guichet/gpas.go

/*
gpas is GVoisin password reset
*/

package main

import (
	"bytes"
	"errors"
	"fmt"
	"html/template"
	"log"

	// "github.com/emersion/go-sasl"
	// "github.com/emersion/go-smtp"
	"net/smtp"

	"github.com/go-ldap/ldap/v3"
	// "strings"
	b64 "encoding/base64"
)

// type InvitationAccount struct {
// 	UID string
// 	Password string
// 	BaseDN string
// }

// var EMAIL_REGEXP := regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")

func passwordLost(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
	if user.CN == "" && user.Mail == "" && user.OtherMailbox == "" {
		return errors.New("Il n'y a pas de quoi identifier l'utilisateur")
	}
	searchFilter := "(|"
	if user.CN != "" {
		searchFilter += "(cn=" + user.UID + ")"
	}
	if user.Mail != "" {
		searchFilter += "(mail=" + user.Mail + ")"
	}
	if user.OtherMailbox != "" {
		searchFilter += "(carLicense=" + user.OtherMailbox + ")"
	}
	searchFilter += ")"
	searchReq := ldap.NewSearchRequest(config.UserBaseDN, ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false, searchFilter, []string{"cn", "uid", "mail", "carLicense", "sn", "displayName", "givenName"}, nil)
	searchRes, err := ldapConn.Search(searchReq)
	if err != nil {
		log.Printf(fmt.Sprintf("passwordLost 49 : %v %v", err, ldapConn))
		log.Printf(fmt.Sprintf("passwordLost 50 : %v", searchReq))
		log.Printf(fmt.Sprintf("passwordLost 51: %v", user))
		return err
	}
	if len(searchRes.Entries) == 0 {
		log.Printf("Il n'y a pas d'utilisateur qui correspond %v", searchReq)
		return errors.New("Il n'y a pas d'utilisateur qui correspond")
	}
	// log.Printf(fmt.Sprintf("passwordLost 58 : %v", user))
	// log.Printf(fmt.Sprintf("passwordLost 59 : %v", searchRes.Entries[0]))
	// log.Printf(fmt.Sprintf("passwordLost 60 : %v", searchRes.Entries[0].GetAttributeValue("cn")))
	// log.Printf(fmt.Sprintf("passwordLost 61 : %v", searchRes.Entries[0].GetAttributeValue("uid")))
	// log.Printf(fmt.Sprintf("passwordLost 62 : %v", searchRes.Entries[0].GetAttributeValue("mail")))
	// log.Printf(fmt.Sprintf("passwordLost 63 : %v", searchRes.Entries[0].GetAttributeValue("carLicense")))
	// Préparation du courriel à envoyer
	user.Password = suggestPassword()
	code := b64.URLEncoding.EncodeToString([]byte(user.UID + ";" + user.Password))
	user.DN = "uid=" + searchRes.Entries[0].GetAttributeValue("cn") + ",ou=invitations,dc=resdigita,dc=org"
	user.UID = searchRes.Entries[0].GetAttributeValue("cn")
	user.CN = searchRes.Entries[0].GetAttributeValue("cn")
	user.Mail = searchRes.Entries[0].GetAttributeValue("mail")
	user.OtherMailbox = searchRes.Entries[0].GetAttributeValue("carLicense")
	/* Check for outstanding invitation */
	searchReq = ldap.NewSearchRequest(config.InvitationBaseDN, ldap.ScopeBaseObject,
		ldap.NeverDerefAliases, 0, 0, false, "(uid="+user.UID+")", []string{"seeAlso"}, nil)
	searchRes, err = ldapConn.Search(searchReq)
	if err != nil {
		log.Printf(fmt.Sprintf("passwordLost (Check existing invitation) : %v", err))
		log.Printf(fmt.Sprintf("passwordLost (Check existing invitation) : %v", user))
		return err
	}
	if len(searchRes.Entries) == 0 {
		/* Add the invitation */
		addReq := ldap.NewAddRequest(
			user.DN,
			nil)
		addReq.Attribute("objectClass", []string{"top", "account", "simpleSecurityObject"})
		addReq.Attribute("uid", []string{user.UID})
		addReq.Attribute("userPassword", []string{"absdefghi"})
		addReq.Attribute("seeAlso", []string{config.UserNameAttr + "=" + user.UID + "," + config.UserBaseDN})
		err = ldapConn.Add(addReq)
		if err != nil {
			log.Printf(fmt.Sprintf("passwordLost 83 : %v", err))
			log.Printf(fmt.Sprintf("passwordLost 84 : %v", user))
			log.Printf(fmt.Sprintf("passwordLost 85 : %v", searchRes.Entries[0]))
			return err
		}
	}
	err = passwd(user, config, ldapConn)
	if err != nil {
		log.Printf(fmt.Sprintf("passwordLost 90 : %v", err))
		log.Printf(fmt.Sprintf("passwordLost 91 : %v", user))
		log.Printf(fmt.Sprintf("passwordLost 92 : %v", searchRes.Entries[0]))
		return err
	}
	templateMail := template.Must(template.ParseFiles(templatePath + "/lost_password_email.txt"))
	buf := bytes.NewBuffer([]byte{})
	templateMail.Execute(buf, &CodeMailFields{
		To:             user.OtherMailbox,
		From:           config.MailFrom,
		InviteFrom:     user.UID,
		Code:           code,
		WebBaseAddress: config.WebAddress,
	})
	// message := []byte("Hi " + user.OtherMailbox)
	log.Printf("Sending mail to: %s", user.OtherMailbox)
	// var auth sasl.Client = nil
	// if config.SMTPUsername != "" {
	// 	auth = sasl.NewPlainClient("", config.SMTPUsername, config.SMTPPassword)
	// }
	message := buf.Bytes()
	auth := smtp.PlainAuth("", config.SMTPUsername, config.SMTPPassword, config.SMTPServer)
	log.Printf("auth: %v", auth)
	err = smtp.SendMail(config.SMTPServer+":587", auth, config.SMTPUsername, []string{user.OtherMailbox}, message)
	if err != nil {
		log.Printf("email send error %v", err)
		return err
	}
	log.Printf("Mail sent.")
	return nil
}

func passwordFound(user User, config *ConfigFile, ldapConn *ldap.Conn) (string, error) {
	l, err := openLdap(config)
	if err != nil {
		log.Printf("passwordFound %v", err)
		log.Printf("passwordFound Config : %v", config)
		return "", err
	}
	if user.DN == "" && user.UID != "" {
		user.DN = "uid=" + user.UID + ",ou=invitations,dc=resdigita,dc=org"
	}
	err = l.Bind(user.DN, user.Password)
	if err != nil {
		log.Printf("passwordFound %v", err)
		log.Printf("passwordFound %v", user.DN)
		log.Printf("passwordFound %v", user.UID)
		return "", err
	}
	searchReq := ldap.NewSearchRequest(user.DN, ldap.ScopeBaseObject,
		ldap.NeverDerefAliases, 0, 0, false, "(uid="+user.UID+")", []string{"seeAlso"}, nil)
	var searchRes *ldap.SearchResult
	searchRes, err = ldapConn.Search(searchReq)
	if err != nil {
		log.Printf("passwordFound %v", err)
		log.Printf("passwordFound %v", searchReq)
		log.Printf("passwordFound %v", ldapConn)
		log.Printf("passwordFound %v", searchRes)
		return "", err
	}
	if len(searchRes.Entries) == 0 {
		log.Printf("passwordFound %v", err)
		log.Printf("passwordFound %v", searchReq)
		log.Printf("passwordFound %v", ldapConn)
		log.Printf("passwordFound %v", searchRes)
		return "", err
	}
	return searchRes.Entries[0].GetAttributeValue("seeAlso"), err
}
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`/*`
			`gpas is GVoisin password reset`
			`*/`

			`package main`

			`import (`
G Pas 2023-07-23 08:57:17 +00:00			`"bytes"`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`"errors"`
			`"fmt"`
G Pas 2023-07-23 08:57:17 +00:00			`"html/template"`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`"log"`

G Pas 2023-07-23 07:16:17 +00:00			`// "github.com/emersion/go-sasl"`
			`// "github.com/emersion/go-smtp"`
			`"net/smtp"`

Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`"github.com/go-ldap/ldap/v3"`
			`// "strings"`
G Pas 2023-07-23 12:00:54 +00:00			`b64 "encoding/base64"`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`)`

G Pas 2023-07-23 10:00:02 +00:00			`// type InvitationAccount struct {`
			`// UID string`
			`// Password string`
			`// BaseDN string`
			`// }`

Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			// var EMAIL_REGEXP := regexp.MustCompile("^[a-zA-Z0-9.!#$%&'+\\/=?^_`{\|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)$")

			`func passwordLost(user User, config ConfigFile, ldapConn ldap.Conn) error {`
			`if user.CN == "" && user.Mail == "" && user.OtherMailbox == "" {`
			`return errors.New("Il n'y a pas de quoi identifier l'utilisateur")`
			`}`
			`searchFilter := "(\|"`
G Pas 2023-07-23 07:35:32 +00:00			`if user.CN != "" {`
G Pas 2023-07-23 14:34:51 +00:00			`searchFilter += "(cn=" + user.UID + ")"`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`}`
G Pas 2023-07-23 07:35:32 +00:00			`if user.Mail != "" {`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`searchFilter += "(mail=" + user.Mail + ")"`
			`}`
G Pas 2023-07-23 07:35:32 +00:00			`if user.OtherMailbox != "" {`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`searchFilter += "(carLicense=" + user.OtherMailbox + ")"`
			`}`
G Pas 2023-07-23 06:42:19 +00:00			`searchFilter += ")"`
G Pas 2023-07-23 14:23:58 +00:00			`searchReq := ldap.NewSearchRequest(config.UserBaseDN, ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false, searchFilter, []string{"cn", "uid", "mail", "carLicense", "sn", "displayName", "givenName"}, nil)`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`searchRes, err := ldapConn.Search(searchReq)`
			`if err != nil {`
Fixed Change Password Bug 2023-07-25 06:39:43 +00:00			`log.Printf(fmt.Sprintf("passwordLost 49 : %v %v", err, ldapConn))`
			`log.Printf(fmt.Sprintf("passwordLost 50 : %v", searchReq))`
			`log.Printf(fmt.Sprintf("passwordLost 51: %v", user))`
Fixed Change Password Bug 2023-07-24 19:49:42 +00:00			`return err`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`}`
			`if len(searchRes.Entries) == 0 {`
G Pas 2023-07-23 08:00:57 +00:00			`log.Printf("Il n'y a pas d'utilisateur qui correspond %v", searchReq)`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`return errors.New("Il n'y a pas d'utilisateur qui correspond")`
			`}`
Fixed Change Password Bug 2023-07-25 12:13:14 +00:00			`// log.Printf(fmt.Sprintf("passwordLost 58 : %v", user))`
			`// log.Printf(fmt.Sprintf("passwordLost 59 : %v", searchRes.Entries[0]))`
			`// log.Printf(fmt.Sprintf("passwordLost 60 : %v", searchRes.Entries[0].GetAttributeValue("cn")))`
			`// log.Printf(fmt.Sprintf("passwordLost 61 : %v", searchRes.Entries[0].GetAttributeValue("uid")))`
			`// log.Printf(fmt.Sprintf("passwordLost 62 : %v", searchRes.Entries[0].GetAttributeValue("mail")))`
			`// log.Printf(fmt.Sprintf("passwordLost 63 : %v", searchRes.Entries[0].GetAttributeValue("carLicense")))`
G Pas 2023-07-23 08:57:17 +00:00			`// Préparation du courriel à envoyer`
G Pas 2023-07-23 12:00:54 +00:00			`user.Password = suggestPassword()`
			`code := b64.URLEncoding.EncodeToString([]byte(user.UID + ";" + user.Password))`
G Pas 2023-07-23 14:19:39 +00:00			`user.DN = "uid=" + searchRes.Entries[0].GetAttributeValue("cn") + ",ou=invitations,dc=resdigita,dc=org"`
			`user.UID = searchRes.Entries[0].GetAttributeValue("cn")`
			`user.CN = searchRes.Entries[0].GetAttributeValue("cn")`
			`user.Mail = searchRes.Entries[0].GetAttributeValue("mail")`
			`user.OtherMailbox = searchRes.Entries[0].GetAttributeValue("carLicense")`
Fixed Change Password Bug 2023-07-25 07:03:55 +00:00			`/* Check for outstanding invitation */`
Fixed Change Password Bug 2023-07-25 07:10:20 +00:00			`searchReq = ldap.NewSearchRequest(config.InvitationBaseDN, ldap.ScopeBaseObject,`
Fixed Change Password Bug 2023-07-25 07:03:55 +00:00			`ldap.NeverDerefAliases, 0, 0, false, "(uid="+user.UID+")", []string{"seeAlso"}, nil)`
			`searchRes, err = ldapConn.Search(searchReq)`
Fixed Change Password Bug 2023-07-25 06:56:09 +00:00			`if err != nil {`
Fixed Change Password Bug 2023-07-25 07:03:55 +00:00			`log.Printf(fmt.Sprintf("passwordLost (Check existing invitation) : %v", err))`
			`log.Printf(fmt.Sprintf("passwordLost (Check existing invitation) : %v", user))`
Fixed Change Password Bug 2023-07-25 06:56:09 +00:00			`return err`
			`}`
Fixed Change Password Bug 2023-07-25 07:05:03 +00:00			`if len(searchRes.Entries) == 0 {`
Fixed Change Password Bug 2023-07-25 07:03:55 +00:00			`/* Add the invitation */`
			`addReq := ldap.NewAddRequest(`
			`user.DN,`
			`nil)`
			`addReq.Attribute("objectClass", []string{"top", "account", "simpleSecurityObject"})`
			`addReq.Attribute("uid", []string{user.UID})`
			`addReq.Attribute("userPassword", []string{"absdefghi"})`
			`addReq.Attribute("seeAlso", []string{config.UserNameAttr + "=" + user.UID + "," + config.UserBaseDN})`
			`err = ldapConn.Add(addReq)`
			`if err != nil {`
			`log.Printf(fmt.Sprintf("passwordLost 83 : %v", err))`
			`log.Printf(fmt.Sprintf("passwordLost 84 : %v", user))`
			`log.Printf(fmt.Sprintf("passwordLost 85 : %v", searchRes.Entries[0]))`
			`return err`
			`}`
			`}`
G Pas 2023-07-23 12:00:54 +00:00			`err = passwd(user, config, ldapConn)`
			`if err != nil {`
Fixed Change Password Bug 2023-07-25 06:56:09 +00:00			`log.Printf(fmt.Sprintf("passwordLost 90 : %v", err))`
			`log.Printf(fmt.Sprintf("passwordLost 91 : %v", user))`
			`log.Printf(fmt.Sprintf("passwordLost 92 : %v", searchRes.Entries[0]))`
G Pas 2023-07-23 12:00:54 +00:00			`return err`
			`}`
G Pas 2023-07-23 14:37:51 +00:00			`templateMail := template.Must(template.ParseFiles(templatePath + "/lost_password_email.txt"))`
G Pas 2023-07-23 08:56:25 +00:00			`buf := bytes.NewBuffer([]byte{})`
			`templateMail.Execute(buf, &CodeMailFields{`
			`To: user.OtherMailbox,`
			`From: config.MailFrom,`
G Pas 2023-07-23 12:00:54 +00:00			`InviteFrom: user.UID,`
G Pas 2023-07-23 08:56:25 +00:00			`Code: code,`
			`WebBaseAddress: config.WebAddress,`
			`})`
			`// message := []byte("Hi " + user.OtherMailbox)`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`log.Printf("Sending mail to: %s", user.OtherMailbox)`
G Pas 2023-07-23 07:16:17 +00:00			`// var auth sasl.Client = nil`
			`// if config.SMTPUsername != "" {`
			`// auth = sasl.NewPlainClient("", config.SMTPUsername, config.SMTPPassword)`
			`// }`
G Pas 2023-07-23 09:04:35 +00:00			`message := buf.Bytes()`
G Pas 2023-07-23 07:16:17 +00:00			`auth := smtp.PlainAuth("", config.SMTPUsername, config.SMTPPassword, config.SMTPServer)`
G Pas 2023-07-23 07:30:06 +00:00			`log.Printf("auth: %v", auth)`
G Pas 2023-07-23 09:04:35 +00:00			`err = smtp.SendMail(config.SMTPServer+":587", auth, config.SMTPUsername, []string{user.OtherMailbox}, message)`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`if err != nil {`
G Pas 2023-07-23 07:59:52 +00:00			`log.Printf("email send error %v", err)`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00			`return err`
			`}`
			`log.Printf("Mail sent.")`
			`return nil`
			`}`
G Pas 2023-07-23 10:00:02 +00:00
G Pas 2023-07-23 11:37:20 +00:00			`func passwordFound(user User, config ConfigFile, ldapConn ldap.Conn) (string, error) {`
G Pas 2023-07-23 11:02:09 +00:00			`l, err := openLdap(config)`
			`if err != nil {`
G Pas 2023-07-23 12:10:30 +00:00			`log.Printf("passwordFound %v", err)`
G Pas 2023-07-23 12:17:32 +00:00			`log.Printf("passwordFound Config : %v", config)`
G Pas 2023-07-23 11:39:05 +00:00			`return "", err`
G Pas 2023-07-23 11:02:09 +00:00			`}`
G Pas 2023-07-23 11:08:29 +00:00			`if user.DN == "" && user.UID != "" {`
			`user.DN = "uid=" + user.UID + ",ou=invitations,dc=resdigita,dc=org"`
			`}`
G Pas 2023-07-23 11:02:09 +00:00			`err = l.Bind(user.DN, user.Password)`
G Pas 2023-07-23 10:00:02 +00:00			`if err != nil {`
G Pas 2023-07-23 11:14:50 +00:00			`log.Printf("passwordFound %v", err)`
			`log.Printf("passwordFound %v", user.DN)`
			`log.Printf("passwordFound %v", user.UID)`
G Pas 2023-07-23 11:37:20 +00:00			`return "", err`
G Pas 2023-07-23 10:00:02 +00:00			`}`
G Pas 2023-07-23 11:37:20 +00:00			`searchReq := ldap.NewSearchRequest(user.DN, ldap.ScopeBaseObject,`
G Pas 2023-07-23 11:45:46 +00:00			`ldap.NeverDerefAliases, 0, 0, false, "(uid="+user.UID+")", []string{"seeAlso"}, nil)`
G Pas 2023-07-23 11:42:37 +00:00			`var searchRes *ldap.SearchResult`
			`searchRes, err = ldapConn.Search(searchReq)`
G Pas 2023-07-23 11:44:28 +00:00			`if err != nil {`
			`log.Printf("passwordFound %v", err)`
			`log.Printf("passwordFound %v", searchReq)`
			`log.Printf("passwordFound %v", ldapConn)`
			`log.Printf("passwordFound %v", searchRes)`
			`return "", err`
			`}`
G Pas 2023-07-23 11:42:37 +00:00			`if len(searchRes.Entries) == 0 {`
			`log.Printf("passwordFound %v", err)`
			`log.Printf("passwordFound %v", searchReq)`
			`log.Printf("passwordFound %v", ldapConn)`
			`log.Printf("passwordFound %v", searchRes)`
			`return "", err`
			`}`
			`return searchRes.Entries[0].GetAttributeValue("seeAlso"), err`
G Pas 2023-07-23 10:00:02 +00:00			`}`