示例#1
0
// Log out a user by changing the loggedin value
func GenerateLogoutCurrentUser(state pinterface.IUserState) SimpleContextHandle {
	return func(ctx *web.Context) string {
		username := state.Username(ctx.Request)
		if username == "" {
			return MessageOKback("Logout", "No user to log out")
		}
		if !state.HasUser(username) {
			return MessageOKback("Logout", "user "+username+" does not exist, could not log out")
		}

		// Log out the user by changing the database, the cookie can stay
		state.SetLoggedOut(username)

		// Redirect
		//ctx.SetHeader("Refresh", "0; url=/login", true)
		return MessageOKurl("Logout", username+" is now logged out. Hope to see you soon!", "/login")
	}
}
示例#2
0
// TODO: Undo for removing users
// Remove a user
func GenerateRemoveUser(state pinterface.IUserState) WebHandle {
	return func(ctx *web.Context, username string) string {
		if !state.AdminRights(ctx.Request) {
			return MessageOKback("Remove user", "Not logged in as Administrator")
		}

		if username == "" {
			return MessageOKback("Remove user", "Can't remove blank user")
		}
		if !state.HasUser(username) {
			return MessageOKback("Remove user", username+" doesn't exists, could not remove")
		}

		// Remove the user
		state.RemoveUser(username)

		return MessageOKurl("Remove user", "OK, removed "+username, "/admin")
	}
}
示例#3
0
func GenerateStatusUser(state pinterface.IUserState) WebHandle {
	return func(ctx *web.Context, username string) string {
		if username == "" {
			return MessageOKback("Status", "No username given")
		}
		if !state.HasUser(username) {
			return MessageOKback("Status", username+" does not exist")
		}
		loggedinStatus := "not logged in"
		if state.IsLoggedIn(username) {
			loggedinStatus = "logged in"
		}
		confirmStatus := "email has not been confirmed"
		if state.IsConfirmed(username) {
			confirmStatus = "email has been confirmed"
		}
		return MessageOKback("Status", username+" is "+loggedinStatus+" and "+confirmStatus)
	}
}
示例#4
0
func GenerateStatusCurrentUser(state pinterface.IUserState) SimpleContextHandle {
	return func(ctx *web.Context) string {
		if !state.AdminRights(ctx.Request) {
			return MessageOKback("Status", "Not logged in as Administrator")
		}
		username := state.Username(ctx.Request)
		if username == "" {
			return MessageOKback("Current user status", "No user logged in")
		}
		hasUser := state.HasUser(username)
		if !hasUser {
			return MessageOKback("Current user status", username+" does not exist")
		}
		if !(state.IsLoggedIn(username)) {
			return MessageOKback("Current user status", "User "+username+" is not logged in")
		}
		return MessageOKback("Current user status", "User "+username+" is logged in")
	}
}
示例#5
0
// Create a user by adding the username to the list of usernames
func GenerateConfirmUser(state pinterface.IUserState) WebHandle {
	return func(ctx *web.Context, val string) string {
		confirmationCode := val

		unconfirmedUsernames, err := state.AllUnconfirmedUsernames()
		if err != nil {
			return MessageOKurl("Confirmation", "All users are confirmed already.", "/register")
		}

		// Find the username by looking up the confirmationCode on unconfirmed users
		username := ""
		for _, aUsername := range unconfirmedUsernames {
			aConfirmationCode, err := state.ConfirmationCode(aUsername)
			if err != nil {
				// If the confirmation code can not be found, just skip this one
				continue
			}
			if confirmationCode == aConfirmationCode {
				// Found the right user
				username = aUsername
				break
			}
		}

		// Check that the user is there
		if username == "" {
			// Say "no longer" because we don't care about people that just try random confirmation links
			return MessageOKurl("Confirmation", "The confirmation link is no longer valid.", "/register")
		}
		hasUser := state.HasUser(username)
		if !hasUser {
			return MessageOKurl("Confirmation", "The user you wish to confirm does not exist anymore.", "/register")
		}

		// Remove from the list of unconfirmed usernames
		state.RemoveUnconfirmed(username)

		// Mark user as confirmed
		state.MarkConfirmed(username)

		return MessageOKurl("Confirmation", "Thank you "+username+", you can now log in.", "/login")
	}
}
示例#6
0
// Log in a user by changing the loggedin value
func GenerateLoginUser(state pinterface.IUserState) WebHandle {
	return func(ctx *web.Context, val string) string {
		// Fetch password from ctx
		password, found := ctx.Params["password"]
		if !found {
			return MessageOKback("Login", "Can't log in without a password.")
		}
		username := val
		if username == "" {
			return MessageOKback("Login", "Can't log in with a blank username.")
		}
		if !state.HasUser(username) {
			return MessageOKback("Login", "User "+username+" does not exist, could not log in.")
		}
		if !state.IsConfirmed(username) {
			return MessageOKback("Login", "The email for "+username+" has not been confirmed, check your email and follow the link.")
		}
		if !state.CorrectPassword(username, password) {
			return MessageOKback("Login", "Wrong password.")
		}

		// Log in the user by changing the database and setting a secure cookie
		state.SetLoggedIn(username)

		// Also store the username in the browser
		state.SetUsernameCookie(ctx.ResponseWriter, username)

		// TODO: Use a welcoming messageOK where the user can see when he/she last logged in and from which host

		if username == "admin" {
			ctx.SetHeader("Refresh", "0; url=/admin", true)
		} else {
			// TODO: Redirect to the page the user was at before logging in
			ctx.SetHeader("Refresh", "0; url=/", true)
		}

		return ""
	}
}
示例#7
0
func GenerateToggleAdmin(state pinterface.IUserState) WebHandle {
	return func(ctx *web.Context, username string) string {
		if !state.AdminRights(ctx.Request) {
			return MessageOKback("Admin toggle", "Not logged in as Administrator")
		}
		if username == "" {
			return MessageOKback("Admin toggle", "Can't set toggle empty username")
		}
		if !state.HasUser(username) {
			return MessageOKback("Admin toggle", "Can't toggle non-existing user")
		}
		// A special case
		if username == "admin" {
			return MessageOKback("Admin toggle", "Can't remove admin rights from the admin user")
		}
		if !state.IsAdmin(username) {
			state.SetAdminStatus(username)
			return MessageOKurl("Admin toggle", "OK, "+username+" is now an admin", "/admin")
		}
		state.RemoveAdminStatus(username)
		return MessageOKurl("Admin toggle", "OK, "+username+" is now a regular user", "/admin")
	}
}
示例#8
0
// Make functions related to users and permissions available to Lua scripts
func exportUserstate(w http.ResponseWriter, req *http.Request, L *lua.LState, userstate pinterface.IUserState) {
	// Check if the current user has "user rights", returns bool
	// Takes no arguments
	L.SetGlobal("UserRights", L.NewFunction(func(L *lua.LState) int {
		L.Push(lua.LBool(userstate.UserRights(req)))
		return 1 // number of results
	}))
	// Check if the given username exists, returns bool
	// Takes a username
	L.SetGlobal("HasUser", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LBool(userstate.HasUser(username)))
		return 1 // number of results
	}))
	// Get the value from the given boolean field, returns bool
	// Takes a username and fieldname
	L.SetGlobal("BooleanField", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		fieldname := L.ToString(2)
		L.Push(lua.LBool(userstate.BooleanField(username, fieldname)))
		return 1 // number of results
	}))
	// Save a value as a boolean field, returns nothing
	// Takes a username, fieldname and boolean value
	L.SetGlobal("SetBooleanField", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		fieldname := L.ToString(2)
		value := L.ToBool(3)
		userstate.SetBooleanField(username, fieldname, value)
		return 0 // number of results
	}))
	// Check if a given username is confirmed, returns a bool
	// Takes a username
	L.SetGlobal("IsConfirmed", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LBool(userstate.IsConfirmed(username)))
		return 1 // number of results
	}))
	// Check if a given username is logged in, returns a bool
	// Takes a username
	L.SetGlobal("IsLoggedIn", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LBool(userstate.IsLoggedIn(username)))
		return 1 // number of results
	}))
	// Check if the current user has "admin rights", returns a bool
	// Takes no arguments.
	L.SetGlobal("AdminRights", L.NewFunction(func(L *lua.LState) int {
		L.Push(lua.LBool(userstate.AdminRights(req)))
		return 1 // number of results
	}))
	// Check if a given username is an admin, returns a bool
	// Takes a username
	L.SetGlobal("IsAdmin", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LBool(userstate.IsAdmin(username)))
		return 1 // number of results
	}))
	// Get the username stored in a cookie, or an empty string
	// Takes no arguments
	L.SetGlobal("UsernameCookie", L.NewFunction(func(L *lua.LState) int {
		username, err := userstate.UsernameCookie(req)
		var result lua.LString
		if err != nil {
			result = lua.LString("")
		} else {
			result = lua.LString(username)
		}
		L.Push(result)
		return 1 // number of results
	}))
	// Store the username in a cookie, returns true if successful
	// Takes a username
	L.SetGlobal("SetUsernameCookie", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LBool(nil == userstate.SetUsernameCookie(w, username)))
		return 1 // number of results
	}))
	// Clear the user cookie. The result depends on the browser.
	L.SetGlobal("ClearCookie", L.NewFunction(func(L *lua.LState) int {
		userstate.ClearCookie(w)
		return 0 // number of results
	}))
	// Get the username stored in a cookie, or an empty string
	// Takes no arguments
	L.SetGlobal("AllUsernames", L.NewFunction(func(L *lua.LState) int {
		usernames, err := userstate.AllUsernames()
		var table *lua.LTable
		if err != nil {
			table = L.NewTable()
		} else {
			table = strings2table(L, usernames)
		}
		L.Push(table)
		return 1 // number of results
	}))
	// Get the email for a given username, or an empty string
	// Takes a username
	L.SetGlobal("Email", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		email, err := userstate.Email(username)
		var result lua.LString
		if err != nil {
			result = lua.LString("")
		} else {
			result = lua.LString(email)
		}
		L.Push(result)
		return 1 // number of results
	}))
	// Get the password hash for a given username, or an empty string
	// Takes a username
	L.SetGlobal("PasswordHash", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		pw, err := userstate.PasswordHash(username)
		var result lua.LString
		if err != nil {
			result = lua.LString("")
		} else {
			result = lua.LString(pw)
		}
		L.Push(result)
		return 1 // number of results
	}))
	// Get all unconfirmed usernames
	// Takes no arguments
	L.SetGlobal("AllUnconfirmedUsernames", L.NewFunction(func(L *lua.LState) int {
		usernames, err := userstate.AllUnconfirmedUsernames()
		var table *lua.LTable
		if err != nil {
			table = L.NewTable()
		} else {
			table = strings2table(L, usernames)
		}
		L.Push(table)
		return 1 // number of results
	}))
	// Get a confirmation code that can be given to a user, or an empty string
	// Takes a username
	L.SetGlobal("ConfirmationCode", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		pw, err := userstate.ConfirmationCode(username)
		var result lua.LString
		if err != nil {
			result = lua.LString("")
		} else {
			result = lua.LString(pw)
		}
		L.Push(result)
		return 1 // number of results
	}))
	// Add a user to the list of unconfirmed users, returns nothing
	// Takes a username and a confirmation code
	L.SetGlobal("AddUnconfirmed", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		confirmationCode := L.ToString(2)
		userstate.AddUnconfirmed(username, confirmationCode)
		return 0 // number of results
	}))
	// Remove a user from the list of unconfirmed users, returns nothing
	// Takes a username
	L.SetGlobal("RemoveUnconfirmed", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.RemoveUnconfirmed(username)
		return 0 // number of results
	}))
	// Mark a user as confirmed, returns nothing
	// Takes a username
	L.SetGlobal("MarkConfirmed", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.MarkConfirmed(username)
		return 0 // number of results
	}))
	// Removes a user, returns nothing
	// Takes a username
	L.SetGlobal("RemoveUser", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.RemoveUser(username)
		return 0 // number of results
	}))
	// Make a user an admin, returns nothing
	// Takes a username
	L.SetGlobal("SetAdminStatus", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.SetAdminStatus(username)
		return 0 // number of results
	}))
	// Make an admin user a regular user, returns nothing
	// Takes a username
	L.SetGlobal("RemoveAdminStatus", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.RemoveAdminStatus(username)
		return 0 // number of results
	}))
	// Add a user, returns nothing
	// Takes a username, password and email
	L.SetGlobal("AddUser", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		password := L.ToString(2)
		email := L.ToString(3)
		userstate.AddUser(username, password, email)
		return 0 // number of results
	}))
	// Set a user as logged in on the server (not cookie), returns nothing
	// Takes a username
	L.SetGlobal("SetLoggedIn", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.SetLoggedIn(username)
		return 0 // number of results
	}))
	// Set a user as logged out on the server (not cookie), returns nothing
	// Takes a username
	L.SetGlobal("SetLoggedOut", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.SetLoggedOut(username)
		return 0 // number of results
	}))
	// Log in a user, both on the server and with a cookie.
	// Returns true of successful.
	// Takes a username
	L.SetGlobal("Login", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LBool(nil == userstate.Login(w, username)))
		return 1 // number of results
	}))
	// Logs out a user, on the server (which is enough). Returns nothing
	// Takes a username
	L.SetGlobal("Logout", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.Logout(username)
		return 0 // number of results
	}))
	// Get the current username, from the cookie
	// Takes nothing
	L.SetGlobal("Username", L.NewFunction(func(L *lua.LState) int {
		username := userstate.Username(req)
		L.Push(lua.LString(username))
		return 1 // number of results
	}))
	// Get the current cookie timeout
	// Takes a username
	L.SetGlobal("CookieTimeout", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		L.Push(lua.LNumber(userstate.CookieTimeout(username)))
		return 1 // number of results
	}))
	// Set the current cookie timeout
	// Takes a timeout number, measured in seconds
	L.SetGlobal("SetCookieTimeout", L.NewFunction(func(L *lua.LState) int {
		timeout := int64(L.ToNumber(1))
		userstate.SetCookieTimeout(timeout)
		return 0 // number of results
	}))
	// Get the current password hashing algorithm (bcrypt, bcrypt+ or sha256)
	// Takes nothing
	L.SetGlobal("PasswordAlgo", L.NewFunction(func(L *lua.LState) int {
		algorithm := userstate.PasswordAlgo()
		L.Push(lua.LString(algorithm))
		return 1 // number of results
	}))
	// Set the current password hashing algorithm (bcrypt, bcrypt+ or sha256)
	// Takes a string
	L.SetGlobal("SetPasswordAlgo", L.NewFunction(func(L *lua.LState) int {
		algorithm := L.ToString(1)
		userstate.SetPasswordAlgo(algorithm)
		return 0 // number of results
	}))
	// Hash the password, returns a string
	// Takes a username and password (username can be used for salting)
	L.SetGlobal("HashPassword", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		password := L.ToString(2)
		L.Push(lua.LString(userstate.HashPassword(username, password)))
		return 1 // number of results
	}))
	// Check if a given username and password is correct, returns a bool
	// Takes a username and password
	L.SetGlobal("CorrectPassword", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		password := L.ToString(2)
		L.Push(lua.LBool(userstate.CorrectPassword(username, password)))
		return 1 // number of results
	}))
	// Checks if a confirmation code is already in use, returns a bool
	// Takes a confirmation code
	L.SetGlobal("AlreadyHasConfirmationCode", L.NewFunction(func(L *lua.LState) int {
		confirmationCode := L.ToString(1)
		L.Push(lua.LBool(userstate.AlreadyHasConfirmationCode(confirmationCode)))
		return 1 // number of results
	}))
	// Find a username based on a given confirmation code, or returns an empty string
	// Takes a confirmation code
	L.SetGlobal("FindUserByConfirmationCode", L.NewFunction(func(L *lua.LState) int {
		confirmationCode := L.ToString(1)
		username, err := userstate.FindUserByConfirmationCode(confirmationCode)
		var result lua.LString
		if err != nil {
			result = lua.LString("")
		} else {
			result = lua.LString(username)
		}
		L.Push(result)
		return 1 // number of results
	}))
	// Mark a user as confirmed, returns nothing
	// Takes a username
	L.SetGlobal("Confirm", L.NewFunction(func(L *lua.LState) int {
		username := L.ToString(1)
		userstate.Confirm(username)
		return 0 // number of results
	}))
	// Mark a user as confirmed, returns true if successful.
	// Takes a confirmation code.
	L.SetGlobal("ConfirmUserByConfirmationCode", L.NewFunction(func(L *lua.LState) int {
		confirmationCode := L.ToString(1)
		L.Push(lua.LBool(nil == userstate.ConfirmUserByConfirmationCode(confirmationCode)))
		return 1 // number of results
	}))
	// Set the minimum confirmation code length
	// Takes the minimum number of characters
	L.SetGlobal("SetMinimumConfirmationCodeLength", L.NewFunction(func(L *lua.LState) int {
		length := int(L.ToNumber(1))
		userstate.SetMinimumConfirmationCodeLength(length)
		return 0 // number of results
	}))
	// Generates and returns a unique confirmation code, or an empty string
	// Takes no parameters
	L.SetGlobal("GenerateUniqueConfirmationCode", L.NewFunction(func(L *lua.LState) int {
		confirmationCode, err := userstate.GenerateUniqueConfirmationCode()
		var result lua.LString
		if err != nil {
			result = lua.LString("")
		} else {
			result = lua.LString(confirmationCode)
		}
		L.Push(result)
		return 1 // number of results
	}))
}
示例#9
0
// Register a new user, site is ie. "archlinux.no"
func GenerateRegisterUser(state pinterface.IUserState, site string) WebHandle {
	return func(ctx *web.Context, val string) string {

		// Password checks
		password1, found := ctx.Params["password1"]
		if password1 == "" || !found {
			return MessageOKback("Register", "Can't register without a password.")
		}
		password2, found := ctx.Params["password2"]
		if password2 == "" || !found {
			return MessageOKback("Register", "Please confirm the password by typing it in twice.")
		}
		if password1 != password2 {
			return MessageOKback("Register", "The password and confirmation password must be equal.")
		}

		// Email checks
		email, found := ctx.Params["email"]
		if !found {
			return MessageOKback("Register", "Can't register without an email address.")
		}
		// must have @ and ., but no " "
		if !strings.Contains(email, "@") || !strings.Contains(email, ".") || strings.Contains(email, " ") {
			return MessageOKback("Register", "Please use a valid email address.")
		}
		if email != CleanUserInput(email) {
			return MessageOKback("Register", "The sanitized email differs from the given email.")
		}

		// Username checks
		username := val
		if username == "" {
			return MessageOKback("Register", "Can't register without a username.")
		}
		if state.HasUser(username) {
			return MessageOKback("Register", "That user already exists, try another username.")
		}

		// Only some letters are allowed in the username
		err := permissions.ValidUsernamePassword(username, password1)
		if err != nil {
			return MessageOKback("Register", err.Error())
		}

		adminuser := false
		// A special case
		if username == "admin" {
			// The first user to register with the username "admin" becomes the administrator
			adminuser = true
		}

		// Register the user
		state.AddUser(username, password1, email)

		// Mark user as administrator if that is the case
		if adminuser {
			// Set admin status
			state.SetAdminStatus(username)
		}

		confirmationCode, err := state.GenerateUniqueConfirmationCode()
		if err != nil {
			panic(err.Error())
		}

		// If registering the admin user (first user on the system), don't send a confirmation email, just register it
		if adminuser {

			// Mark user as confirmed
			state.MarkConfirmed(username)

			// Redirect
			return MessageOKurl("Registration complete", "Thanks for registering, the admin user has been created.", "/login")

		}

		// Send confirmation email
		ConfirmationEmail(site, "https://"+site+"/confirm/"+confirmationCode, username, email)

		// Register the need to be confirmed
		state.AddUnconfirmed(username, confirmationCode)

		// Redirect
		return MessageOKurl("Registration complete", "Thanks for registering, the confirmation e-mail has been sent.", "/login")
	}
}