func AddUser(u *quimby.User) {
fmt.Println("adding a user", u)
var f passworder
var issuer string
if u.Username == "" {
fmt.Print("username: "******"%s\n", &u.Username)
fmt.Print("domain: ")
if os.Getenv("QUIMBY_DOMAIN") == "" {
fmt.Scanf("%s\n", &issuer)
if len(issuer) == 0 {
log.Fatal("you must supply the domain quimby is being served under")
}
} else {
issuer = os.Getenv("QUIMBY_DOMAIN")
}
fmt.Print("permission:\n 1: read\n 2: write\n 3: admin\n 4: system\n")
var x int
fmt.Scanf("%d\n", &x)
if x == 4 {
f = genPasswd
} else {
f = getPasswd
}
perm, ok := permissions[x]
if !ok {
log.Fatal("select 1, 2, 3, or 4")
}
u.Permission = perm
f(u)
}
tfa := quimby.NewTFA(issuer)
u.SetTFA(tfa)
qr, err := u.Save()
if err != nil {
log.Fatal(err)
}
tmp, err := ioutil.TempFile("", "")
if err != nil {
log.Fatal(err)
}
if _, err := tmp.Write(qr); err != nil {
log.Fatal(err)
}
tmp.Close()
fmt.Printf("you must scan the qr at %s with google authenticator before you can log in\n", tmp.Name())
}
func DoLogin(user *quimby.User, w http.ResponseWriter, req *http.Request) error {
goodPassword, err := user.CheckPassword()
if !goodPassword || err != nil {
return fmt.Errorf("bad request")
}
params := req.URL.Query()
methods, ok := params["auth"]
user.TFAData = []byte{}
if ok && methods[0] == "jwt" {
setToken(w, user)
} else {
setCookie(w, user)
}
return nil
}
func UserForm(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
err := req.ParseForm()
if err != nil {
context.Set(req, "error", err)
return
}
username := args.Vars["username"]
var u *quimby.User
if username == "new-user" {
u = quimby.NewUser(req.PostFormValue("username"), quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
u.Password = req.PostFormValue("password")
pw := req.PostFormValue("password_confirm")
if pw != u.Password {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
} else {
u = quimby.NewUser(username, quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
if err := u.Fetch(); err != nil {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
}
u.Permission = req.PostFormValue("permission")
qrData, err := u.Save()
if err != nil {
context.Set(req, "error", err)
return
}
if username == "new-user" {
qr := qrPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
Links: []link{
{"quimby", "/"},
{"admin", "/admin.html"},
},
},
QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
}
templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
} else {
w.Header().Set("Location", "/admin.html")
w.WriteHeader(http.StatusFound)
}
}
func getPasswd(u *quimby.User) {
fmt.Printf("password: "******"again: ")
b2, err := gopass.GetPasswd()
if err != nil {
log.Fatal(err)
}
p2 := string(b2)
if p1 != p2 {
log.Fatal("passwords don't match")
}
u.Password = p1
}
func genPasswd(u *quimby.User) {
u.Password = randString(32)
}