package models import ( "database/sql" "errors" "fmt" "log" "net/http" "smt/utils/token" "github.com/gin-gonic/gin" "golang.org/x/crypto/bcrypt" ) type User struct { UserId int `db:"UserId" json:"userId"` RoleId int `db:"RoleId" json:"roleId"` UserName string `db:"UserName" json:"userName"` Password string `db:"Password" json:"-"` LdapUser bool `db:"LdapUser" json:"ldapUser"` LdapDn string `db:"LdapDN" json:"ldapDn"` } type UserRole struct { User RoleName string `db:"RoleName"` ReadOnly bool `db:"ReadOnly"` Admin bool `db:"Admin"` } func (u *User) SaveUser() (*User, error) { var err error // Validate username not already in use _, err = GetUserByName(u.UserName) if err != nil && err.Error() == "user not found" { log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName) result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password, LdapUser, LdapDn) VALUES (:RoleId, :UserName, :Password, :LdapUser, :LdapDN)`), u) if err != nil { log.Printf("SaveUser error executing sql record : '%s'\n", err) return &User{}, err } else { affected, _ := result.RowsAffected() id, _ := result.LastInsertId() log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected) } } else { log.Printf("SaveUser Username already exists : '%v'\n", err) } return u, nil } func (u *User) DeleteUser() error { // Validate username exists _, err := GetUserByName(u.UserName) if err != nil { log.Printf("DeleteUser error finding user account to remove : '%s'\n", err) return err } else { log.Printf("DeleteUser confirmed user exists, continuing with deletion of user '%s'\n", u.UserName) result, err := db.NamedExec((`DELETE FROM users WHERE UserName = :UserName`), u) if err != nil { log.Printf("DeleteUser error executing sql delete : '%s'\n", err) return err } else { affected, _ := result.RowsAffected() id, _ := result.LastInsertId() log.Printf("DeleteUser returned result id '%d' affecting %d row(s).\n", id, affected) } } return nil } func VerifyPassword(password, hashedPassword string) error { log.Printf("VerifyPassword comparing input against hashed value '%s'\n", hashedPassword) return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) } func LoginCheck(username string, password string) (string, error) { var err error u := User{} // Query database for matching user object err = db.QueryRowx("SELECT * FROM Users WHERE Username=?", username).StructScan(&u) if err != nil { if err == sql.ErrNoRows { // check LDAP if enabled if LdapEnabled { ldapUser, err := LdapLoginCheck(username, password) if err != nil { errString := fmt.Sprintf("LoginCheck error checking LDAP for user : '%s'\n", err) log.Print(errString) return "", errors.New(errString) } if ldapUser == (User{}) { errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err) log.Print(errString) return "", errors.New(errString) } else { u = ldapUser } } else { // LDAP is not enabled, if user is not in the database then they can't login return "", errors.New("specified user not found in database") } } } else { log.Printf("LoginCheck retrieved user '%v' from database\n", u) } if !u.LdapUser { err = VerifyPassword(password, u.Password) if err != nil && err == bcrypt.ErrMismatchedHashAndPassword { log.Printf("LoginCheck says password doesn't match stored hash.\n") return "", err } else { log.Printf("LoginCheck verified password against stored hash.\n") } } else { log.Printf("LoginCheck no need to verify password in database for LDAP user\n") } token, err := token.GenerateToken(uint(u.UserId)) if err != nil { log.Printf("LoginCheck error generating token : '%s'\n", err) return "", err } return token, nil } func LdapLoginCheck(username string, password string) (User, error) { var u User u.UserName = username // try to get LDAP group membership groups, err := GetLdapGroupMembership(username, password) if err != nil { if err.Error() == "invalid user credentials" { return u, nil } else { return u, err } } // Compare all roles against the list of user's group membership roleList, err := QueryRoles() if err != nil { return u, err } matchFound := false for _, role := range roleList { for _, group := range groups { if role.LdapGroup == group { log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId) u.RoleId = role.RoleId matchFound = true break } else { //log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group) } } } if matchFound { // If we found a match, then store user with appropriate role ID u.SaveUser() } return u, nil } // StoreLdapUser creates a user record in the database and returns the corresponding userId func StoreLdapUser(u *User) error { // TODO return nil } func GetUserByID(uid uint) (User, error) { var u User // Query database for matching user object err := db.QueryRowx("SELECT * FROM users WHERE UserId=?", uid).StructScan(&u) if err != nil { return u, errors.New("user not found") } /* if err := DB.First(&u, uid).Error; err != nil { return u, errors.New("User not found!") } */ //u.PrepareGive() return u, nil } func GetUserByName(username string) (User, error) { var u User // Query database for matching user object err := db.QueryRowx("SELECT * FROM users WHERE UserName=?", username).StructScan(&u) if err != nil { return u, errors.New("user not found") } return u, nil } func GetUserRoleByID(uid uint) (UserRole, error) { var ur UserRole // Query database for matching user object log.Printf("GetUserRoleByID querying for userid '%d'\n", uid) err := db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", uid).StructScan(&ur) if err != nil { log.Printf("GetUserRoleByID received error when querying database : '%s'\n", err) return ur, errors.New("GetUserRoleByID user not found") } return ur, nil } func GetUserRoleFromToken(c *gin.Context) (UserRole, error) { var ur UserRole user_id, err := token.ExtractTokenID(c) if err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) return ur, err } // Query database for matching user object log.Printf("GetUserRoleFromToken querying for userid '%d'\n", user_id) err = db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", user_id).StructScan(&ur) if err != nil { log.Printf("GetUserRoleFromToken received error when querying database : '%s'\n", err) return ur, errors.New("GetUserRoleFromToken user not found") } return ur, nil } func QueryUsers() ([]User, error) { var results []User // Query database for role definitions rows, err := db.Queryx("SELECT * FROM users") if err != nil { log.Printf("QueryUsers error executing sql record : '%s'\n", err) return results, err } else { // parse all the results into a slice for rows.Next() { var u User err = rows.StructScan(&u) if err != nil { log.Printf("QueryUsers error parsing sql record : '%s'\n", err) return results, err } results = append(results, u) } log.Printf("QueryUsers retrieved '%d' results\n", len(results)) } return results, nil }