func NewCompanyManager(r *http.Request) *CompanyManager { session := db.GetDBSession(r) return &CompanyManager{ session: session, collection: getCompanyCollection(session), } }
//NewInvitationManager creates and initializes a new InvitationManager func NewInvitationManager(r *http.Request) *InvitationManager { session := db.GetDBSession(r) return &InvitationManager{ session: session, collection: getOrganizationRequestCollection(session), } }
//NewManager creates and initializes a new Manager func NewManager(r *http.Request) *Manager { session := db.GetDBSession(r) return &Manager{ session: session, collection: db.GetCollection(session, mongoCollectionName), } }
//NewManager creates a new Manager func NewManager(r *http.Request) *Manager { session := db.GetDBSession(r) return &Manager{ session: session, collection: getTotpCollection(session), } }
//NewLogoManager creates and initializes a new LogoManager func NewLogoManager(r *http.Request) *LogoManager { session := db.GetDBSession(r) return &LogoManager{ session: session, collection: getLogoCollection(session), } }
// NewLast2FAManager creates and initializes a new Last2FAManager func NewLast2FAManager(r *http.Request) *Last2FAManager { session := db.GetDBSession(r) return &Last2FAManager{ session: session, collection: getLast2FACollection(session), } }
//NewManager creates a new Manager func NewManager(r *http.Request) *Manager { session := db.GetDBSession(r) return &Manager{ session: session, collection: getPasswordCollection(session), tokencollection: getPasswordResetTokenCollection(session), } }
//GetSmsCode returns an sms code for a specified phone label func (service *Service) GetSmsCode(w http.ResponseWriter, request *http.Request) { phoneLabel := mux.Vars(request)["phoneLabel"] loginSession, err := service.GetSession(request, SessionLogin, "loginsession") if err != nil { log.Error("Error getting login session", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } sessionInfo, err := newLoginSessionInformation() if err != nil { log.Error("Error creating login session information", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } username, ok := loginSession.Values["username"].(string) if username == "" || !ok { http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } userMgr := user.NewManager(request) userFromDB, err := userMgr.GetByName(username) if err != nil { log.Error("Error getting user", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } phoneNumber, err := userFromDB.GetPhonenumberByLabel(phoneLabel) if err != nil { log.Debug(userFromDB.Phonenumbers) http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound) return } loginSession.Values["sessionkey"] = sessionInfo.SessionKey authClientId := loginSession.Values["auth_client_id"] authenticatingOrganization := "" if authClientId != nil { authenticatingOrganization = authClientId.(string) } mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName) mgoCollection.Insert(sessionInfo) organizationText := "" if authenticatingOrganization != "" { split := strings.Split(authenticatingOrganization, ".") organizationText = fmt.Sprintf("to authorize the organization %s, ", split[len(split)-1]) } smsmessage := fmt.Sprintf("To continue signing in at itsyou.online %senter the code %s in the form or use this link: https://%s/sc?c=%s&k=%s", organizationText, sessionInfo.SMSCode, request.Host, sessionInfo.SMSCode, url.QueryEscape(sessionInfo.SessionKey)) sessions.Save(request, w) go service.smsService.Send(phoneNumber.Phonenumber, smsmessage) w.WriteHeader(http.StatusNoContent) }
func (service *Service) getLoginSessionInformation(request *http.Request, sessionKey string) (sessionInfo *loginSessionInformation, err error) { if sessionKey == "" { sessionKey, err = service.getSessionKey(request) if err != nil || sessionKey == "" { return } } mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName) sessionInfo = &loginSessionInformation{} err = mgoCollection.Find(bson.M{"sessionkey": sessionKey}).One(sessionInfo) if err == mgo.ErrNotFound { sessionInfo = nil err = nil } return }
//MobileSMSConfirmation is the page that is linked to in the SMS and is thus accessed on the mobile phone func (service *Service) MobileSMSConfirmation(w http.ResponseWriter, request *http.Request) { err := request.ParseForm() if err != nil { log.Debug("ERROR parsing mobile smsconfirmation form", err) http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } values := request.Form sessionKey := values.Get("k") smscode := values.Get("c") var validsmscode bool sessionInfo, err := service.getLoginSessionInformation(request, sessionKey) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } if sessionInfo == nil { service.renderSMSConfirmationPage(w, request, "Invalid or expired link") return } validsmscode = (smscode == sessionInfo.SMSCode) if !validsmscode { //TODO: limit to 3 failed attempts service.renderSMSConfirmationPage(w, request, "Invalid or expired link") return } mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName) _, err = mgoCollection.UpdateAll(bson.M{"sessionkey": sessionKey}, bson.M{"$set": bson.M{"confirmed": true}}) if err != nil { log.Error("Error while confirming sms 2fa - ", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } service.renderSMSConfirmationPage(w, request, "You will be logged in within a few seconds") }
//NewManager creates and initializes a new Manager func NewManager(r *http.Request) *Manager { session := db.GetDBSession(r) return &Manager{ session: session, } }