nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity
Files
cb7376eeeb1abb2167b22c485f9dda521ed4a4bb
smt/models/user.go
Nathan Coad cb7376eeeb
All checks were successful
continuous-integration/drone/push Build is passing
Details
progress on ldap
2024-01-05 09:48:48 +11:00

287 lines
7.4 KiB
Go
Raw Blame History

package models
import (
"database/sql"
"errors"
"fmt"
"log"
"net/http"
"smt/utils/token"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
)
type User struct {
UserId int `db:"UserId" json:"userId"`
RoleId int `db:"RoleId" json:"roleId"`
UserName string `db:"UserName" json:"userName"`
Password string `db:"Password" json:"-"`
LdapUser bool `db:"LdapUser" json:"ldapUser"`
LdapDn string `db:"LdapDN" json:"ldapDn"`
}
type UserRole struct {
User
RoleName string `db:"RoleName"`
ReadOnly bool `db:"ReadOnly"`
Admin bool `db:"Admin"`
}
func (u *User) SaveUser() (*User, error) {
var err error
// Validate username not already in use
_, err = GetUserByName(u.UserName)
if err != nil && err.Error() == "user not found" {
log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName)
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password, LdapUser, LdapDn) VALUES (:RoleId, :UserName, :Password, :LdapUser, :LdapDN)`), u)
if err != nil {
log.Printf("SaveUser error executing sql record : '%s'\n", err)
return &User{}, err
} else {
affected, _ := result.RowsAffected()
id, _ := result.LastInsertId()
log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected)
}
} else {
log.Printf("SaveUser Username already exists : '%v'\n", err)
}
return u, nil
}
func (u *User) DeleteUser() error {
// Validate username exists
_, err := GetUserByName(u.UserName)
if err != nil {
log.Printf("DeleteUser error finding user account to remove : '%s'\n", err)
return err
} else {
log.Printf("DeleteUser confirmed user exists, continuing with deletion of user '%s'\n", u.UserName)
result, err := db.NamedExec((`DELETE FROM users WHERE UserName = :UserName`), u)
if err != nil {
log.Printf("DeleteUser error executing sql delete : '%s'\n", err)
return err
} else {
affected, _ := result.RowsAffected()
id, _ := result.LastInsertId()
log.Printf("DeleteUser returned result id '%d' affecting %d row(s).\n", id, affected)
}
}
return nil
}
func VerifyPassword(password, hashedPassword string) error {
log.Printf("VerifyPassword comparing input against hashed value '%s'\n", hashedPassword)
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
}
func LoginCheck(username string, password string) (string, error) {
var err error
u := User{}
// Query database for matching user object
err = db.QueryRowx("SELECT * FROM Users WHERE Username=?", username).StructScan(&u)
if err != nil {
if err == sql.ErrNoRows {
// check LDAP if enabled
if LdapEnabled {
ldapUser, err := LdapLoginCheck(username, password)
if err != nil {
errString := fmt.Sprintf("LoginCheck erro checking LDAP for user : '%s'\n", err)
log.Print(errString)
return "", errors.New(errString)
}
if ldapUser == (User{}) {
errString := fmt.Sprintf("LoginCheck user not found in LDAP : '%s'\n", err)
log.Print(errString)
return "", errors.New(errString)
}
} else {
return "", errors.New("specified user not found in database")
}
}
log.Printf("LoginCheck error retrieving user from database : '%s'\n", err)
return "", err
} else {
log.Printf("LoginCheck retrieved user '%v' from database\n", u)
}
err = VerifyPassword(password, u.Password)
if err != nil && err == bcrypt.ErrMismatchedHashAndPassword {
log.Printf("LoginCheck says password doesn't match stored hash.\n")
return "", err
} else {
log.Printf("LoginCheck verified password against stored hash.\n")
}
token, err := token.GenerateToken(uint(u.UserId))
if err != nil {
log.Printf("LoginCheck error generating token : '%s'\n", err)
return "", err
}
return token, nil
}
func LdapLoginCheck(username string, password string) (User, error) {
var u User
// try to get LDAP group membership
groups, err := GetLdapGroupMembership(username, password)
if err != nil {
if err.Error() == "invalid user credentials" {
return u, nil
} else {
return u, err
}
}
// Compare all roles against the list of user's group membership
roleList, err := QueryRoles()
if err != nil {
return u, err
}
matchFound := false
for _, role := range roleList {
for _, group := range groups {
if role.LdapGroup == group {
log.Printf("Found match, user is allowed role ID '%d'\n", role.RoleId)
matchFound = true
break
} else {
log.Printf("Role '%s' with LDAP group '%s' not match user group '%s'\n", role.RoleName, role.LdapGroup, group)
}
}
}
if matchFound {
// If we found a match, then store user with appropriate role ID
u.UserId = StoreLdapUser(username)
}
return u, nil
}
// StoreLdapUser creates a user record in the database and returns the corresponding userId
func StoreLdapUser(username string) int {
// TODO
return 99
}
func GetUserByID(uid uint) (User, error) {
var u User
// Query database for matching user object
err := db.QueryRowx("SELECT * FROM users WHERE UserId=?", uid).StructScan(&u)
if err != nil {
return u, errors.New("user not found")
}
/*
if err := DB.First(&u, uid).Error; err != nil {
return u, errors.New("User not found!")
}
*/
//u.PrepareGive()
return u, nil
}
func GetUserByName(username string) (User, error) {
var u User
// Query database for matching user object
err := db.QueryRowx("SELECT * FROM users WHERE UserName=?", username).StructScan(&u)
if err != nil {
return u, errors.New("user not found")
}
return u, nil
}
func GetUserRoleByID(uid uint) (UserRole, error) {
var ur UserRole
// Query database for matching user object
log.Printf("GetUserRoleByID querying for userid '%d'\n", uid)
err := db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", uid).StructScan(&ur)
if err != nil {
log.Printf("GetUserRoleByID received error when querying database : '%s'\n", err)
return ur, errors.New("GetUserRoleByID user not found")
}
return ur, nil
}
func GetUserRoleFromToken(c *gin.Context) (UserRole, error) {
var ur UserRole
user_id, err := token.ExtractTokenID(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return ur, err
}
// Query database for matching user object
log.Printf("GetUserRoleFromToken querying for userid '%d'\n", user_id)
err = db.QueryRowx("SELECT users.UserId, users.RoleId, users.UserName, users.Password, users.LdapUser, users.LdapDN, roles.RoleName, roles.ReadOnly, roles.Admin FROM users INNER JOIN roles ON users.RoleId = roles.RoleId WHERE users.UserId=?", user_id).StructScan(&ur)
if err != nil {
log.Printf("GetUserRoleFromToken received error when querying database : '%s'\n", err)
return ur, errors.New("GetUserRoleFromToken user not found")
}
return ur, nil
}
func QueryUsers() ([]User, error) {
var results []User
// Query database for role definitions
rows, err := db.Queryx("SELECT * FROM users")
if err != nil {
log.Printf("QueryUsers error executing sql record : '%s'\n", err)
return results, err
} else {
// parse all the results into a slice
for rows.Next() {
var u User
err = rows.StructScan(&u)
if err != nil {
log.Printf("QueryUsers error parsing sql record : '%s'\n", err)
return results, err
}
results = append(results, u)
}
log.Printf("QueryUsers retrieved '%d' results\n", len(results))
}
return results, nil
}
Reference in New Issue View Git Blame Copy Permalink