
		}
		var err apperror.Error

		txtContent, err = s.registry.TemplateEngine().BuildFileAndRender(txtTpl, data)
		if err != nil {
			return apperror.Wrap(err, "password_reset_tpl_error", "Could not render password reset tpl")
		}

		htmlContent, err = s.registry.TemplateEngine().BuildFileAndRender(htmlTpl, data)
		if err != nil {
			return apperror.Wrap(err, "password_reset_tpl_error", "Could not render password reset tpl")
		}
	} else {
		tpl := `Password reset

To reset your password, please visit %v.
The link will be valid for %v hours.
`

		htmlTpl := `Password Reset<br><br>

To reset your password, please visit <a href="%v">this link</a>.<br>
The link will be valid for %v hours.
`
		txtContent = []byte(fmt.Sprintf(tpl, resetUrl, hoursValid))
		htmlContent = []byte(fmt.Sprintf(htmlTpl, resetUrl, hoursValid))
	}

	// Now build the email and send it.
	email := email.NewMail()
	email.SetSubject(subject)
	email.AddBody("text/plain", txtContent)
	email.AddBody("text/html", htmlContent)
	email.AddTo(user.GetEmail(), "")

	if err := mailService.Send(email); err != nil {
		return err
	}

	s.registry.Logger().WithFields(logrus.Fields{
		"action":  "users.password_reset_requested",
		"email":   user.GetEmail(),
		"user_id": user.GetId(),
		"token":   token,
	}).Debugf("Password reset email sent to %v for user %v", user.GetEmail(), user.GetId())

	return nil
}
Esempio n. 16
0
func (AdminResource) AllowDelete(res kit.Resource, obj kit.Model, user kit.User) bool {
	return user != nil && (user.HasRole("admin") || user.HasPermission(res.Collection()+".delete"))
}
Esempio n. 17
0
func (item *AuthItemPassword) SetUser(u kit.User) {
	item.SetUserId(u.GetId())
}
Esempio n. 18
0
func (s *Service) SendConfirmationEmail(user kit.User) apperror.Error {
	// Check that an email service is configured.

	mailService := s.registry.EmailService()
	if mailService == nil {
		return apperror.New("no_email_service")
	}

	conf := s.registry.Config()

	// Check that sending is enabled.
	if !conf.UBool("users.sendEmailConfirmationEmail", true) {
		return nil
	}

	// Generate a token.
	tokenItem, err := s.BuildToken("email_confirmation", user.GetStrId(), time.Time{})
	if err != nil {
		return err
	}
	token := tokenItem.GetToken()

	// Build the confirmation url.

	confirmationPath := conf.UString("users.emailConfirmationPath")
	if confirmationPath == "" {
		return &apperror.Err{
			Code:    "no_email_confirmation_path",
			Message: "Config must specify users.emailConfirmationPath",
		}
	}

	if !strings.Contains(confirmationPath, "{token}") {
		return &apperror.Err{
			Code:    "invalid_email_confirmation_path",
			Message: "users.emailConfirmationPath does not contain {token} placeholder",
		}
	}
	confirmationUrl := conf.UString("url") + "/" + strings.Replace(confirmationPath, "{token}", token, -1)

	// Render email.

	subject := conf.UString("users.emailConfirmationSubject", "Confirm your Email")

	var txtContent, htmlContent []byte

	txtTpl := conf.UString("users.emailConfirmationEmailTextTpl")
	htmlTpl := conf.UString("users.emailConfirmationEmailHtmlTpl")
	if txtTpl != "" && htmlTpl != "" {
		// Check that a template engine is configured.
		engine := s.registry.TemplateEngine()
		if engine == nil {
			return apperror.New("no_template_engine")
		}

		data := map[string]interface{}{
			"user":  user,
			"token": token,
		}
		var err apperror.Error

		txtContent, err = s.registry.TemplateEngine().BuildFileAndRender(txtTpl, data)
		if err != nil {
			return apperror.Wrap(err, "email_confirmation_tpl_error", "Could not render email confirmation tpl")
		}

		htmlContent, err = s.registry.TemplateEngine().BuildFileAndRender(htmlTpl, data)
		if err != nil {
			return apperror.Wrap(err, "email_confirmation_tpl_error", "Could not render email confirmation tpl")
		}
	} else {
		tpl := `Welcome to Appkit

To confirm your email address, please visit %v.
`

		htmlTpl := `Welcome to Appkit<br><br>

To confirm your email address, please visit <a href="%v">this link</a>.
`
		txtContent = []byte(fmt.Sprintf(tpl, confirmationUrl))
		htmlContent = []byte(fmt.Sprintf(htmlTpl, confirmationUrl))
	}

	// Now build the email and send it.
	email := email.NewMail()
	email.SetSubject(subject)
	email.AddBody("text/plain", txtContent)
	email.AddBody("text/html", htmlContent)
	email.AddTo(user.GetEmail(), "")

	if err := mailService.Send(email); err != nil {
		return err
	}

	s.registry.Logger().WithFields(logrus.Fields{
		"action":  "users.email_confirmation_mail_sent",
		"email":   user.GetEmail(),
		"user_id": user.GetId(),
		"token":   token,
	}).Debugf("Password reset email sent to %v for user %v", user.GetEmail(), user.GetId())

	return nil
}
Esempio n. 19
0
// Restrict querying to admins.
func (RoleResourceHooks) AllowFind(res kit.Resource, model kit.Model, user kit.User) bool {
	return user != nil && user.HasRole("admin")
}
Esempio n. 20
0
func (p IntIdUserProfile) SetUser(user kit.User) {
	p.SetUserId(user.GetId())
}
Esempio n. 21
0
}

func (c *Client) PostJson(path string, data string) (int, *Data, error) {
	return c.DoJson("POST", path, data)
}

var _ = Describe("App", func() {
	app := buildApp()
	registry := app.Registry()
	go func() {
		app.Run()
	}()
	time.Sleep(time.Millisecond * 500)

	client := NewClient("http://*****:*****@appkit.com"}},
					"meta": {
						"adaptor": "password", "auth-data": {"password": "******"},
Esempio n. 22
0
func (a *AuthAdaptorOauth) RegisterUser(user kit.User, data map[string]interface{}) (kit.AuthItem, apperror.Error) {
	serviceName, _ := GetStringFromMap(data, "service")
	if serviceName == "" {
		return nil, apperror.New("invalid_data_missing_service")
	}

	service := a.services[serviceName]
	if service == nil {
		return nil, &apperror.Err{
			Code:    "unconfigured_service",
			Message: fmt.Sprintf("The oauth service '%v' was not configured in oauth auth adaptor", serviceName),
		}
	}

	accessToken, _ := GetStringFromMap(data, "access_token")
	if accessToken == "" {
		return nil, apperror.New("invalid_data_missing_access_token")
	}

	// Exchange access token for long lived token.
	// This also verifies that the supplied token is valid.
	appToken, err := service.Exchange(accessToken)
	if err != nil {
		return nil, apperror.Wrap(err, "oauth_exchange_token_error", "")
	}

	userData, err := service.GetUserData(appToken)
	if err != nil {
		return nil, apperror.Wrap(err, "fetch_user_data_failed", "")
	}

	if userData.Id == "" {
		return nil, &apperror.Err{
			Code:    "fetched_userdata_missing_user_id",
			Message: "The userData fetched from the service does not contain a userId",
		}
	}

	item := &AuthItemOauth{
		Service:        serviceName,
		UserId:         user.GetStrId(),
		ExternalUserId: userData.Id,
		Token:          appToken,
	}
	item.Id = serviceName + "_" + userData.Id

	// Fill in user information.

	if user.GetEmail() == "" {
		if userData.Email != "" {
			user.SetEmail(userData.Email)
			user.SetIsEmailConfirmed(true)
		} else {
			return nil, &apperror.Err{
				Code:    "oauth_service_insufficient_data_error",
				Message: fmt.Sprintf("The oauth service %v did not supply the users email, which is required", serviceName),
			}
		}
	}

	if user.GetUsername() == "" && userData.Username != "" {
		user.SetUsername(userData.Username)
	}

	return item, nil
}
Esempio n. 23
0
func (s *Service) CreateUser(user kit.User, adaptorName string, authData map[string]interface{}) apperror.Error {
	adaptor := s.AuthAdaptor(adaptorName)
	if adaptor == nil {
		return &apperror.Err{
			Code:    "unknown_auth_adaptor",
			Message: fmt.Sprintf("Auth adaptor %v was not registered with user service", adaptorName),
			Public:  true,
		}
	}

	authItem, err := adaptor.RegisterUser(user, authData)
	if err != nil {
		return apperror.Wrap(err, "adaptor_error", "")
	}

	if user.GetUsername() == "" {
		user.SetUsername(user.GetEmail())
	}

	// Check if user with same username or email exists.
	oldUser, err2 := s.Users.Q().
		Filter("email", user.GetEmail()).Or("username", user.GetUsername()).First()
	if err2 != nil {
		return err2
	} else if oldUser != nil {
		return &apperror.Err{
			Code:    "user_exists",
			Message: "A user with the username or email already exists",
			Public:  true,
		}
	}

	user.SetIsActive(true)

	profile := user.GetProfile()

	// If a profile is configured, and the user does not have a profile yet,
	// create a new one.
	if s.Profiles != nil && profile == nil {
		profile = s.Profiles.CreateModel().(kit.UserProfile)
		user.SetProfile(profile)
	}

	if err := s.Users.Create(user, nil); err != nil {
		return err
	}

	// Create profile if one exists.

	if profile != nil {
		profile.SetUser(user)
		if err := s.Profiles.Create(profile, user); err != nil {
			s.Users.Backend().Delete(user)
			return apperror.Wrap(err, "user_profile_create_error", "Could not create the user profile")
		}
	}

	// Persist auth item.
	if authItemUserId, ok := authItem.(kit.UserModel); ok {
		authItemUserId.SetUserId(user.GetId())
	}
	if err := s.Users.Backend().Create(authItem); err != nil {
		s.Users.Backend().Delete(user)
		if profile != nil {
			s.Profiles.Backend().Delete(profile)
		}
		return apperror.Wrap(err, "auth_item_create_error", "")
	}

	if err := s.SendConfirmationEmail(user); err != nil {
		s.registry.Logger().Errorf("Could not send confirmation email: %v", err)
	}

	return nil
}