2023-07-23 06:22:09 +00:00
/ *
gpas is GVoisin password reset
* /
package main
import (
2023-07-23 08:57:17 +00:00
"bytes"
2023-07-23 06:22:09 +00:00
"errors"
"fmt"
2023-07-23 08:57:17 +00:00
"html/template"
2023-07-23 06:22:09 +00:00
"log"
2023-07-23 07:16:17 +00:00
// "github.com/emersion/go-sasl"
// "github.com/emersion/go-smtp"
"net/smtp"
2023-07-23 06:22:09 +00:00
"github.com/go-ldap/ldap/v3"
// "strings"
2023-07-23 12:00:54 +00:00
b64 "encoding/base64"
2023-07-23 06:22:09 +00:00
)
2023-07-23 10:00:02 +00:00
// type InvitationAccount struct {
// UID string
// Password string
// BaseDN string
// }
2023-07-23 06:22:09 +00:00
// var EMAIL_REGEXP := regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
func passwordLost ( user User , config * ConfigFile , ldapConn * ldap . Conn ) error {
if user . CN == "" && user . Mail == "" && user . OtherMailbox == "" {
return errors . New ( "Il n'y a pas de quoi identifier l'utilisateur" )
}
searchFilter := "(|"
2023-07-23 07:35:32 +00:00
if user . CN != "" {
2023-07-23 14:34:51 +00:00
searchFilter += "(cn=" + user . UID + ")"
2023-07-23 06:22:09 +00:00
}
2023-07-23 07:35:32 +00:00
if user . Mail != "" {
2023-07-23 06:22:09 +00:00
searchFilter += "(mail=" + user . Mail + ")"
}
2023-07-23 07:35:32 +00:00
if user . OtherMailbox != "" {
2023-07-23 06:22:09 +00:00
searchFilter += "(carLicense=" + user . OtherMailbox + ")"
}
2023-07-23 06:42:19 +00:00
searchFilter += ")"
2023-07-23 14:23:58 +00:00
searchReq := ldap . NewSearchRequest ( config . UserBaseDN , ldap . ScopeSingleLevel , ldap . NeverDerefAliases , 0 , 0 , false , searchFilter , [ ] string { "cn" , "uid" , "mail" , "carLicense" , "sn" , "displayName" , "givenName" } , nil )
2023-07-23 06:22:09 +00:00
searchRes , err := ldapConn . Search ( searchReq )
if err != nil {
2023-07-25 06:39:43 +00:00
log . Printf ( fmt . Sprintf ( "passwordLost 49 : %v %v" , err , ldapConn ) )
log . Printf ( fmt . Sprintf ( "passwordLost 50 : %v" , searchReq ) )
log . Printf ( fmt . Sprintf ( "passwordLost 51: %v" , user ) )
2023-07-24 19:49:42 +00:00
return err
2023-07-23 06:22:09 +00:00
}
if len ( searchRes . Entries ) == 0 {
2023-07-23 08:00:57 +00:00
log . Printf ( "Il n'y a pas d'utilisateur qui correspond %v" , searchReq )
2023-07-23 06:22:09 +00:00
return errors . New ( "Il n'y a pas d'utilisateur qui correspond" )
}
2023-07-25 12:13:14 +00:00
// log.Printf(fmt.Sprintf("passwordLost 58 : %v", user))
// log.Printf(fmt.Sprintf("passwordLost 59 : %v", searchRes.Entries[0]))
// log.Printf(fmt.Sprintf("passwordLost 60 : %v", searchRes.Entries[0].GetAttributeValue("cn")))
// log.Printf(fmt.Sprintf("passwordLost 61 : %v", searchRes.Entries[0].GetAttributeValue("uid")))
// log.Printf(fmt.Sprintf("passwordLost 62 : %v", searchRes.Entries[0].GetAttributeValue("mail")))
// log.Printf(fmt.Sprintf("passwordLost 63 : %v", searchRes.Entries[0].GetAttributeValue("carLicense")))
2023-07-23 08:57:17 +00:00
// Préparation du courriel à envoyer
2023-07-23 12:00:54 +00:00
user . Password = suggestPassword ( )
code := b64 . URLEncoding . EncodeToString ( [ ] byte ( user . UID + ";" + user . Password ) )
2023-07-23 14:19:39 +00:00
user . DN = "uid=" + searchRes . Entries [ 0 ] . GetAttributeValue ( "cn" ) + ",ou=invitations,dc=resdigita,dc=org"
user . UID = searchRes . Entries [ 0 ] . GetAttributeValue ( "cn" )
user . CN = searchRes . Entries [ 0 ] . GetAttributeValue ( "cn" )
user . Mail = searchRes . Entries [ 0 ] . GetAttributeValue ( "mail" )
user . OtherMailbox = searchRes . Entries [ 0 ] . GetAttributeValue ( "carLicense" )
2023-07-25 07:03:55 +00:00
/* Check for outstanding invitation */
2023-07-25 07:10:20 +00:00
searchReq = ldap . NewSearchRequest ( config . InvitationBaseDN , ldap . ScopeBaseObject ,
2023-07-25 07:03:55 +00:00
ldap . NeverDerefAliases , 0 , 0 , false , "(uid=" + user . UID + ")" , [ ] string { "seeAlso" } , nil )
searchRes , err = ldapConn . Search ( searchReq )
2023-07-25 06:56:09 +00:00
if err != nil {
2023-07-25 07:03:55 +00:00
log . Printf ( fmt . Sprintf ( "passwordLost (Check existing invitation) : %v" , err ) )
log . Printf ( fmt . Sprintf ( "passwordLost (Check existing invitation) : %v" , user ) )
2023-07-25 06:56:09 +00:00
return err
}
2023-07-25 07:05:03 +00:00
if len ( searchRes . Entries ) == 0 {
2023-07-25 07:03:55 +00:00
/* Add the invitation */
addReq := ldap . NewAddRequest (
user . DN ,
nil )
addReq . Attribute ( "objectClass" , [ ] string { "top" , "account" , "simpleSecurityObject" } )
addReq . Attribute ( "uid" , [ ] string { user . UID } )
addReq . Attribute ( "userPassword" , [ ] string { "absdefghi" } )
addReq . Attribute ( "seeAlso" , [ ] string { config . UserNameAttr + "=" + user . UID + "," + config . UserBaseDN } )
err = ldapConn . Add ( addReq )
if err != nil {
log . Printf ( fmt . Sprintf ( "passwordLost 83 : %v" , err ) )
log . Printf ( fmt . Sprintf ( "passwordLost 84 : %v" , user ) )
2023-07-25 12:41:58 +00:00
// log.Printf(fmt.Sprintf("passwordLost 85 : %v", searchRes.Entries[0]))
2023-07-25 07:03:55 +00:00
return err
}
}
2023-07-23 12:00:54 +00:00
err = passwd ( user , config , ldapConn )
if err != nil {
2023-07-25 06:56:09 +00:00
log . Printf ( fmt . Sprintf ( "passwordLost 90 : %v" , err ) )
log . Printf ( fmt . Sprintf ( "passwordLost 91 : %v" , user ) )
log . Printf ( fmt . Sprintf ( "passwordLost 92 : %v" , searchRes . Entries [ 0 ] ) )
2023-07-23 12:00:54 +00:00
return err
}
2023-07-23 14:37:51 +00:00
templateMail := template . Must ( template . ParseFiles ( templatePath + "/lost_password_email.txt" ) )
2023-07-23 08:56:25 +00:00
buf := bytes . NewBuffer ( [ ] byte { } )
templateMail . Execute ( buf , & CodeMailFields {
To : user . OtherMailbox ,
From : config . MailFrom ,
2023-07-23 12:00:54 +00:00
InviteFrom : user . UID ,
2023-07-23 08:56:25 +00:00
Code : code ,
WebBaseAddress : config . WebAddress ,
} )
// message := []byte("Hi " + user.OtherMailbox)
2023-07-23 06:22:09 +00:00
log . Printf ( "Sending mail to: %s" , user . OtherMailbox )
2023-07-23 07:16:17 +00:00
// var auth sasl.Client = nil
// if config.SMTPUsername != "" {
// auth = sasl.NewPlainClient("", config.SMTPUsername, config.SMTPPassword)
// }
2023-07-23 09:04:35 +00:00
message := buf . Bytes ( )
2023-07-23 07:16:17 +00:00
auth := smtp . PlainAuth ( "" , config . SMTPUsername , config . SMTPPassword , config . SMTPServer )
2023-07-23 07:30:06 +00:00
log . Printf ( "auth: %v" , auth )
2023-07-23 09:04:35 +00:00
err = smtp . SendMail ( config . SMTPServer + ":587" , auth , config . SMTPUsername , [ ] string { user . OtherMailbox } , message )
2023-07-23 06:22:09 +00:00
if err != nil {
2023-07-23 07:59:52 +00:00
log . Printf ( "email send error %v" , err )
2023-07-23 06:22:09 +00:00
return err
}
log . Printf ( "Mail sent." )
return nil
}
2023-07-23 10:00:02 +00:00
2023-07-23 11:37:20 +00:00
func passwordFound ( user User , config * ConfigFile , ldapConn * ldap . Conn ) ( string , error ) {
2023-07-23 11:02:09 +00:00
l , err := openLdap ( config )
if err != nil {
2023-07-23 12:10:30 +00:00
log . Printf ( "passwordFound %v" , err )
2023-07-23 12:17:32 +00:00
log . Printf ( "passwordFound Config : %v" , config )
2023-07-23 11:39:05 +00:00
return "" , err
2023-07-23 11:02:09 +00:00
}
2023-07-23 11:08:29 +00:00
if user . DN == "" && user . UID != "" {
user . DN = "uid=" + user . UID + ",ou=invitations,dc=resdigita,dc=org"
}
2023-07-23 11:02:09 +00:00
err = l . Bind ( user . DN , user . Password )
2023-07-23 10:00:02 +00:00
if err != nil {
2023-07-23 11:14:50 +00:00
log . Printf ( "passwordFound %v" , err )
log . Printf ( "passwordFound %v" , user . DN )
log . Printf ( "passwordFound %v" , user . UID )
2023-07-23 11:37:20 +00:00
return "" , err
2023-07-23 10:00:02 +00:00
}
2023-07-23 11:37:20 +00:00
searchReq := ldap . NewSearchRequest ( user . DN , ldap . ScopeBaseObject ,
2023-07-23 11:45:46 +00:00
ldap . NeverDerefAliases , 0 , 0 , false , "(uid=" + user . UID + ")" , [ ] string { "seeAlso" } , nil )
2023-07-23 11:42:37 +00:00
var searchRes * ldap . SearchResult
searchRes , err = ldapConn . Search ( searchReq )
2023-07-23 11:44:28 +00:00
if err != nil {
log . Printf ( "passwordFound %v" , err )
log . Printf ( "passwordFound %v" , searchReq )
log . Printf ( "passwordFound %v" , ldapConn )
log . Printf ( "passwordFound %v" , searchRes )
return "" , err
}
2023-07-23 11:42:37 +00:00
if len ( searchRes . Entries ) == 0 {
log . Printf ( "passwordFound %v" , err )
log . Printf ( "passwordFound %v" , searchReq )
log . Printf ( "passwordFound %v" , ldapConn )
log . Printf ( "passwordFound %v" , searchRes )
return "" , err
}
return searchRes . Entries [ 0 ] . GetAttributeValue ( "seeAlso" ) , err
2023-07-23 10:00:02 +00:00
}