func adminUsersHandler(w http.ResponseWriter, r *http.Request, admin Location) {
isAuth(w, r, admin, "admin")
if r.Method == "POST" {
var user httpauth.UserData
user.Username = r.PostFormValue("username")
user.Email = r.PostFormValue("email")
password := r.PostFormValue("password")
user.Role = r.PostFormValue("role")
if err := aaa.Register(w, r, user, password); err != nil {
// maybe something
}
}
if user, err := aaa.CurrentUser(w, r); err == nil {
type data struct {
User httpauth.UserData
Roles map[string]httpauth.Role
Users []httpauth.UserData
Msg []string
}
messages := aaa.Messages(w, r)
users, err := backend.Users()
if err != nil {
panic(err)
}
d := data{User: user, Roles: roles, Users: users, Msg: messages}
var templates = template.Must(template.ParseGlob("admin/templates/*"))
t_err := templates.ExecuteTemplate(w, "manage-accounts.html", d)
if t_err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}
func (controller *usersController) newPost(rw http.ResponseWriter, req *http.Request) (int, error) {
err := req.ParseForm()
if err != nil {
return http.StatusInternalServerError, err
}
decoder := schema.NewDecoder()
// Ignore unknown keys to prevent errors from the CSRF token.
decoder.IgnoreUnknownKeys(true)
formUser := new(viewmodels.UsersEditViewModel)
err = decoder.Decode(formUser, req.PostForm)
if err != nil {
return http.StatusInternalServerError, err
}
valErrors := validateUserForm(formUser, false)
if len(valErrors) > 0 {
isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
vm := viewmodels.NewUserViewModel(formUser, controller.roles, isAuthenticated, user, valErrors)
vm.CsrfField = csrf.TemplateField(req)
return http.StatusOK, controller.newTemplate.Execute(rw, vm)
}
var user httpauth.UserData
user.Username = formUser.Username
user.Email = formUser.Email
password := formUser.Password
user.Role = formUser.Role
err = controller.authorizer.Register(rw, req, user, password)
if err != nil {
return http.StatusInternalServerError, err
}
http.Redirect(rw, req, "/settings/users", http.StatusSeeOther)
return http.StatusSeeOther, nil
}
/**
* This authenticates user providing X509 credential
*/
func X509Authenticator(writer http.ResponseWriter, request *http.Request) {
logger := NewPrefixed("X509Authenticator")
if caChannel == nil || len(request.TLS.PeerCertificates) < 1 {
logger.Debug("No CA cert pool or no TLS peer certificate; redirect to OAuth page")
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
logger.Finest("Retrieving ca cert pool")
caCertPool := <-caChannel
logger.Finest("CA pool length = %v", len(caCertPool.Subjects()))
logger.Debug("len(r.TLS.PeerCertificates) = %v", len(request.TLS.PeerCertificates))
// for i, c := range request.TLS.PeerCertificates {
// logger.Debug("request.TLS.PeerCertificates[%v].Subject = %v", i, c.Subject)
// logger.Debug("request.TLS.PeerCertificates[%v].Issuer = %v", i, c.Issuer)
// for j, a := range c.EmailAddresses {
// logger.Debug("request.TLS.PeerCertificates[%v].EmailAddresses[%v] = %v", i, j, a)
// }
// }
logger.Finest("len(r.TLS.VerifiedChains) = %v", len(request.TLS.VerifiedChains))
vOpts := x509.VerifyOptions{Roots: caCertPool}
userCert := request.TLS.PeerCertificates[0]
chains, err := userCert.Verify(vOpts)
if err != nil {
logger.Warn("failed to parse certificate: " + err.Error())
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
logger.Debug("shains = %v\n", chains)
var user httpauth.UserData
user.Username = userCert.Subject.CommonName + "#" + userCert.Issuer.CommonName
user.Email = userCert.EmailAddresses[0]
password := "******"
err = httpAuthorizer.Register(writer, request, user, password)
logger.Debug("register err = %v", err)
err = httpAuthorizer.Login(writer, request, user.Username, password, APPSURL)
logger.Debug("login err = %v", err)
if err != nil {
logger.Debug("err.Error = %v", err.Error())
}
if err == nil || err.Error() == "httpauth: already authenticated" {
logger.Debug("00")
http.Redirect(writer, request, APPSURL, http.StatusSeeOther)
} else {
logger.Debug("01")
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
}
logger.Debug("Fin")
}
func postRegister(rw http.ResponseWriter, req *http.Request) {
var user httpauth.UserData
user.Username = req.PostFormValue("username")
user.Email = req.PostFormValue("email")
password := req.PostFormValue("password")
if err := aaa.Register(rw, req, user, password); err == nil {
http.Redirect(rw, req, "/login?success=1", http.StatusSeeOther)
} else {
http.Redirect(rw, req, "/login?success=0", http.StatusSeeOther)
}
}
func postAddUser(rw http.ResponseWriter, req *http.Request) {
var user httpauth.UserData
user.Username = req.PostFormValue("username")
user.Email = req.PostFormValue("email")
password := req.PostFormValue("password")
user.Role = req.PostFormValue("role")
if err := aaa.Register(rw, req, user, password); err != nil {
// maybe something
}
http.Redirect(rw, req, "/admin", http.StatusSeeOther)
}
/**
* This authenticates user providing OAuth credential
*/
func OAuthAuthenticator(writer http.ResponseWriter, request *http.Request) {
logger := NewPrefixed("OAuthAuthenticator")
h := md5.New()
io.WriteString(h, "The fog is getting thicker!")
io.WriteString(h, "And Leon's getting larger!")
i := fmt.Sprintf("%x", h.Sum(nil))
logger.Debug("h.sum() = %v", i)
logger.Debug("r.Method = %v", request.Method)
logger.Debug("r.URL = %v", request.URL)
p, _ := url.ParseQuery(request.URL.Path)
p, err := url.ParseQuery(request.URL.RawQuery)
if err != nil {
logger.Warn("failed to find OAuth credentials: " + err.Error())
OAuthenticationPage(writer, request)
return
}
if (p == nil) || (p["code"] == nil) || (len(p["code"]) < 1) {
logger.Warn("failed to find OAuth credentials (code not set)")
OAuthenticationPage(writer, request)
return
}
paths := strings.Split(request.URL.Path, "/")
if len(paths) < 3 {
logger.Warn("failed to retreive AOuth server")
OAuthenticationPage(writer, request)
return
}
oauthServerName := paths[len(paths)-1]
//
// Retrieve OAuth conf
//
logger.Finest("oauthConfigurationChannels[%v] = %v", oauthServerName, oauthConfigurationChannels[oauthServerName])
if oauthConfigurationChannels[oauthServerName] == nil {
logger.Debug("No OAuth conf channel for %v", oauthServerName)
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
oauthConf := <-oauthConfigurationChannels[oauthServerName]
logger.Debug("config = %v", oauthConf)
if oauthConf == nil {
logger.Warn("No OAuth conf; redirect to OAuth page")
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
code := p["code"][0]
token, err := oauthConf.Config.Exchange(oauth2.NoContext, code)
if err != nil {
logger.Warn(err.Error())
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
if token != nil && token.Extra(OAUTH_IDTOKEN_NAME) == nil {
logger.Warn("No OAuth id_token; redirect to OAuth page")
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
client := oauthConf.Config.Client(oauth2.NoContext, token)
if client == nil {
logger.Warn("No OAuth client; redirect to OAuth page")
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
return
}
var body = make([]byte, 1024)
// clientResponse, err := client.Get("https://www.googleapis.com/oauth2/v2/userinfo")
clientResponse, err := client.Get(oauthConf.ApiUrl)
n, err := clientResponse.Body.Read(body)
logger.Debug("poeut %v, %v", n, err)
if err == nil {
var userJson map[string]interface{}
err = json.Unmarshal(body[:n], &userJson)
logger.Info("user = %v", userJson)
// fmt.Fprint(writer, "<p>You are logged in as ", userJson["email"], "</p>")
var user httpauth.UserData
//
// next line is a type assertion, because we know the generic interface
// contains a string
// https://golang.org/doc/effective_go.html#interface_conversions
//
user.Email = userJson["email"].(string)
user.Username = userJson["family_name"].(string) + "#" + userJson["given_name"].(string)
password := "******"
logger.Debug("user = %v", user)
err = httpAuthorizer.Register(writer, request, user, password)
logger.Debug("register err = %v", err)
err = httpAuthorizer.Login(writer, request, user.Username, password, APPSURL)
logger.Debug("login err = %v", err)
if err != nil {
logger.Debug("err.Error = %v", err.Error())
}
if err == nil || err.Error() == "httpauth: already authenticated" {
logger.Debug("00")
http.Redirect(writer, request, APPSURL, http.StatusSeeOther)
} else {
logger.Debug("01")
http.Redirect(writer, request, OAUTHURL, HTTPCODE_UNAUTHORIZED)
}
logger.Debug("Fin")
}
}
