Esempio n. 1
0
func GetUser(c *echo.Context) error {
	userId := c.Param("id")
	if userId == "" {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "User id needed to retrieve account informations",
				},
			},
		})
	}

	user, err := users.GetUser(userId)
	if err != nil {
		return err
	}

	if user == nil {
		return c.JSON(http.StatusNotFound, hash{
			"error": [1]hash{
				hash{
					"detail": "User Not Found",
				},
			},
		})
	}

	return c.JSON(http.StatusOK, hash{
		"data": hash{
			"id":         user.Id,
			"type":       "user",
			"attributes": user,
		},
	})
}
Esempio n. 2
0
func (c oauthConnector) GetUserFromAccessToken(accessToken string) (interface{}, error) {
	rows, err := db.Query(
		`SELECT user_id
		FROM oauth_access_tokens
		WHERE token = $1::varchar
		AND expires_at > NOW()
		`,
		accessToken,
	)

	if err != nil {
		return nil, err
	}

	defer rows.Close()
	if !rows.Next() {
		return nil, nil
	}

	var userId string
	err = rows.Scan(&userId)
	if err != nil {
		return nil, err
	}

	return users.GetUser(userId)
}
Esempio n. 3
0
func GetUser(c *echo.Context) error {
	userId := c.Param("id")
	if userId == "" {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "User id needed to retrieve account informations",
				},
			},
		})
	}

	user, err := users.GetUser(userId)
	if err != nil {
		return err
	}

	if user == nil {
		return c.JSON(http.StatusNotFound, hash{
			"error": [1]hash{
				hash{
					"detail": "User Not Found",
				},
			},
		})
	}

	return utils.JSON(c, http.StatusOK, user)
}
Esempio n. 4
0
func Update(c *echo.Context) error {
	u := users.User{}

	err := utils.ParseJSONBody(c, &u)
	if err != nil {
		return nil
	}

	user, err := users.GetUser(u.GetID())
	if err != nil {
		return apiErrors.UserNotFound
	}

	if u.Password == "" {
		return apiErrors.InvalidRequest.Detail("The password field is missing.")
	}

	err = users.UpdateUserPassword(user.GetID(), u.Password)
	if err != nil {
		log.Error(err)
		return apiErrors.InternalError.Detail("Unable to update the password.")
	}

	return utils.JSON(c, http.StatusOK, user)
}
Esempio n. 5
0
func Update(c *echo.Context) error {
	updatedUser := users.User{}
	user := c.Get("user").(*users.User)

	err := utils.ParseJSONBody(c, &updatedUser)
	if err != nil {
		return apiErrors.InvalidRequest
	}

	currentUser, err := users.GetUser(updatedUser.GetID())
	if err != nil {
		return apiErrors.UserNotFound
	}

	if !user.IsAdmin && (updatedUser.GetID() != user.GetID()) {
		return apiErrors.Unauthorized.Detail("You can only update your account")
	}

	if updatedUser.IsAdmin != currentUser.IsAdmin {
		if currentUser.Id == user.GetID() {
			return apiErrors.Unauthorized.Detail("You cannot grant administration rights")
		}
		err = users.UpdateUserPrivilege(updatedUser.GetID(), updatedUser.IsAdmin)
		if err != nil {
			log.Error(err)
			return apiErrors.InternalError.Detail("Unable to update the rank")
		}
	} else if updatedUser.Password != "" {
		err = users.UpdateUserPassword(updatedUser.GetID(), updatedUser.Password)
		if err != nil {
			log.Error(err)
			return apiErrors.InternalError.Detail("Unable to update the password")
		}
	} else if updatedUser.Email != currentUser.Email {
		err = users.UpdateUserEmail(updatedUser.GetID(), updatedUser.Email)
		if err != nil {
			log.Error(err)
			return apiErrors.InternalError.Detail("Unable to update the email")
		}
	} else if updatedUser.FirstName != currentUser.FirstName {
		err = users.UpdateUserFirstName(updatedUser.GetID(), updatedUser.FirstName)
		if err != nil {
			log.Error(err)
			return apiErrors.InternalError.Detail("Unable to update the first name")
		}
	} else if updatedUser.LastName != currentUser.LastName {
		err = users.UpdateUserLastName(updatedUser.GetID(), updatedUser.LastName)
		if err != nil {
			log.Error(err)
			return apiErrors.InternalError.Detail("Unable to update the last name")
		}
	} else {
		return apiErrors.InvalidRequest.Detail("No field sent")
	}

	return utils.JSON(c, http.StatusOK, &updatedUser)
}
Esempio n. 6
0
func Delete(c *echo.Context) error {
	userId := c.Param("id")
	if len(userId) == 0 {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "User id needed for deletion",
				},
			},
		})
	}

	user, err := users.GetUser(userId)
	if err != nil {
		return err
	}

	if user == nil {
		return c.JSON(http.StatusNotFound, hash{
			"error": [1]hash{
				hash{
					"detail": "User not found",
				},
			},
		})
	}

	if user.IsAdmin {
		return c.JSON(http.StatusUnauthorized, hash{
			"error": [1]hash{
				hash{
					"detail": "Admins cannot be deleted",
				},
			},
		})
	}

	err = users.DeleteUser(user.Id)
	if err != nil {
		log.Errorf("Unable to delete user: "******"meta": hash{},
	})
}
Esempio n. 7
0
/**
 * Return the appropriate user for the download token and the filename.
 */
func checkDownloadToken(token, filename string) (*users.User, error) {
	splt := strings.SplitN(token, ":", 2)
	if len(splt) != 2 {
		return nil, InvalidDownloadToken
	}

	accessTokenId := splt[0]
	rows, err := db.Query(
		"SELECT token, user_id FROM oauth_access_tokens WHERE id = $1::varchar",
		accessTokenId,
	)
	if err != nil {
		return nil, err
	}

	defer rows.Close()
	if !rows.Next() {
		return nil, InvalidDownloadToken
	}

	timeStone := time.Now().Unix()
	timeStone = timeStone + (3600 - timeStone%3600)

	var accessToken string
	var userId string
	err = rows.Scan(&accessToken, &userId)
	if err != nil {
		return nil, err
	}
	h := accessToken + ":" + filename + ":"

	expected := sha1Hash(h + strconv.FormatInt(timeStone, 10))
	if splt[1] != expected {
		timeStone = timeStone + 3600
		expected = sha1Hash(h + strconv.FormatInt(timeStone, 10))
		if splt[1] != expected {
			return nil, InvalidDownloadToken
		}
	}

	return users.GetUser(userId)
}
Esempio n. 8
0
func Delete(c *echo.Context) error {
	userId := c.Param("id")
	if len(userId) == 0 {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "User id needed for deletion",
				},
			},
		})
	}

	user, err := users.GetUser(userId)
	if err != nil {
		return err
	}

	if user == nil {
		return c.JSON(http.StatusNotFound, hash{
			"error": [1]hash{
				hash{
					"detail": "User not found",
				},
			},
		})
	}

	if user.IsAdmin {
		return c.JSON(http.StatusUnauthorized, hash{
			"error": [1]hash{
				hash{
					"detail": "Admins cannot be deleted",
				},
			},
		})
	}

	err = ldap.DeleteAccount(user.Id)
	if err != nil {
		log.Errorf("Unable to delete user in ad: %s", err.Error())
		switch err {
		case ldap.DeleteFailed:
			return c.JSON(http.StatusInternalServerError, hash{
				"error": [1]hash{
					hash{
						"detail": err.Error(),
					},
				},
			})
		case ldap.UnknownUser:
			log.Info("User doesn't exist in AD")
			break
		default:
			return err
		}
	}

	err = users.DeleteUser(user.Id)
	if err != nil {
		log.Errorf("Unable to delete user: "******"data": hash{
			"success": true,
		},
	})
}
Esempio n. 9
0
func Update(c *echo.Context) error {
	var attr map[string]map[string]interface{}

	err := utils.ParseJSONBody(c, &attr)
	if err != nil {
		return nil
	}

	data, ok := attr["data"]
	if ok == false {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "data is missing",
				},
			},
		})
	}

	attributes, ok := data["attributes"].(map[string]interface{})
	if ok == false {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "attributes is missing",
				},
			},
		})
	}

	activated, ok := attributes["activated"]
	if ok == false {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "activated field is missing",
				},
			},
		})
	}

	if activated != false {
		return c.JSON(http.StatusBadRequest, hash{
			"error": [1]hash{
				hash{
					"detail": "activated field must be false",
				},
			},
		})
	}

	code, err := Disable(c.Param("id"))
	if err != nil {
		return c.JSON(code, hash{
			"error": [1]hash{
				hash{
					"detail": err.Error(),
				},
			},
		})
	}

	user, err := users.GetUser(c.Param("id"))
	if user == nil {
		return c.JSON(http.StatusOK, hash{
			"data": hash{
				"success": true,
			},
		})
	}

	return c.JSON(http.StatusOK, hash{
		"data": hash{
			"success":    true,
			"id":         user.Id,
			"type":       "user",
			"attributes": user,
		},
	})
}