Пример #1
0
func AddUser(u *quimby.User) {
	fmt.Println("adding a user", u)
	var f passworder

	var issuer string

	if u.Username == "" {
		fmt.Print("username: "******"%s\n", &u.Username)
		fmt.Print("domain: ")

		if os.Getenv("QUIMBY_DOMAIN") == "" {
			fmt.Scanf("%s\n", &issuer)
			if len(issuer) == 0 {
				log.Fatal("you must supply the domain quimby is being served under")
			}
		} else {
			issuer = os.Getenv("QUIMBY_DOMAIN")
		}
		fmt.Print("permission:\n  1: read\n  2: write\n  3: admin\n  4: system\n")
		var x int
		fmt.Scanf("%d\n", &x)
		if x == 4 {
			f = genPasswd
		} else {
			f = getPasswd
		}
		perm, ok := permissions[x]
		if !ok {
			log.Fatal("select 1, 2, 3, or 4")
		}
		u.Permission = perm
		f(u)
	}

	tfa := quimby.NewTFA(issuer)
	u.SetTFA(tfa)

	qr, err := u.Save()
	if err != nil {
		log.Fatal(err)
	}

	tmp, err := ioutil.TempFile("", "")
	if err != nil {
		log.Fatal(err)
	}

	if _, err := tmp.Write(qr); err != nil {
		log.Fatal(err)
	}
	tmp.Close()
	fmt.Printf("you must scan the qr at %s with google authenticator before you can log in\n", tmp.Name())
}
Пример #2
0
func DoLogin(user *quimby.User, w http.ResponseWriter, req *http.Request) error {
	goodPassword, err := user.CheckPassword()
	if !goodPassword || err != nil {
		return fmt.Errorf("bad request")
	}

	params := req.URL.Query()
	methods, ok := params["auth"]
	user.TFAData = []byte{}
	if ok && methods[0] == "jwt" {
		setToken(w, user)
	} else {
		setCookie(w, user)
	}
	return nil
}
Пример #3
0
func UserForm(w http.ResponseWriter, req *http.Request) {
	args := handlers.GetArgs(req)

	err := req.ParseForm()
	if err != nil {
		context.Set(req, "error", err)
		return
	}

	username := args.Vars["username"]
	var u *quimby.User
	if username == "new-user" {
		u = quimby.NewUser(req.PostFormValue("username"), quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
		u.Password = req.PostFormValue("password")
		pw := req.PostFormValue("password_confirm")
		if pw != u.Password {
			context.Set(req, "error", ErrPasswordsDoNotMatch)
			return
		}
	} else {
		u = quimby.NewUser(username, quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
		if err := u.Fetch(); err != nil {
			context.Set(req, "error", ErrPasswordsDoNotMatch)
			return
		}
	}
	u.Permission = req.PostFormValue("permission")
	qrData, err := u.Save()
	if err != nil {
		context.Set(req, "error", err)
		return
	}
	if username == "new-user" {
		qr := qrPage{
			userPage: userPage{
				User:  args.User.Username,
				Admin: handlers.Admin(args),
				Links: []link{
					{"quimby", "/"},
					{"admin", "/admin.html"},
				},
			},
			QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
		}
		templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
	} else {
		w.Header().Set("Location", "/admin.html")
		w.WriteHeader(http.StatusFound)
	}
}
Пример #4
0
func getPasswd(u *quimby.User) {
	fmt.Printf("password: "******"again: ")
	b2, err := gopass.GetPasswd()
	if err != nil {
		log.Fatal(err)
	}
	p2 := string(b2)
	if p1 != p2 {
		log.Fatal("passwords don't match")
	}
	u.Password = p1
}
Пример #5
0
func genPasswd(u *quimby.User) {
	u.Password = randString(32)
}