func (a Authorizer) AddUser(user models.User, password string) error {
if user.Username == "" {
logger.Get().Error("no user name given")
return mkerror("no username given")
}
if user.Email == "" {
logger.Get().Error("no email given")
return mkerror("no email given")
}
if password == "" {
logger.Get().Error("no password given")
return mkerror("no password given")
}
//Set the usertype to internal
user.Type = authprovider.Internal
user.Status = true
// Validate username
_, err := a.userDao.User(user.Username)
if err == nil {
logger.Get().Error("Username: %s already exists", user.Username)
return mkerror("user already exists")
} else if err.Error() != ErrMissingUser.Error() {
if err != nil {
logger.Get().Error("Error retrieving user: %s. error: %v", user.Username, err)
return mkerror(err.Error())
}
return nil
}
// Generate and save hash
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
logger.Get().Error("couldn't save password for user: %s. error: %v", user.Username, err)
return mkerror("couldn't save password: "******"" {
user.Role = a.defaultRole
} else {
if _, ok := a.roles[user.Role]; !ok {
logger.Get().Error("Non Existing Role: %s", user.Role)
return mkerror("non-existant role")
}
}
err = a.userDao.SaveUser(user)
if err != nil {
logger.Get().Error("Erro Saving the User: %s. error: %v", user, err)
return mkerror(err.Error())
}
return nil
}
func (a *App) addUsers(rw http.ResponseWriter, req *http.Request) {
var user models.User
body, err := ioutil.ReadAll(req.Body)
if err != nil {
logger.Get().Error("Error parsing http request body:%s", err)
util.HandleHttpError(rw, err)
return
}
var m map[string]interface{}
if err = json.Unmarshal(body, &m); err != nil {
logger.Get().Error("Unable to Unmarshall the data:%s", err)
util.HandleHttpError(rw, err)
return
}
var password string
if val, ok := m["username"]; ok {
user.Username = val.(string)
}
if val, ok := m["email"]; ok {
user.Email = val.(string)
}
if val, ok := m["role"]; ok {
user.Role = val.(string)
}
if val, ok := m["type"]; ok {
user.Type = int(val.(float64))
}
if val, ok := m["firstname"]; ok {
user.FirstName = val.(string)
}
if val, ok := m["lastname"]; ok {
user.LastName = val.(string)
}
if val, ok := m["notificationenabled"]; ok {
user.NotificationEnabled = val.(bool)
}
if val, ok := m["password"]; ok {
password = val.(string)
}
if err := GetAuthProvider().AddUser(user, password); err != nil {
logger.Get().Error("Unable to create User:%s", err)
util.HandleHttpError(rw, err)
return
}
}
// List the LDAP users
func (a Authorizer) ListExternalUsers() (users []models.User, err error) {
url := GetUrl(a.directory.Address, a.directory.Port)
Uid := "Uid"
DisplayName := "DisplayName"
FullName := "CN"
if a.directory.Uid != "" {
Uid = a.directory.Uid
}
if a.directory.DisplayName != "" {
DisplayName = a.directory.DisplayName
}
if a.directory.FullName != "" {
FullName = a.directory.FullName
}
ldap, err := openldap.Initialize(url)
if err != nil {
logger.Get().Error("failed to connect the LDAP/AD server. error: %v", err)
return nil, err
}
if a.directory.DomainAdmin != "" {
err = ldap.Bind(fmt.Sprintf("%s=%s,%s", Uid, a.directory.DomainAdmin, a.directory.Base), a.directory.Password)
if err != nil {
logger.Get().Error("Error binding to LDAP Server:%s. error: %v", url, err)
return nil, err
}
}
scope := openldap.LDAP_SCOPE_SUBTREE
filter := "(objectclass=*)"
attributes := []string{Uid, DisplayName, FullName, "Mail"}
rv, err := ldap.SearchAll(a.directory.Base, scope, filter, attributes)
if err != nil {
logger.Get().Error("Failed to search LDAP/AD server. error: %v", err)
return nil, err
}
for _, entry := range rv.Entries() {
user := models.User{}
fullName := ""
for _, attr := range entry.Attributes() {
switch attr.Name() {
case Uid:
user.Username = strings.Join(attr.Values(), ", ")
case "Mail":
user.Email = strings.Join(attr.Values(), ", ")
case DisplayName:
user.FirstName = strings.Join(attr.Values(), ", ")
case FullName:
fullName = strings.Join(attr.Values(), ", ")
}
if len(fullName) != 0 && len(user.FirstName) != 0 {
lastName := strings.Split(fullName, user.FirstName)
if len(lastName) > 1 {
user.LastName = strings.TrimSpace(lastName[1])
}
}
}
// Assiging the default roles
user.Role = a.defaultRole
user.Groups = append(user.Groups, a.defaultGroup)
user.Type = authprovider.External
if len(user.Username) != 0 {
users = append(users, user)
}
}
return users, nil
}