guichet/gpas.go

128 lines
4.1 KiB
Go
Raw Normal View History

/*
gpas is GVoisin password reset
*/
package main
import (
2023-07-23 08:57:17 +00:00
"bytes"
"errors"
"fmt"
2023-07-23 08:57:17 +00:00
"html/template"
"log"
2023-07-23 07:16:17 +00:00
// "github.com/emersion/go-sasl"
// "github.com/emersion/go-smtp"
"net/smtp"
"github.com/go-ldap/ldap/v3"
// "strings"
2023-07-23 12:00:54 +00:00
b64 "encoding/base64"
)
2023-07-23 10:00:02 +00:00
// type InvitationAccount struct {
// UID string
// Password string
// BaseDN string
// }
// var EMAIL_REGEXP := regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
func passwordLost(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
if user.CN == "" && user.Mail == "" && user.OtherMailbox == "" {
return errors.New("Il n'y a pas de quoi identifier l'utilisateur")
}
searchFilter := "(|"
2023-07-23 07:35:32 +00:00
if user.CN != "" {
searchFilter += "(cn=" + user.CN + ")"
}
2023-07-23 07:35:32 +00:00
if user.Mail != "" {
searchFilter += "(mail=" + user.Mail + ")"
}
2023-07-23 07:35:32 +00:00
if user.OtherMailbox != "" {
searchFilter += "(carLicense=" + user.OtherMailbox + ")"
}
2023-07-23 06:42:19 +00:00
searchFilter += ")"
2023-07-23 08:35:47 +00:00
searchReq := ldap.NewSearchRequest(config.UserBaseDN, ldap.ScopeSingleLevel, ldap.NeverDerefAliases, 0, 0, false, searchFilter, []string{"cn", "uid", "mail", "carLicense"}, nil)
searchRes, err := ldapConn.Search(searchReq)
if err != nil {
2023-07-23 06:25:52 +00:00
log.Printf(fmt.Sprintf("passwordLost : %v %v", err, ldapConn))
2023-07-23 06:46:14 +00:00
log.Printf(fmt.Sprintf("passwordLost : %v", searchReq))
log.Printf(fmt.Sprintf("passwordLost : %v", user))
2023-07-23 07:59:52 +00:00
return errors.New("Chose LDAP")
}
if len(searchRes.Entries) == 0 {
2023-07-23 08:00:57 +00:00
log.Printf("Il n'y a pas d'utilisateur qui correspond %v", searchReq)
return errors.New("Il n'y a pas d'utilisateur qui correspond")
}
2023-07-23 08:57:17 +00:00
// Préparation du courriel à envoyer
2023-07-23 12:00:54 +00:00
user.Password = suggestPassword()
code := b64.URLEncoding.EncodeToString([]byte(user.UID + ";" + user.Password))
err = passwd(user, config, ldapConn)
if err != nil {
log.Printf(fmt.Sprintf("passwordLost : %v", err))
return err
}
2023-07-23 08:56:25 +00:00
templateMail := template.Must(template.ParseFiles(templatePath + "/invite_mail.txt"))
buf := bytes.NewBuffer([]byte{})
templateMail.Execute(buf, &CodeMailFields{
To: user.OtherMailbox,
From: config.MailFrom,
2023-07-23 12:00:54 +00:00
InviteFrom: user.UID,
2023-07-23 08:56:25 +00:00
Code: code,
WebBaseAddress: config.WebAddress,
})
// message := []byte("Hi " + user.OtherMailbox)
log.Printf("Sending mail to: %s", user.OtherMailbox)
2023-07-23 07:16:17 +00:00
// var auth sasl.Client = nil
// if config.SMTPUsername != "" {
// auth = sasl.NewPlainClient("", config.SMTPUsername, config.SMTPPassword)
// }
2023-07-23 09:04:35 +00:00
message := buf.Bytes()
2023-07-23 07:16:17 +00:00
auth := smtp.PlainAuth("", config.SMTPUsername, config.SMTPPassword, config.SMTPServer)
2023-07-23 07:30:06 +00:00
log.Printf("auth: %v", auth)
2023-07-23 09:04:35 +00:00
err = smtp.SendMail(config.SMTPServer+":587", auth, config.SMTPUsername, []string{user.OtherMailbox}, message)
if err != nil {
2023-07-23 07:59:52 +00:00
log.Printf("email send error %v", err)
return err
}
log.Printf("Mail sent.")
return nil
}
2023-07-23 10:00:02 +00:00
2023-07-23 11:37:20 +00:00
func passwordFound(user User, config *ConfigFile, ldapConn *ldap.Conn) (string, error) {
2023-07-23 11:02:09 +00:00
l, err := openLdap(config)
if err != nil {
2023-07-23 11:39:05 +00:00
return "", err
2023-07-23 11:02:09 +00:00
}
2023-07-23 11:08:29 +00:00
if user.DN == "" && user.UID != "" {
user.DN = "uid=" + user.UID + ",ou=invitations,dc=resdigita,dc=org"
}
2023-07-23 11:02:09 +00:00
err = l.Bind(user.DN, user.Password)
2023-07-23 10:00:02 +00:00
if err != nil {
2023-07-23 11:14:50 +00:00
log.Printf("passwordFound %v", err)
log.Printf("passwordFound %v", user.DN)
log.Printf("passwordFound %v", user.UID)
2023-07-23 11:37:20 +00:00
return "", err
2023-07-23 10:00:02 +00:00
}
2023-07-23 11:37:20 +00:00
searchReq := ldap.NewSearchRequest(user.DN, ldap.ScopeBaseObject,
2023-07-23 11:45:46 +00:00
ldap.NeverDerefAliases, 0, 0, false, "(uid="+user.UID+")", []string{"seeAlso"}, nil)
2023-07-23 11:42:37 +00:00
var searchRes *ldap.SearchResult
searchRes, err = ldapConn.Search(searchReq)
2023-07-23 11:44:28 +00:00
if err != nil {
log.Printf("passwordFound %v", err)
log.Printf("passwordFound %v", searchReq)
log.Printf("passwordFound %v", ldapConn)
log.Printf("passwordFound %v", searchRes)
return "", err
}
2023-07-23 11:42:37 +00:00
if len(searchRes.Entries) == 0 {
log.Printf("passwordFound %v", err)
log.Printf("passwordFound %v", searchReq)
log.Printf("passwordFound %v", ldapConn)
log.Printf("passwordFound %v", searchRes)
return "", err
}
return searchRes.Entries[0].GetAttributeValue("seeAlso"), err
2023-07-23 10:00:02 +00:00
}