guichet/login.go

/*
login handles login and current-user verification
*/

package main

import (
	"fmt"
	"log"
	"net/http"
	"strings"

	"github.com/go-ldap/ldap/v3"
)

type LoginInfo struct {
	Username string
	DN       string
	Password string
}

type LoginStatus struct {
	Info      *LoginInfo
	conn      *ldap.Conn
	UserEntry *ldap.Entry
	CanAdmin  bool
	CanInvite bool
}

func (login *LoginStatus) WelcomeName() string {
	ret := login.UserEntry.GetAttributeValue("givenName")
	if ret == "" {
		ret = login.UserEntry.GetAttributeValue("displayName")
	}
	if ret == "" {
		ret = login.Info.Username
	}
	return ret
}

func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
	var login_info *LoginInfo

	session, err := store.Get(r, SESSION_NAME)
	if err == nil {
		username, ok := session.Values["login_username"]
		password, ok2 := session.Values["login_password"]
		user_dn, ok3 := session.Values["login_dn"]

		if ok && ok2 && ok3 {
			login_info = &LoginInfo{
				DN:       user_dn.(string),
				Username: username.(string),
				Password: password.(string),
			}
		}
	}

	if login_info == nil {
		login_info = handleLogin(w, r)
		if login_info == nil {
			return nil
		}
	}

	l, err := ldapOpen(w)
	if l == nil {
		return nil
	}

	err = bind(User{
		DN:       login_info.DN,
		Password: login_info.Password,
	}, config, l)

	if err != nil {
		delete(session.Values, "login_username")
		delete(session.Values, "login_password")
		delete(session.Values, "login_dn")

		err = session.Save(r, w)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return nil
		}
		return checkLogin(w, r)
	}

	ldapUser, err := get(User{
		DN: login_info.DN,
		CN: login_info.Username,
	}, config, l)

	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return nil
	}

	userEntry := ldapUser.UserEntry

	loginStatus := &LoginStatus{
		Info:      login_info,
		conn:      l,
		UserEntry: userEntry,
		CanAdmin:  ldapUser.CanAdmin,
		CanInvite: ldapUser.CanInvite,
	}

	/*

		requestKind := "(objectClass=organizationalPerson)"
		if strings.EqualFold(login_info.DN, config.AdminAccount) {
			requestKind = "(objectclass=*)"
		}
		searchRequest := ldap.NewSearchRequest(
			login_info.DN,
			ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
			requestKind,
			[]string{
				"dn",
				"displayname",
				"givenname",
				"sn",
				"mail",
				"cn",
				"memberof",
				"description",
				"garage_s3_access_key",
			},
			nil)
		//			FIELD_NAME_DIRECTORY_VISIBILITY,
		//			FIELD_NAME_PROFILE_PICTURE,

		sr, err := l.Search(searchRequest)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return nil
		}

		if len(sr.Entries) != 1 {
			http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError)
			return nil
		}

		loginStatus.UserEntry = sr.Entries[0]

		loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
		loginStatus.CanInvite = false

		groups := []EntryName{}
		searchRequest = ldap.NewSearchRequest(
			config.GroupBaseDN,
			ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
			fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", login_info.DN),
			[]string{"dn", "displayName", "cn", "description"},
			nil)
		// // log.Printf(fmt.Sprintf("708: %v",searchRequest))
		sr, err = l.Search(searchRequest)
		// if err != nil {
		// 	http.Error(w, err.Error(), http.StatusInternalServerError)
		// 	return
		// }
		//// log.Printf(fmt.Sprintf("303: %v",sr.Entries))
		for _, ent := range sr.Entries {
			// log.Printf(fmt.Sprintf("305: %v",ent.DN))
			groups = append(groups, EntryName{
				DN:   ent.DN,
				Name: ent.GetAttributeValue("cn"),
			})
			// log.Printf(fmt.Sprintf("310: %v",config.GroupCanInvite))
			if config.GroupCanInvite != "" && strings.EqualFold(ent.DN, config.GroupCanInvite) {
				loginStatus.CanInvite = true
			}
			// log.Printf(fmt.Sprintf("314: %v",config.GroupCanAdmin))
			if config.GroupCanAdmin != "" && strings.EqualFold(ent.DN, config.GroupCanAdmin) {
				loginStatus.CanAdmin = true
			}
		}

		// for _, attr := range loginStatus.UserEntry.Attributes {
		// 	if strings.EqualFold(attr.Name, "memberof") {
		// 		for _, group := range attr.Values {
		// 			if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
		// 				loginStatus.CanInvite = true
		// 			}
		// 			if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
		// 				loginStatus.CanAdmin = true
		// 			}
		// 		}
		// 	}
		// }

		return loginStatus
	*/

	return loginStatus
}

func handleLogout(w http.ResponseWriter, r *http.Request) {
	session, err := store.Get(r, SESSION_NAME)
	if err != nil {
		session, _ = store.New(r, SESSION_NAME)
	}

	delete(session.Values, "login_username")
	delete(session.Values, "login_password")
	delete(session.Values, "login_dn")

	err = session.Save(r, w)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	http.Redirect(w, r, "/", http.StatusFound)
}

type LoginFormData struct {
	Username     string
	WrongUser    bool
	WrongPass    bool
	ErrorMessage string
}

func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
	templateLogin := getTemplate("login.html")

	if r.Method == "GET" {
		templateLogin.Execute(w, LoginFormData{})
		return nil
	} else if r.Method == "POST" {
		// log.Printf("%v", "Parsing Form handleLogin")
		r.ParseForm()

		username := strings.Join(r.Form["username"], "")
		password := strings.Join(r.Form["password"], "")
		user_dn := fmt.Sprintf("%s=%s,%s", config.UserNameAttr, username, config.UserBaseDN)

		// log.Printf("%v", user_dn)
		// log.Printf("%v", username)

		if strings.EqualFold(username, config.AdminAccount) {
			user_dn = username
		}
		loginInfo, err := doLogin(w, r, username, user_dn, password)
		// log.Printf("%v", loginInfo)
		if err != nil {
			data := &LoginFormData{
				Username: username,
			}
			if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {
				data.WrongPass = true
			} else if ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) {
				data.WrongUser = true
			} else {
				log.Printf("%v", err)
				log.Printf("%v", user_dn)
				log.Printf("%v", username)
				data.ErrorMessage = err.Error()
			}
			templateLogin.Execute(w, data)
		}
		return loginInfo

	} else {
		http.Error(w, "Unsupported method", http.StatusBadRequest)
		return nil
	}
}

func doLogin(w http.ResponseWriter, r *http.Request, username string, user_dn string, password string) (*LoginInfo, error) {
	l, _ := ldapOpen(w)

	err := l.Bind(user_dn, password)
	if err != nil {
		log.Printf("doLogin : %v", err)
		log.Printf("doLogin : %v", user_dn)
		return nil, err
	}

	// Successfully logged in, save it to session
	session, err := store.Get(r, SESSION_NAME)
	if err != nil {
		session, _ = store.New(r, SESSION_NAME)
	}

	session.Values["login_username"] = username
	session.Values["login_password"] = password
	session.Values["login_dn"] = user_dn

	err = session.Save(r, w)
	if err != nil {
		log.Printf("doLogin Session Save: %v", err)
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return nil, err
	}

	LoginInfo := LoginInfo{
		DN:       user_dn,
		Username: username,
		Password: password,
	}

	return &LoginInfo, nil
}
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`/*`
			`login handles login and current-user verification`
			`*/`

			`package main`

			`import (`
			`"fmt"`
Factoring the model user and correcting password 2023-07-22 05:48:18 +00:00			`"log"`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`"net/http"`
			`"strings"`

			`"github.com/go-ldap/ldap/v3"`
			`)`

			`type LoginInfo struct {`
			`Username string`
			`DN string`
			`Password string`
			`}`

			`type LoginStatus struct {`
			`Info *LoginInfo`
			`conn *ldap.Conn`
			`UserEntry *ldap.Entry`
			`CanAdmin bool`
			`CanInvite bool`
			`}`

			`func (login *LoginStatus) WelcomeName() string {`
			`ret := login.UserEntry.GetAttributeValue("givenName")`
			`if ret == "" {`
			`ret = login.UserEntry.GetAttributeValue("displayName")`
			`}`
			`if ret == "" {`
			`ret = login.Info.Username`
			`}`
			`return ret`
			`}`

			`func checkLogin(w http.ResponseWriter, r http.Request) LoginStatus {`
			`var login_info *LoginInfo`

			`session, err := store.Get(r, SESSION_NAME)`
			`if err == nil {`
			`username, ok := session.Values["login_username"]`
			`password, ok2 := session.Values["login_password"]`
			`user_dn, ok3 := session.Values["login_dn"]`

			`if ok && ok2 && ok3 {`
			`login_info = &LoginInfo{`
			`DN: user_dn.(string),`
			`Username: username.(string),`
			`Password: password.(string),`
			`}`
			`}`
			`}`

			`if login_info == nil {`
			`login_info = handleLogin(w, r)`
			`if login_info == nil {`
			`return nil`
			`}`
			`}`

Implementing Activate User 2023-07-21 12:15:44 +00:00			`l, err := ldapOpen(w)`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`if l == nil {`
			`return nil`
			`}`

Factoring the model user and correcting password 2023-07-22 06:03:22 +00:00			`err = bind(User{`
			`DN: login_info.DN,`
			`Password: login_info.Password,`
			`}, config, l)`

Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`if err != nil {`
			`delete(session.Values, "login_username")`
			`delete(session.Values, "login_password")`
			`delete(session.Values, "login_dn")`

			`err = session.Save(r, w)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return nil`
			`}`
			`return checkLogin(w, r)`
			`}`

Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`ldapUser, err := get(User{`
			`DN: login_info.DN,`
Factoring the model user and correcting password 2023-07-22 06:48:58 +00:00			`CN: login_info.Username,`
Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`}, config, l)`

Factoring the model user and correcting password 2023-07-22 06:35:39 +00:00			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return nil`
			`}`

Factoring the model user and correcting password 2023-07-22 06:31:35 +00:00			`userEntry := ldapUser.UserEntry`

Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`loginStatus := &LoginStatus{`
Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`Info: login_info,`
			`conn: l,`
Factoring the model user and correcting password 2023-07-22 06:31:35 +00:00			`UserEntry: userEntry,`
Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`CanAdmin: ldapUser.CanAdmin,`
			`CanInvite: ldapUser.CanInvite,`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`}`

Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`/*`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`requestKind := "(objectClass=organizationalPerson)"`
			`if strings.EqualFold(login_info.DN, config.AdminAccount) {`
			`requestKind = "(objectclass=*)"`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`}`
Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`searchRequest := ldap.NewSearchRequest(`
			`login_info.DN,`
			`ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,`
			`requestKind,`
			`[]string{`
			`"dn",`
			`"displayname",`
			`"givenname",`
			`"sn",`
			`"mail",`
			`"cn",`
			`"memberof",`
			`"description",`
			`"garage_s3_access_key",`
			`},`
			`nil)`
			`// FIELD_NAME_DIRECTORY_VISIBILITY,`
			`// FIELD_NAME_PROFILE_PICTURE,`

			`sr, err := l.Search(searchRequest)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return nil`
			`}`

			`if len(sr.Entries) != 1 {`
			`http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError)`
			`return nil`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`}`

Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`loginStatus.UserEntry = sr.Entries[0]`

			`loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)`
			`loginStatus.CanInvite = false`

			`groups := []EntryName{}`
			`searchRequest = ldap.NewSearchRequest(`
			`config.GroupBaseDN,`
			`ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,`
			`fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", login_info.DN),`
			`[]string{"dn", "displayName", "cn", "description"},`
			`nil)`
			`// // log.Printf(fmt.Sprintf("708: %v",searchRequest))`
			`sr, err = l.Search(searchRequest)`
			`// if err != nil {`
			`// http.Error(w, err.Error(), http.StatusInternalServerError)`
			`// return`
			`// }`
			`//// log.Printf(fmt.Sprintf("303: %v",sr.Entries))`
			`for _, ent := range sr.Entries {`
			`// log.Printf(fmt.Sprintf("305: %v",ent.DN))`
			`groups = append(groups, EntryName{`
			`DN: ent.DN,`
			`Name: ent.GetAttributeValue("cn"),`
			`})`
			`// log.Printf(fmt.Sprintf("310: %v",config.GroupCanInvite))`
			`if config.GroupCanInvite != "" && strings.EqualFold(ent.DN, config.GroupCanInvite) {`
			`loginStatus.CanInvite = true`
			`}`
			`// log.Printf(fmt.Sprintf("314: %v",config.GroupCanAdmin))`
			`if config.GroupCanAdmin != "" && strings.EqualFold(ent.DN, config.GroupCanAdmin) {`
			`loginStatus.CanAdmin = true`
			`}`
			`}`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Factoring the model user and correcting password 2023-07-22 06:28:23 +00:00			`// for _, attr := range loginStatus.UserEntry.Attributes {`
			`// if strings.EqualFold(attr.Name, "memberof") {`
			`// for _, group := range attr.Values {`
			`// if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {`
			`// loginStatus.CanInvite = true`
			`// }`
			`// if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {`
			`// loginStatus.CanAdmin = true`
			`// }`
			`// }`
			`// }`
			`// }`

			`return loginStatus`
			`*/`
Adding LDAPS with newuser permissions OK 2023-07-23 06:22:09 +00:00
			`return loginStatus`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`}`

			`func handleLogout(w http.ResponseWriter, r *http.Request) {`
			`session, err := store.Get(r, SESSION_NAME)`
			`if err != nil {`
			`session, _ = store.New(r, SESSION_NAME)`
			`}`

			`delete(session.Values, "login_username")`
			`delete(session.Values, "login_password")`
			`delete(session.Values, "login_dn")`

			`err = session.Save(r, w)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`http.Redirect(w, r, "/", http.StatusFound)`
			`}`

			`type LoginFormData struct {`
			`Username string`
			`WrongUser bool`
			`WrongPass bool`
			`ErrorMessage string`
			`}`

			`func handleLogin(w http.ResponseWriter, r http.Request) LoginInfo {`
			`templateLogin := getTemplate("login.html")`

			`if r.Method == "GET" {`
			`templateLogin.Execute(w, LoginFormData{})`
			`return nil`
			`} else if r.Method == "POST" {`
Factoring the model user and correcting password 2023-07-22 08:18:05 +00:00			`// log.Printf("%v", "Parsing Form handleLogin")`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`r.ParseForm()`

			`username := strings.Join(r.Form["username"], "")`
			`password := strings.Join(r.Form["password"], "")`
			`user_dn := fmt.Sprintf("%s=%s,%s", config.UserNameAttr, username, config.UserBaseDN)`
Implementing Activate User 2023-07-21 08:16:51 +00:00
Factoring the model user and correcting password 2023-07-22 08:18:05 +00:00			`// log.Printf("%v", user_dn)`
			`// log.Printf("%v", username)`
Factoring the model user and correcting password 2023-07-22 05:53:21 +00:00
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`if strings.EqualFold(username, config.AdminAccount) {`
			`user_dn = username`
			`}`
Implementing Activate User 2023-07-21 11:52:05 +00:00			`loginInfo, err := doLogin(w, r, username, user_dn, password)`
Factoring the model user and correcting password 2023-07-22 08:18:05 +00:00			`// log.Printf("%v", loginInfo)`
Implementing Activate User 2023-07-21 08:30:17 +00:00			`if err != nil {`
			`data := &LoginFormData{`
			`Username: username,`
			`}`
			`if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {`
			`data.WrongPass = true`
			`} else if ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) {`
			`data.WrongUser = true`
			`} else {`
Factoring the model user and correcting password 2023-07-22 05:50:45 +00:00			`log.Printf("%v", err)`
			`log.Printf("%v", user_dn)`
			`log.Printf("%v", username)`
Implementing Activate User 2023-07-21 08:30:17 +00:00			`data.ErrorMessage = err.Error()`
			`}`
			`templateLogin.Execute(w, data)`
			`}`
Implementing Activate User 2023-07-21 08:26:35 +00:00			`return loginInfo`
Implementing Activate User 2023-07-21 08:22:23 +00:00
Implementing Activate User 2023-07-21 08:16:51 +00:00			`} else {`
			`http.Error(w, "Unsupported method", http.StatusBadRequest)`
			`return nil`
			`}`
			`}`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Implementing Activate User 2023-07-21 11:50:34 +00:00			`func doLogin(w http.ResponseWriter, r http.Request, username string, user_dn string, password string) (LoginInfo, error) {`
Implementing Activate User 2023-07-21 12:15:44 +00:00			`l, _ := ldapOpen(w)`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Implementing Activate User 2023-07-21 08:16:51 +00:00			`err := l.Bind(user_dn, password)`
Implementing Activate User 2023-07-21 08:30:17 +00:00			`if err != nil {`
Factoring the model user and correcting password 2023-07-22 08:18:05 +00:00			`log.Printf("doLogin : %v", err)`
			`log.Printf("doLogin : %v", user_dn)`
Implementing Activate User 2023-07-21 11:50:34 +00:00			`return nil, err`
Implementing Activate User 2023-07-21 08:16:51 +00:00			`}`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Implementing Activate User 2023-07-21 08:16:51 +00:00			`// Successfully logged in, save it to session`
			`session, err := store.Get(r, SESSION_NAME)`
			`if err != nil {`
			`session, _ = store.New(r, SESSION_NAME)`
			`}`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Implementing Activate User 2023-07-21 08:16:51 +00:00			`session.Values["login_username"] = username`
			`session.Values["login_password"] = password`
			`session.Values["login_dn"] = user_dn`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00
Implementing Activate User 2023-07-21 08:16:51 +00:00			`err = session.Save(r, w)`
			`if err != nil {`
Factoring the model user and correcting password 2023-07-22 08:18:05 +00:00			`log.Printf("doLogin Session Save: %v", err)`
Implementing Activate User 2023-07-21 08:16:51 +00:00			`http.Error(w, err.Error(), http.StatusInternalServerError)`
Implementing Activate User 2023-07-21 11:50:34 +00:00			`return nil, err`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`}`
Implementing Activate User 2023-07-21 08:16:51 +00:00
Implementing Activate User 2023-07-21 08:30:17 +00:00			`LoginInfo := LoginInfo{`
Implementing Activate User 2023-07-21 08:16:51 +00:00			`DN: user_dn,`
			`Username: username,`
			`Password: password,`
			`}`

Implementing Activate User 2023-07-21 11:50:34 +00:00			`return &LoginInfo, nil`
Refactoring into login.go and config.go 2023-07-21 04:23:52 +00:00			`}`