func (a Authorizer) AddUser(user models.User, password string) error { if user.Username == "" { logger.Get().Error("no user name given") return mkerror("no username given") } if user.Email == "" { logger.Get().Error("no email given") return mkerror("no email given") } if password == "" { logger.Get().Error("no password given") return mkerror("no password given") } //Set the usertype to internal user.Type = authprovider.Internal user.Status = true // Validate username _, err := a.userDao.User(user.Username) if err == nil { return mkerror("user already exists") } else if err.Error() != ErrMissingUser.Error() { if err != nil { logger.Get().Error("Error retrieving user: %s. error: %v", user.Username, err) return mkerror(err.Error()) } return nil } // Generate and save hash hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { logger.Get().Error("couldn't save password for user: %s. error: %v", user.Username, err) return mkerror("couldn't save password: "******"" { user.Role = a.defaultRole } else { if _, ok := a.roles[user.Role]; !ok { logger.Get().Error("Non Existing Role: %s", user.Role) return mkerror("non-existant role") } } err = a.userDao.SaveUser(user) if err != nil { logger.Get().Error("Erro Saving the User: %s. error: %v", user, err) return mkerror(err.Error()) } return nil }
// List the LDAP users func (a Authorizer) ListExternalUsers(search string, page, count int) (externalUsers models.ExternalUsers, err error) { directory, err := a.GetDirectory() if err != nil { return externalUsers, err } url := GetUrl(directory.LdapServer, directory.Port) DisplayName := "DisplayName" FirstName := "CN" LastName := "SN" Email := "mail" if directory.DisplayName != "" { DisplayName = directory.DisplayName } if directory.FirstName != "" { FirstName = directory.FirstName } if directory.LastName != "" { LastName = directory.LastName } if directory.Email != "" { Email = directory.Email } ldap, err := openldap.Initialize(url) if err != nil { logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err) return externalUsers, err } if directory.DomainAdmin != "" { block, err := aes.NewCipher([]byte(CipherKey)) if err != nil { logger.Get().Error("failed to generate new cipher") return externalUsers, nil } ciphertext := []byte(directory.Password) iv := ciphertext[:aes.BlockSize] stream := cipher.NewOFB(block, iv) hkey := make([]byte, 100) stream = cipher.NewOFB(block, iv) stream.XORKeyStream(hkey, ciphertext[aes.BlockSize:]) err = ldap.Bind(fmt.Sprintf("%s=%s,%s", directory.Uid, directory.DomainAdmin, directory.Base), string(hkey)) if err != nil { logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err) return externalUsers, err } } scope := openldap.LDAP_SCOPE_SUBTREE // If the search string is empty, it will list all the users // If the search string contains 'mail=tjey*' it will returns the list of all // users start with 'tjey' // If the search string contains 'tim' this will return list of all users // names contains the word 'tim' // Possible search strings 'mail=t*redhat.com' / 'tim*' / '*john*' / '*peter' filter := "(objectclass=*)" if len(search) > 0 { if strings.Contains(search, "=") { filter = fmt.Sprintf("(%s*)", search) } else if strings.Contains(search, "*") { filter = fmt.Sprintf("(%s=%s)", directory.Uid, search) } else { filter = fmt.Sprintf("(%s=*%s*)", directory.Uid, search) } } attributes := []string{directory.Uid, DisplayName, FirstName, LastName, Email} rv, err := ldap.SearchAll(directory.Base, scope, filter, attributes) if err != nil { logger.Get().Error("Failed to search LDAP/AD server. error: %v", err) return externalUsers, err } from := (page-1)*count + 1 to := from + count - 1 i := 0 for _, entry := range rv.Entries() { i++ if i < from { continue } if i > to { break } user := models.User{} for _, attr := range entry.Attributes() { switch attr.Name() { case directory.Uid: user.Username = strings.Join(attr.Values(), ", ") case Email: user.Email = strings.Join(attr.Values(), ", ") // Some setup may have an attribute like mail or email // or operator can't be used between strings to combind cases case "email": user.Email = strings.Join(attr.Values(), ", ") case FirstName: user.FirstName = strings.Join(attr.Values(), ", ") case LastName: user.LastName = strings.Join(attr.Values(), ", ") } } // Assiging the default roles user.Role = a.defaultRole user.Groups = append(user.Groups, a.defaultGroup) user.Type = authprovider.External if len(user.Username) != 0 { externalUsers.Users = append(externalUsers.Users, user) } } externalUsers.TotalCount = rv.Count() externalUsers.StartIndex = from externalUsers.EndIndex = to if externalUsers.EndIndex > externalUsers.TotalCount { externalUsers.EndIndex = externalUsers.TotalCount } return externalUsers, nil }
func (a *App) addUsers(rw http.ResponseWriter, req *http.Request) { ctxt, err := GetContext(req) if err != nil { logger.Get().Error("Error Getting the context. error: %v", err) } var user models.User body, err := ioutil.ReadAll(req.Body) if err != nil { logger.Get().Error("%s-Error parsing http request body:%s", ctxt, err) HandleHttpError(rw, err) return } var m map[string]interface{} if err = json.Unmarshal(body, &m); err != nil { logger.Get().Error("%s-Unable to Unmarshall the data:%s", ctxt, err) HandleHttpError(rw, err) return } var password string if val, ok := m["username"]; ok { user.Username = val.(string) } if val, ok := m["email"]; ok { user.Email = val.(string) } if val, ok := m["role"]; ok { user.Role = val.(string) } if val, ok := m["type"]; ok { user.Type = int(val.(float64)) } if val, ok := m["firstname"]; ok { user.FirstName = val.(string) } if val, ok := m["lastname"]; ok { user.LastName = val.(string) } if val, ok := m["notificationenabled"]; ok { if user.Email == "" { user.NotificationEnabled = false } else { user.NotificationEnabled = val.(bool) } } if val, ok := m["password"]; ok { password = val.(string) } if err := GetAuthProvider().AddUser(user, password); err != nil { if err := logAuditEvent( EventTypes["USER_ADDED"], fmt.Sprintf("Addition of user: %s failed", user.Username), fmt.Sprintf("Addition of user: %s failed. Reason: %v", user.Username, err), nil, nil, models.NOTIFICATION_ENTITY_USER, nil, false, ctxt); err != nil { logger.Get().Error("%s- Unable to log User event. Error: %v", ctxt, err) } logger.Get().Error("%s-Unable to create User:%s", ctxt, err) HandleHttpError(rw, err) return } if err := logAuditEvent( EventTypes["USER_ADDED"], fmt.Sprintf("New user: %s added to skyring", user.Username), fmt.Sprintf("New user: %s with role: %s added to skyring", user.Username, user.Role), nil, nil, models.NOTIFICATION_ENTITY_USER, nil, false, ctxt); err != nil { logger.Get().Error("%s- Unable to log User event. Error: %v", ctxt, err) } }