func (service *Service) storeLast2FALogin(request *http.Request, username string) {
//add last 2fa date if logging in with oauth2
queryValues := request.URL.Query()
client := queryValues.Get("client_id")
if client != "" {
l2faMgr := organizationdb.NewLast2FAManager(request)
err := l2faMgr.SetLast2FA(client, username)
if err != nil {
log.Debug("Error while setting the last 2FA login ", err)
}
}
}
//ProcessLoginForm logs a user in if the credentials are valid
func (service *Service) ProcessLoginForm(w http.ResponseWriter, request *http.Request) {
//TODO: validate csrf token
//TODO: limit the number of failed/concurrent requests
err := request.ParseForm()
if err != nil {
log.Debug("ERROR parsing registration form")
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
values := struct {
Login string `json:"login"`
Password string `json:"password"`
}{}
if err = json.NewDecoder(request.Body).Decode(&values); err != nil {
log.Debug("Error decoding the login request:", err)
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
login := strings.ToLower(values.Login)
u, err := organization.SearchUser(request, login)
if err == mgo.ErrNotFound {
w.WriteHeader(422)
return
} else if err != nil {
log.Error("Failed to search for user: "******"client_id")
// Remove last 2FA entry if an invalid password is entered
validcredentials := userexists && validpassword
if !validcredentials {
if client != "" {
l2faMgr := organizationdb.NewLast2FAManager(request)
if l2faMgr.Exists(client, u.Username) {
l2faMgr.RemoveLast2FA(client, u.Username)
}
}
w.WriteHeader(422)
return
}
loginSession, err := service.GetSession(request, SessionLogin, "loginsession")
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
loginSession.Values["username"] = u.Username
//check if 2fa validity has passed
if client != "" {
l2faMgr := organizationdb.NewLast2FAManager(request)
if l2faMgr.Exists(client, u.Username) {
timestamp, err := l2faMgr.GetLast2FA(client, u.Username)
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
mgr := organizationdb.NewManager(request)
seconds, err := mgr.GetValidity(client)
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
timeconverted := time.Time(timestamp)
if timeconverted.Add(time.Second * time.Duration(seconds)).After(time.Now()) {
service.loginUser(w, request, u.Username)
return
}
}
}
sessions.Save(request, w)
w.WriteHeader(http.StatusNoContent)
}
// DeleteOrganization is the handler for DELETE /organizations/{globalid}
// Deletes an organization and all data linked to it (join-organization-invitations, oauth_access_tokens, oauth_clients, authorizations)
func (api OrganizationsAPI) DeleteOrganization(w http.ResponseWriter, r *http.Request) {
globalid := mux.Vars(r)["globalid"]
orgMgr := organization.NewManager(r)
logoMgr := organization.NewLogoManager(r)
if !orgMgr.Exists(globalid) {
writeErrorResponse(w, http.StatusNotFound, "organization_not_found")
return
}
suborganizations, err := orgMgr.GetSubOrganizations(globalid)
if handleServerError(w, "fetching suborganizations", err) {
return
}
if len(suborganizations) != 0 {
writeErrorResponse(w, 422, "organization_has_children")
return
}
err = orgMgr.Remove(globalid)
if handleServerError(w, "removing organization", err) {
return
}
// Remove the organizations as a member/ an owner of other organizations
organizations, err := orgMgr.AllByOrg(globalid)
if handleServerError(w, "fetching organizations where this org is an owner/a member", err) {
return
}
for _, org := range organizations {
err = orgMgr.RemoveOrganization(org.Globalid, globalid)
if handleServerError(w, "removing organizations as a member / an owner of another organization", err) {
return
}
}
if logoMgr.Exists(globalid) {
err = logoMgr.Remove(globalid)
if handleServerError(w, "removing organization logo", err) {
return
}
}
orgReqMgr := invitations.NewInvitationManager(r)
err = orgReqMgr.RemoveAll(globalid)
if handleServerError(w, "removing organization invitations", err) {
return
}
oauthMgr := oauthservice.NewManager(r)
err = oauthMgr.RemoveTokensByGlobalId(globalid)
if handleServerError(w, "removing organization oauth accesstokens", err) {
return
}
err = oauthMgr.DeleteAllForOrganization(globalid)
if handleServerError(w, "removing client secrets", err) {
return
}
err = oauthMgr.RemoveClientsById(globalid)
if handleServerError(w, "removing organization oauth clients", err) {
return
}
userMgr := user.NewManager(r)
err = userMgr.DeleteAllAuthorizations(globalid)
if handleServerError(w, "removing all authorizations", err) {
return
}
err = oauthMgr.RemoveClientsById(globalid)
if handleServerError(w, "removing organization oauth clients", err) {
return
}
l2faMgr := organization.NewLast2FAManager(r)
err = l2faMgr.RemoveByOrganization(globalid)
if handleServerError(w, "removing organization 2FA history", err) {
return
}
w.WriteHeader(http.StatusNoContent)
}