//createSystemUser updates the running instance password as well as the user record in elastic
func createSystemUser(s *ControlPlaneDao) error {
user := userdomain.User{}
err := s.GetUser(SYSTEM_USER_NAME, &user)
if err != nil {
glog.Warningf("%s", err)
glog.V(0).Info("'default' user not found; creating...")
// create the system user
user := userdomain.User{}
user.Name = SYSTEM_USER_NAME
userName := SYSTEM_USER_NAME
if err := s.AddUser(user, &userName); err != nil {
return err
}
}
// update the instance password
password, err := utils.NewUUID36()
if err != nil {
return err
}
user.Name = SYSTEM_USER_NAME
user.Password = password
INSTANCE_PASSWORD = password
unused := 0
return s.UpdateUser(user, &unused)
}
//UpdateUser updates the user entry in elastic search. NOTE: It is assumed the
//pasword is NOT hashed when updating the user record
func (this *ControlPlaneDao) UpdateUser(user userdomain.User, unused *int) error {
glog.V(2).Infof("ControlPlaneDao.UpdateUser: %+v", user)
id := strings.TrimSpace(user.Name)
if id == "" {
return errors.New("empty User.Name not allowed")
}
user.Name = id
user.Password = hashPassword(user.Password)
store := userdomain.NewStore()
return store.Put(datastore.Get(), userdomain.Key(user.Name), &user)
}
func (dt *DaoTest) TestUser_ValidateCredentials(t *C) {
user := userdomain.User{
Name: "Pepe",
Password: "******",
}
id := "Pepe"
err := dt.Dao.AddUser(user, &id)
if err != nil {
t.Fatalf("Failure creating a user %s", err)
}
var isValid bool
attemptUser := userdomain.User{
Name: "Pepe",
Password: "******",
}
err = dt.Dao.ValidateCredentials(attemptUser, &isValid)
if err != nil {
t.Fatalf("Failure authenticating credentials %s", err)
}
if !isValid {
t.Fatalf("Unable to authenticate user credentials")
}
unused := 0
err = dt.Dao.RemoveUser("Pepe", &unused)
if err != nil {
t.Fatalf("Failure removing user %s", err)
}
// update the user
user.Password = "******"
err = dt.Dao.UpdateUser(user, &unused)
if err != nil {
t.Fatalf("Failure creating a user %s", err)
}
attemptUser.Password = "******"
// make sure we can validate against the updated credentials
err = dt.Dao.ValidateCredentials(attemptUser, &isValid)
if err != nil {
t.Fatalf("Failure authenticating credentials %s", err)
}
}
//addUser places a new user record into elastic searchp
func (this *ControlPlaneDao) AddUser(newUser userdomain.User, userName *string) error {
glog.V(2).Infof("ControlPlane.NewUser: %+v", newUser)
name := strings.TrimSpace(*userName)
newUser.Password = hashPassword(newUser.Password)
// save the user
var existing userdomain.User
if err := this.GetUser(name, &existing); err != nil && !datastore.IsErrNoSuchEntity(err) {
return err
}
store := userdomain.NewStore()
return store.Put(datastore.Get(), userdomain.Key(name), &newUser)
}