From 193e28cf0086a4b4a1f6d562c42b7c22b6e34561 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Fri, 14 Feb 2020 22:51:12 +0100
Subject: [PATCH] Remember who invited who

---
 guichet.hcl.example |  2 +-
 invite.go           | 29 ++++++++++++++++++++++++-----
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/guichet.hcl.example b/guichet.hcl.example
index 1a1c328..358421a 100644
--- a/guichet.hcl.example
+++ b/guichet.hcl.example
@@ -12,7 +12,7 @@ job "guichet" {
     task "server" {
       driver = "docker"
       config {
-        image = "lxpz/guichet_amd64:8"
+        image = "lxpz/guichet_amd64:9"
         readonly_rootfs = true
         port_map {
           web_port = 9991
diff --git a/invite.go b/invite.go
index cb83eb4..83e35a3 100644
--- a/invite.go
+++ b/invite.go
@@ -43,7 +43,7 @@ func handleInviteNewAccount(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	handleNewAccount(w, r, login.conn)
+	handleNewAccount(w, r, login.conn, login.Info.DN)
 }
 
 // New account creation using code
@@ -65,7 +65,25 @@ func handleInvitationCode(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if handleNewAccount(w, r, l) {
+	sReq := ldap.NewSearchRequest(
+		inviteDn,
+		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
+		fmt.Sprintf("(objectclass=*)"),
+		[]string{"dn", "creatorsname"},
+		nil)
+	sr, err := l.Search(sReq)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if len(sr.Entries) != 1 {
+		http.Error(w, fmt.Sprintf("Expected 1 entry, got %d", len(sr.Entries)), http.StatusInternalServerError)
+		return
+	}
+
+	invitedBy := sr.Entries[0].GetAttributeValue("creatorsname")
+
+	if handleNewAccount(w, r, l, invitedBy) {
 		del_req := ldap.NewDelRequest(inviteDn, nil)
 		err = l.Del(del_req)
 		if err != nil {
@@ -91,7 +109,7 @@ type NewAccountData struct {
 	Success               bool
 }
 
-func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn) bool {
+func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn, invitedBy string) bool {
 	templateInviteNewAccount := template.Must(template.ParseFiles("templates/layout.html", "templates/invite_new_account.html"))
 
 	data := &NewAccountData{}
@@ -107,14 +125,14 @@ func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn) bool
 		password1 := strings.Join(r.Form["password"], "")
 		password2 := strings.Join(r.Form["password2"], "")
 
-		tryCreateAccount(l, data, password1, password2)
+		tryCreateAccount(l, data, password1, password2, invitedBy)
 	}
 
 	templateInviteNewAccount.Execute(w, data)
 	return data.Success
 }
 
-func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string) {
+func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string, invitedBy string) {
 	// Check if username is correct
 	if match, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", data.Username); !(err == nil && match) {
 		data.ErrorInvalidUsername = true
@@ -156,6 +174,7 @@ func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 st
 	req.Attribute("objectclass", []string{"inetOrgPerson", "organizationalPerson", "person", "top"})
 	req.Attribute("structuralobjectclass", []string{"inetOrgPerson"})
 	req.Attribute("userpassword", []string{SSHAEncode([]byte(pass1))})
+	req.Attribute("invitedby", []string{invitedBy})
 	if len(data.DisplayName) > 0 {
 		req.Attribute("displayname", []string{data.DisplayName})
 	}