This commit is contained in:
@@ -3,6 +3,7 @@ package models
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"smt/utils/token"
|
||||
@@ -35,7 +36,7 @@ func (u *User) SaveUser() (*User, error) {
|
||||
_, err = GetUserByName(u.UserName)
|
||||
if err != nil && err.Error() == "user not found" {
|
||||
log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName)
|
||||
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password) VALUES (:RoleId, :UserName, :Password)`), u)
|
||||
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password, LdapUser, LdapDn) VALUES (:RoleId, :UserName, :Password, :LdapUser, :LdapDN)`), u)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("SaveUser error executing sql record : '%s'\n", err)
|
||||
@@ -95,11 +96,20 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
if err == sql.ErrNoRows {
|
||||
// check LDAP if enabled
|
||||
if LdapEnabled {
|
||||
//check, err := LdapLoginCheck(username, password)
|
||||
check := VerifyLdapCreds(username, password)
|
||||
if check {
|
||||
u.UserId = StoreLdapUser(username)
|
||||
ldapUser, err := LdapLoginCheck(username, password)
|
||||
if err != nil {
|
||||
errString := fmt.Sprintf("LoginCheck erro checking LDAP for user : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return "", errors.New(errString)
|
||||
|
||||
}
|
||||
|
||||
if ldapUser == (User{}) {
|
||||
errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
|
||||
log.Print(errString)
|
||||
return "", errors.New(errString)
|
||||
}
|
||||
|
||||
} else {
|
||||
return "", errors.New("specified user not found in database")
|
||||
}
|
||||
@@ -110,9 +120,6 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
log.Printf("LoginCheck retrieved user '%v' from database\n", u)
|
||||
}
|
||||
|
||||
// TODO : attempt ldap bind
|
||||
//VerifyLdapCreds(username, password)
|
||||
|
||||
err = VerifyPassword(password, u.Password)
|
||||
|
||||
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
|
||||
@@ -133,6 +140,46 @@ func LoginCheck(username string, password string) (string, error) {
|
||||
|
||||
}
|
||||
|
||||
func LdapLoginCheck(username string, password string) (User, error) {
|
||||
var u User
|
||||
|
||||
// try to get LDAP group membership
|
||||
groups, err := GetLdapGroupMembership(username, password)
|
||||
if err != nil {
|
||||
if err.Error() == "invalid user credentials" {
|
||||
return u, nil
|
||||
} else {
|
||||
return u, err
|
||||
}
|
||||
}
|
||||
|
||||
// Compare all roles against the list of user's group membership
|
||||
roleList, err := QueryRoles()
|
||||
if err != nil {
|
||||
return u, err
|
||||
}
|
||||
|
||||
matchFound := false
|
||||
for _, role := range roleList {
|
||||
for _, group := range groups {
|
||||
if role.LdapGroup == group {
|
||||
log.Printf("Found match, user is allowed role ID '%d'\n", role.RoleId)
|
||||
matchFound = true
|
||||
break
|
||||
} else {
|
||||
log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if matchFound {
|
||||
// If we found a match, then store user with appropriate role ID
|
||||
u.UserId = StoreLdapUser(username)
|
||||
}
|
||||
|
||||
return u, nil
|
||||
}
|
||||
|
||||
// StoreLdapUser creates a user record in the database and returns the corresponding userId
|
||||
func StoreLdapUser(username string) int {
|
||||
|
||||
@@ -180,7 +227,7 @@ func GetUserRoleByID(uid uint) (UserRole, error) {
|
||||
|
||||
// Query database for matching user object
|
||||
log.Printf("GetUserRoleByID querying for userid '%d'\n", uid)
|
||||
err := db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", uid).StructScan(&ur)
|
||||
err := db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", uid).StructScan(&ur)
|
||||
if err != nil {
|
||||
log.Printf("GetUserRoleByID received error when querying database : '%s'\n", err)
|
||||
return ur, errors.New("GetUserRoleByID user not found")
|
||||
@@ -202,7 +249,7 @@ func GetUserRoleFromToken(c *gin.Context) (UserRole, error) {
|
||||
|
||||
// Query database for matching user object
|
||||
log.Printf("GetUserRoleFromToken querying for userid '%d'\n", user_id)
|
||||
err = db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", user_id).StructScan(&ur)
|
||||
err = db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", user_id).StructScan(&ur)
|
||||
if err != nil {
|
||||
log.Printf("GetUserRoleFromToken received error when querying database : '%s'\n", err)
|
||||
return ur, errors.New("GetUserRoleFromToken user not found")
|
||||
|
||||
Reference in New Issue
Block a user