func (s *SAMLAuthScheme) Create(user *auth.User) (*auth.User, error) { user.Password = "" if err := user.Create(); err != nil { return nil, err } return user, nil }
func (s *OAuthScheme) Create(user *auth.User) (*auth.User, error) { err := user.Create() if err != nil { return nil, err } return user, nil }
func (s *InstanceSuite) TestGetServiceinstancesByServicesAndTeamsUserAdmin(c *check.C) { u := auth.User{Email: "*****@*****.**"} err := u.Create() c.Assert(err, check.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) team := auth.Team{Name: "admin", Users: []string{u.Email}} err = s.conn.Teams().Insert(team) c.Assert(err, check.IsNil) defer s.conn.Teams().RemoveId(team.Name) srvc := Service{Name: "mysql", Teams: []string{s.team.Name}, IsRestricted: true} err = s.conn.Services().Insert(&srvc) c.Assert(err, check.IsNil) defer s.conn.Services().RemoveId(srvc.Name) instance := ServiceInstance{ Name: "j4sql", ServiceName: srvc.Name, Teams: []string{s.team.Name}, Apps: []string{}, Units: []string{}, } err = s.conn.ServiceInstances().Insert(&instance) c.Assert(err, check.IsNil) defer s.conn.ServiceInstances().Remove(bson.M{"name": instance.Name}) instances, err := GetServiceInstancesByServicesAndTeams([]Service{srvc}, &u, "") c.Assert(err, check.IsNil) c.Assert(instances, check.DeepEquals, []ServiceInstance{instance}) }
func createUser(w http.ResponseWriter, r *http.Request) error { var u auth.User err := json.NewDecoder(r.Body).Decode(&u) if err != nil { return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()} } if !validation.ValidateEmail(u.Email) { return &errors.HTTP{Code: http.StatusBadRequest, Message: emailError} } if !validation.ValidateLength(u.Password, passwordMinLen, passwordMaxLen) { return &errors.HTTP{Code: http.StatusBadRequest, Message: passwordError} } if _, err = auth.GetUserByEmail(u.Email); err == nil { return &errors.HTTP{Code: http.StatusConflict, Message: "This email is already registered"} } gURL := repository.ServerURL() c := gandalf.Client{Endpoint: gURL} if _, err := c.NewUser(u.Email, keyToMap(u.Keys)); err != nil { return fmt.Errorf("Failed to create user in the git server: %s", err) } u.Quota = quota.Unlimited if limit, err := config.GetInt("quota:apps-per-user"); err == nil && limit > -1 { u.Quota.Limit = limit } if err := u.Create(); err == nil { rec.Log(u.Email, "create-user") w.WriteHeader(http.StatusCreated) return nil } return err }
func (s *S) TestCreateTokenRemoveOldTokens(c *gocheck.C) { config.Set("auth:max-simultaneous-sessions", 2) u := auth.User{Email: "*****@*****.**", Password: "******"} err := u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) defer s.conn.Tokens().RemoveAll(bson.M{"useremail": u.Email}) t1, err := newUserToken(&u) c.Assert(err, gocheck.IsNil) t2 := t1 t2.Token += "aa" err = s.conn.Tokens().Insert(t1, t2) _, err = createToken(&u, "123456") c.Assert(err, gocheck.IsNil) ok := make(chan bool, 1) go func() { for { ct, err := s.conn.Tokens().Find(bson.M{"useremail": u.Email}).Count() c.Assert(err, gocheck.IsNil) if ct == 2 { ok <- true return } runtime.Gosched() } }() select { case <-ok: case <-time.After(2e9): c.Fatal("Did not remove old tokens after 2 seconds") } }
func (s *S) TestCreateTokenShouldValidateThePassword(c *gocheck.C) { u := auth.User{Email: "*****@*****.**", Password: "******"} err := u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) _, err = createToken(&u, "123") c.Assert(err, gocheck.NotNil) }
func (s *S) TestNativeCreateExistingEmail(c *gocheck.C) { existingUser := auth.User{Email: "*****@*****.**"} existingUser.Create() scheme := NativeScheme{} user := &auth.User{Email: "*****@*****.**", Password: "******"} _, err := scheme.Create(user) c.Assert(err, gocheck.Equals, ErrEmailRegistered) }
func (s *S) TestPasswordTokenUser(c *check.C) { u := auth.User{Email: "*****@*****.**", Password: "******"} err := u.Create() c.Assert(err, check.IsNil) defer u.Delete() t, err := createPasswordToken(&u) c.Assert(err, check.IsNil) u2, err := t.user() c.Assert(err, check.IsNil) c.Assert(*u2, check.DeepEquals, u) }
func (s *S) TestPasswordTokenUser(c *gocheck.C) { u := auth.User{Email: "*****@*****.**", Password: "******"} err := u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) t, err := createPasswordToken(&u) c.Assert(err, gocheck.IsNil) u2, err := t.user() u2.Keys = u.Keys c.Assert(err, gocheck.IsNil) c.Assert(*u2, gocheck.DeepEquals, u) }
func (s *S) TestCreateTokenShouldSaveTheTokenInTheDatabase(c *gocheck.C) { u := auth.User{Email: "*****@*****.**", Password: "******"} err := u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) _, err = createToken(&u, "123456") c.Assert(err, gocheck.IsNil) var result Token err = s.conn.Tokens().Find(bson.M{"useremail": u.Email}).One(&result) c.Assert(err, gocheck.IsNil) c.Assert(result.Token, gocheck.NotNil) }
func (s *S) TestCreateTokenUsesDefaultCostWhenHasCostIsUndefined(c *gocheck.C) { err := config.Unset("auth:hash-cost") c.Assert(err, gocheck.IsNil) defer config.Set("auth:hash-cost", bcrypt.MinCost) u := auth.User{Email: "*****@*****.**", Password: "******"} err = u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) cost = 0 tokenExpire = 0 _, err = createToken(&u, "123456") c.Assert(err, gocheck.IsNil) }
func (s *S) TestResetPasswordThirdToken(c *gocheck.C) { scheme := NativeScheme{} u := auth.User{Email: "*****@*****.**"} err := u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) t, err := createPasswordToken(&u) c.Assert(err, gocheck.IsNil) defer s.conn.PasswordTokens().Remove(bson.M{"_id": t.Token}) u2 := auth.User{Email: "*****@*****.**"} err = scheme.ResetPassword(&u2, t.Token) c.Assert(err, gocheck.Equals, auth.ErrInvalidToken) }
func (s *S) TestResetPassword(c *check.C) { scheme := NativeScheme{} defer s.server.Reset() u := auth.User{Email: "*****@*****.**"} err := u.Create() c.Assert(err, check.IsNil) defer u.Delete() p := u.Password err = scheme.StartPasswordReset(&u) c.Assert(err, check.IsNil) err = tsurutest.WaitCondition(time.Second, func() bool { s.server.RLock() defer s.server.RUnlock() return len(s.server.MailBox) == 1 }) c.Assert(err, check.IsNil) var token passwordToken err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token) c.Assert(err, check.IsNil) err = scheme.ResetPassword(&u, token.Token) c.Assert(err, check.IsNil) u2, _ := auth.GetUserByEmail(u.Email) c.Assert(u2.Password, check.Not(check.Equals), p) var m authtest.Mail err = tsurutest.WaitCondition(time.Second, func() bool { s.server.RLock() defer s.server.RUnlock() if len(s.server.MailBox) != 2 { return false } m = s.server.MailBox[1] return true }) c.Assert(err, check.IsNil) c.Assert(m.From, check.Equals, "root") c.Assert(m.To, check.DeepEquals, []string{u.Email}) var buf bytes.Buffer template, err := getEmailResetPasswordSucessfullyTemplate() c.Assert(err, check.IsNil) err = template.Execute(&buf, map[string]string{"email": u.Email, "password": ""}) c.Assert(err, check.IsNil) expected := strings.Replace(buf.String(), "\n", "\r\n", -1) + "\r\n" lines := strings.Split(string(m.Data), "\r\n") lines[len(lines)-4] = "" c.Assert(strings.Join(lines, "\r\n"), check.Equals, expected) err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token) c.Assert(err, check.IsNil) c.Assert(token.Used, check.Equals, true) }
func (s *S) TestReserveUserAppForwardQuotaExceeded(c *gocheck.C) { user := auth.User{ Email: "*****@*****.**", Quota: quota.Quota{Limit: 1, InUse: 1}, } err := user.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": user.Email}) app := App{ Name: "clap", Platform: "django", } previous, err := reserveUserApp.Forward(action.FWContext{Params: []interface{}{app, user}}) c.Assert(previous, gocheck.IsNil) _, ok := err.(*quota.QuotaExceededError) c.Assert(ok, gocheck.Equals, true) }
func (c *DBTokenCache) PutToken(t *goauth2.Token) error { if t.AccessToken == "" { return ErrEmptyAccessToken } var email string if t.Extra == nil || t.Extra["email"] == "" { conf, err := c.scheme.loadConfig() if err != nil { return err } transport := &goauth2.Transport{Config: &conf} transport.Token = t client := transport.Client() response, err := client.Get(c.scheme.InfoUrl) if err != nil { return err } email, err = c.scheme.Parser.Parse(response) if email == "" { return ErrEmptyUserEmail } _, err = auth.GetUserByEmail(email) if err != nil { if err != auth.ErrUserNotFound { return err } registrationEnabled, _ := config.GetBool("auth:user-registration") if !registrationEnabled { return err } user := auth.User{Email: email} err := user.Create() if err != nil { return err } err = user.CreateOnGandalf() if err != nil { return err } } t.Extra = make(map[string]string) t.Extra["email"] = email } return makeToken(t).save() }
func (s NativeScheme) Create(user *auth.User) (*auth.User, error) { if !validation.ValidateEmail(user.Email) { return nil, ErrInvalidEmail } if !validation.ValidateLength(user.Password, passwordMinLen, passwordMaxLen) { return nil, ErrInvalidPassword } if _, err := auth.GetUserByEmail(user.Email); err == nil { return nil, ErrEmailRegistered } if err := hashPassword(user); err != nil { return nil, err } if err := user.Create(); err != nil { return nil, err } return user, nil }
func (s *InstanceSuite) TestGetServiceInstancesByServicesAndTeamsForUsersThatAreNotMembersOfAnyTeam(c *gocheck.C) { u := auth.User{Email: "*****@*****.**"} err := u.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": u.Email}) srvc := Service{Name: "mysql", Teams: []string{s.team.Name}, IsRestricted: true} err = s.conn.Services().Insert(&srvc) c.Assert(err, gocheck.IsNil) defer s.conn.Services().RemoveId(srvc.Name) instance := ServiceInstance{ Name: "j4sql", ServiceName: srvc.Name, } err = s.conn.ServiceInstances().Insert(&instance) c.Assert(err, gocheck.IsNil) defer s.conn.ServiceInstances().Remove(bson.M{"name": instance.Name}) instances, err := GetServiceInstancesByServicesAndTeams([]Service{srvc}, &u) c.Assert(err, gocheck.IsNil) c.Assert(instances, gocheck.IsNil) }
func (s *S) TestReserveUserAppBackward(c *gocheck.C) { user := auth.User{ Email: "*****@*****.**", Quota: quota.Quota{Limit: 1, InUse: 1}, } err := user.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": user.Email}) app := App{ Name: "clap", Platform: "django", } ctx := action.BWContext{ FWResult: map[string]string{ "app": app.Name, "user": user.Email, }, } reserveUserApp.Backward(ctx) err = auth.ReserveApp(&user) c.Assert(err, gocheck.IsNil) }
func (s *S) TestResetPassword(c *gocheck.C) { scheme := NativeScheme{} defer s.server.Reset() u := auth.User{Email: "*****@*****.**"} err := u.Create() c.Assert(err, gocheck.IsNil) p := u.Password defer s.conn.Users().Remove(bson.M{"email": u.Email}) err = scheme.StartPasswordReset(&u) c.Assert(err, gocheck.IsNil) time.Sleep(1e6) // Let the email flow var token passwordToken err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token) c.Assert(err, gocheck.IsNil) err = scheme.ResetPassword(&u, token.Token) c.Assert(err, gocheck.IsNil) u2, _ := auth.GetUserByEmail(u.Email) c.Assert(u2.Password, gocheck.Not(gocheck.Equals), p) time.Sleep(1e9) // Let the email flow s.server.Lock() defer s.server.Unlock() c.Assert(s.server.MailBox, gocheck.HasLen, 2) m := s.server.MailBox[1] c.Assert(m.From, gocheck.Equals, "root") c.Assert(m.To, gocheck.DeepEquals, []string{u.Email}) var buf bytes.Buffer err = passwordResetConfirm.Execute(&buf, map[string]string{"email": u.Email, "password": ""}) c.Assert(err, gocheck.IsNil) expected := strings.Replace(buf.String(), "\n", "\r\n", -1) + "\r\n" lines := strings.Split(string(m.Data), "\r\n") lines[len(lines)-4] = "" c.Assert(strings.Join(lines, "\r\n"), gocheck.Equals, expected) err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token) c.Assert(err, gocheck.IsNil) c.Assert(token.Used, gocheck.Equals, true) }
func (s *S) TestReserveUserAppForwardAppNotPointer(c *gocheck.C) { user := auth.User{ Email: "*****@*****.**", Quota: quota.Quota{Limit: 1}, } err := user.Create() c.Assert(err, gocheck.IsNil) defer s.conn.Users().Remove(bson.M{"email": user.Email}) app := App{ Name: "clap", Platform: "django", } expected := map[string]string{"user": user.Email, "app": app.Name} previous, err := reserveUserApp.Forward(action.FWContext{Params: []interface{}{app, user}}) c.Assert(err, gocheck.IsNil) c.Assert(previous, gocheck.DeepEquals, expected) err = auth.ReserveApp(&user) _, ok := err.(*quota.QuotaExceededError) c.Assert(ok, gocheck.Equals, true) err = auth.ReleaseApp(&user) c.Assert(err, gocheck.IsNil) err = auth.ReserveApp(&user) c.Assert(err, gocheck.IsNil) }