Nathan Coad
7f40884115
All checks were successful
continuous-integration/drone/push Build is passing
313 lines
8.1 KiB
Go
313 lines
8.1 KiB
Go
package models
|
|
|
|
import (
|
|
"database/sql"
|
|
"errors"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"smt/utils/token"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
type User struct {
|
|
UserId int `db:"UserId" json:"userId"`
|
|
RoleId int `db:"RoleId" json:"roleId"`
|
|
UserName string `db:"UserName" json:"userName"`
|
|
Password string `db:"Password" json:"-"`
|
|
LdapUser bool `db:"LdapUser" json:"ldapUser"`
|
|
LdapDn string `db:"LdapDN" json:"ldapDn"`
|
|
}
|
|
|
|
type UserRole struct {
|
|
User
|
|
RoleName string `db:"RoleName"`
|
|
ReadOnly bool `db:"ReadOnly"`
|
|
Admin bool `db:"Admin"`
|
|
}
|
|
|
|
func (u *User) SaveUser() (*User, error) {
|
|
|
|
var err error
|
|
|
|
// Validate username not already in use
|
|
_, err = GetUserByName(u.UserName)
|
|
if err != nil && err.Error() == "user not found" {
|
|
log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName)
|
|
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password, LdapUser, LdapDn) VALUES (:RoleId, :UserName, :Password, :LdapUser, :LdapDN)`), u)
|
|
|
|
if err != nil {
|
|
log.Printf("SaveUser error executing sql record : '%s'\n", err)
|
|
return &User{}, err
|
|
} else {
|
|
affected, _ := result.RowsAffected()
|
|
id, _ := result.LastInsertId()
|
|
log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected)
|
|
}
|
|
} else {
|
|
log.Printf("SaveUser Username already exists : '%v'\n", err)
|
|
}
|
|
|
|
return u, nil
|
|
}
|
|
|
|
func (u *User) DeleteUser() error {
|
|
|
|
// Validate username exists
|
|
_, err := GetUserByName(u.UserName)
|
|
if err != nil {
|
|
log.Printf("DeleteUser error finding user account to remove : '%s'\n", err)
|
|
return err
|
|
} else {
|
|
log.Printf("DeleteUser confirmed user exists, continuing with deletion of user '%s'\n", u.UserName)
|
|
result, err := db.NamedExec((`DELETE FROM users WHERE UserName = :UserName`), u)
|
|
|
|
if err != nil {
|
|
log.Printf("DeleteUser error executing sql delete : '%s'\n", err)
|
|
return err
|
|
} else {
|
|
affected, _ := result.RowsAffected()
|
|
id, _ := result.LastInsertId()
|
|
log.Printf("DeleteUser returned result id '%d' affecting %d row(s).\n", id, affected)
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func VerifyPassword(password, hashedPassword string) error {
|
|
|
|
if len(password) == 0 {
|
|
return errors.New("unable to verify empty password")
|
|
}
|
|
|
|
if len(hashedPassword) == 0 {
|
|
return errors.New("unable to compare password with empty hash")
|
|
}
|
|
|
|
log.Printf("VerifyPassword comparing input against hashed value '%s'\n", hashedPassword)
|
|
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
|
}
|
|
|
|
func LoginCheck(username string, password string) (string, error) {
|
|
|
|
var err error
|
|
|
|
u := User{}
|
|
|
|
// Query database for matching user object
|
|
err = db.QueryRowx("SELECT * FROM Users WHERE Username=?", username).StructScan(&u)
|
|
|
|
if err != nil {
|
|
if err == sql.ErrNoRows {
|
|
// check LDAP if enabled
|
|
if LdapEnabled {
|
|
ldapUser, err := LdapLoginCheck(username, password)
|
|
if err != nil {
|
|
errString := fmt.Sprintf("LoginCheck error checking LDAP for user : '%s'\n", err)
|
|
log.Print(errString)
|
|
return "", errors.New(errString)
|
|
}
|
|
|
|
if ldapUser == (User{}) {
|
|
errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
|
|
log.Print(errString)
|
|
return "", errors.New(errString)
|
|
} else {
|
|
log.Printf("LoginCheck verified LDAP user successfully\n")
|
|
u = ldapUser
|
|
}
|
|
} else {
|
|
// LDAP is not enabled, if user is not in the database then they can't login
|
|
return "", errors.New("specified user not found in database")
|
|
}
|
|
}
|
|
} else {
|
|
log.Printf("LoginCheck retrieved user '%v' from database\n", u)
|
|
}
|
|
|
|
//log.Printf("u: %v\n", u)
|
|
|
|
if !u.LdapUser {
|
|
err = VerifyPassword(password, u.Password)
|
|
|
|
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
|
|
log.Printf("LoginCheck says password doesn't match stored hash.\n")
|
|
return "", err
|
|
} else {
|
|
log.Printf("LoginCheck verified password against stored hash.\n")
|
|
}
|
|
} else {
|
|
err := VerifyLdapCreds(username, password)
|
|
|
|
if err != nil {
|
|
errString := fmt.Sprintf("LoginCheck LDAP user bind unsuccessful : '%s'\n", err)
|
|
log.Print(errString)
|
|
return "", errors.New(errString)
|
|
} else {
|
|
log.Printf("LoginCheck successfully verified LDAP user\n")
|
|
}
|
|
}
|
|
|
|
token, err := token.GenerateToken(uint(u.UserId))
|
|
|
|
if err != nil {
|
|
log.Printf("LoginCheck error generating token : '%s'\n", err)
|
|
return "", err
|
|
}
|
|
|
|
return token, nil
|
|
|
|
}
|
|
|
|
func LdapLoginCheck(username string, password string) (User, error) {
|
|
var u User
|
|
u.UserName = username
|
|
|
|
// try to get LDAP group membership
|
|
groups, err := GetLdapGroupMembership(username, password)
|
|
if err != nil {
|
|
if err.Error() == "invalid user credentials" {
|
|
return u, nil
|
|
} else {
|
|
return u, err
|
|
}
|
|
}
|
|
|
|
// Compare all roles against the list of user's group membership
|
|
roleList, err := QueryRoles()
|
|
if err != nil {
|
|
return u, err
|
|
}
|
|
|
|
matchFound := false
|
|
for _, role := range roleList {
|
|
for _, group := range groups {
|
|
if role.LdapGroup == group {
|
|
log.Printf("Found match with role '%s' and LDAP group '%s', user is allowed role ID '%d'\n", role.RoleName, role.LdapGroup, role.RoleId)
|
|
u.RoleId = role.RoleId
|
|
matchFound = true
|
|
break
|
|
} else {
|
|
//log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
|
|
}
|
|
}
|
|
}
|
|
|
|
if matchFound {
|
|
// If we found a match, then store user with appropriate role ID
|
|
u.LdapUser = true
|
|
u.SaveUser()
|
|
}
|
|
|
|
return u, nil
|
|
}
|
|
|
|
// StoreLdapUser creates a user record in the database and returns the corresponding userId
|
|
func StoreLdapUser(u *User) error {
|
|
|
|
// TODO
|
|
|
|
return nil
|
|
}
|
|
|
|
func GetUserByID(uid uint) (User, error) {
|
|
|
|
var u User
|
|
|
|
// Query database for matching user object
|
|
err := db.QueryRowx("SELECT * FROM users WHERE UserId=?", uid).StructScan(&u)
|
|
if err != nil {
|
|
return u, errors.New("user not found")
|
|
}
|
|
/*
|
|
if err := DB.First(&u, uid).Error; err != nil {
|
|
return u, errors.New("User not found!")
|
|
}
|
|
*/
|
|
//u.PrepareGive()
|
|
|
|
return u, nil
|
|
|
|
}
|
|
|
|
func GetUserByName(username string) (User, error) {
|
|
|
|
var u User
|
|
|
|
// Query database for matching user object
|
|
err := db.QueryRowx("SELECT * FROM users WHERE UserName=?", username).StructScan(&u)
|
|
if err != nil {
|
|
return u, errors.New("user not found")
|
|
}
|
|
|
|
return u, nil
|
|
}
|
|
|
|
func GetUserRoleByID(uid uint) (UserRole, error) {
|
|
|
|
var ur UserRole
|
|
|
|
// Query database for matching user object
|
|
log.Printf("GetUserRoleByID querying for userid '%d'\n", uid)
|
|
err := db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", uid).StructScan(&ur)
|
|
if err != nil {
|
|
log.Printf("GetUserRoleByID received error when querying database : '%s'\n", err)
|
|
return ur, errors.New("GetUserRoleByID user not found")
|
|
}
|
|
|
|
return ur, nil
|
|
}
|
|
|
|
func GetUserRoleFromToken(c *gin.Context) (UserRole, error) {
|
|
|
|
var ur UserRole
|
|
|
|
user_id, err := token.ExtractTokenID(c)
|
|
|
|
if err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return ur, err
|
|
}
|
|
|
|
// Query database for matching user object
|
|
log.Printf("GetUserRoleFromToken querying for userid '%d'\n", user_id)
|
|
err = db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", user_id).StructScan(&ur)
|
|
if err != nil {
|
|
log.Printf("GetUserRoleFromToken received error when querying database : '%s'\n", err)
|
|
return ur, errors.New("GetUserRoleFromToken user not found")
|
|
}
|
|
|
|
return ur, nil
|
|
}
|
|
|
|
func QueryUsers() ([]User, error) {
|
|
var results []User
|
|
|
|
// Query database for role definitions
|
|
rows, err := db.Queryx("SELECT * FROM users")
|
|
|
|
if err != nil {
|
|
log.Printf("QueryUsers error executing sql record : '%s'\n", err)
|
|
return results, err
|
|
} else {
|
|
// parse all the results into a slice
|
|
for rows.Next() {
|
|
var u User
|
|
err = rows.StructScan(&u)
|
|
if err != nil {
|
|
log.Printf("QueryUsers error parsing sql record : '%s'\n", err)
|
|
return results, err
|
|
}
|
|
results = append(results, u)
|
|
|
|
}
|
|
log.Printf("QueryUsers retrieved '%d' results\n", len(results))
|
|
}
|
|
|
|
return results, nil
|
|
}
|