Adding LDAPS with newuser permissions OK
This commit is contained in:
parent
00e2a57c29
commit
14a446df71
8 changed files with 149 additions and 16 deletions
4
go.mod
4
go.mod
|
@ -4,8 +4,8 @@ go 1.18
|
|||
|
||||
require (
|
||||
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20230131081355-c965fe7f7dc9
|
||||
github.com/emersion/go-sasl v0.0.0-20191210011802-430746ea8b9b
|
||||
github.com/emersion/go-smtp v0.12.1
|
||||
github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
|
||||
github.com/emersion/go-smtp v0.17.0
|
||||
github.com/go-ldap/ldap/v3 v3.1.6
|
||||
github.com/google/uuid v1.1.1
|
||||
github.com/gorilla/mux v1.7.3
|
||||
|
|
4
go.sum
4
go.sum
|
@ -48,8 +48,12 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn
|
|||
github.com/emersion/go-sasl v0.0.0-20190817083125-240c8404624e/go.mod h1:G/dpzLu16WtQpBfQ/z3LYiYJn3ZhKSGWn83fyoyQe/k=
|
||||
github.com/emersion/go-sasl v0.0.0-20191210011802-430746ea8b9b h1:uhWtEWBHgop1rqEk2klKaxPAkVDCXexai6hSuRQ7Nvs=
|
||||
github.com/emersion/go-sasl v0.0.0-20191210011802-430746ea8b9b/go.mod h1:G/dpzLu16WtQpBfQ/z3LYiYJn3ZhKSGWn83fyoyQe/k=
|
||||
github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 h1:OJyUGMJTzHTd1XQp98QTaHernxMYzRaOasRir9hUlFQ=
|
||||
github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
|
||||
github.com/emersion/go-smtp v0.12.1 h1:1R8BDqrR2HhlGwgFYcOi+BVTvK1bMjAB65QcVpJ5sNA=
|
||||
github.com/emersion/go-smtp v0.12.1/go.mod h1:SD9V/xa4ndMw77lR3Mf7htkp8RBNYuPh9UeuBs9tpUQ=
|
||||
github.com/emersion/go-smtp v0.17.0 h1:tq90evlrcyqRfE6DSXaWVH54oX6OuZOQECEmhWBMEtI=
|
||||
github.com/emersion/go-smtp v0.17.0/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||
|
|
67
gpas.go
Normal file
67
gpas.go
Normal file
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
gpas is GVoisin password reset
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"log"
|
||||
|
||||
"github.com/emersion/go-sasl"
|
||||
"github.com/emersion/go-smtp"
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
// "strings"
|
||||
)
|
||||
|
||||
// var EMAIL_REGEXP := regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
|
||||
|
||||
func passwordLost(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
|
||||
if user.CN == "" && user.Mail == "" && user.OtherMailbox == "" {
|
||||
return errors.New("Il n'y a pas de quoi identifier l'utilisateur")
|
||||
}
|
||||
searchFilter := "(|"
|
||||
if user.CN == "" {
|
||||
searchFilter += "(cn=" + user.CN + ")"
|
||||
}
|
||||
if user.Mail == "" {
|
||||
searchFilter += "(mail=" + user.Mail + ")"
|
||||
}
|
||||
if user.OtherMailbox == "" {
|
||||
searchFilter += "(carLicense=" + user.OtherMailbox + ")"
|
||||
}
|
||||
searchReq := ldap.NewSearchRequest(config.UserBaseDN, ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, "(|()()())", []string{"cn", "uid", "mail", "carLicense"}, nil)
|
||||
searchRes, err := ldapConn.Search(searchReq)
|
||||
err = l.Bind(config.NewUserDN, config.NewUserPassword)
|
||||
if err != nil {
|
||||
log.Printf(fmt.Sprintf("passwordLost : %v %v", err, l))
|
||||
}
|
||||
if len(searchRes.Entries) == 0 {
|
||||
return errors.New("Il n'y a pas d'utilisateur qui correspond")
|
||||
}
|
||||
// Préparation du courriel à envoyer
|
||||
code := "GPas"
|
||||
templateMail := template.Must(template.ParseFiles(templatePath + "/invite_mail.txt"))
|
||||
buf := bytes.NewBuffer([]byte{})
|
||||
templateMail.Execute(buf, &CodeMailFields{
|
||||
To: user.OtherMailbox,
|
||||
From: config.MailFrom,
|
||||
InviteFrom: "GPas",
|
||||
Code: code,
|
||||
WebBaseAddress: config.WebAddress,
|
||||
})
|
||||
log.Printf("Sending mail to: %s", user.OtherMailbox)
|
||||
var auth sasl.Client = nil
|
||||
if config.SMTPUsername != "" {
|
||||
auth = sasl.NewPlainClient("", config.SMTPUsername, config.SMTPPassword)
|
||||
}
|
||||
err = smtp.SendMail(config.SMTPServer, auth, config.MailFrom, []string{user.OtherMailbox}, buf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
log.Printf("Mail sent.")
|
||||
return nil
|
||||
}
|
50
invite.go
50
invite.go
|
@ -38,6 +38,42 @@ func checkInviterLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
|||
|
||||
// New account creation directly from interface
|
||||
|
||||
type LostPasswordData struct {
|
||||
Username string
|
||||
Mail string
|
||||
OtherMailbox string
|
||||
}
|
||||
|
||||
func handleLostPassword(w http.ResponseWriter, r *http.Request) {
|
||||
templateLostPasswordPage := getTemplate("lost_password.html")
|
||||
l, err := ldapOpen(w)
|
||||
if err != nil {
|
||||
log.Printf(fmt.Sprintf("handleLostPassword : %v %v", err, l))
|
||||
}
|
||||
err = l.Bind(config.NewUserDN, config.NewUserPassword)
|
||||
if err != nil {
|
||||
log.Printf(fmt.Sprintf("handleLostPassword : %v %v", err, l))
|
||||
}
|
||||
data := LostPasswordData{}
|
||||
if r.Method == "POST" {
|
||||
r.ParseForm()
|
||||
data.Username = strings.TrimSpace(strings.Join(r.Form["username"], ""))
|
||||
data.Mail = strings.TrimSpace(strings.Join(r.Form["mail"], ""))
|
||||
data.OtherMailbox = strings.TrimSpace(strings.Join(r.Form["otherMailbox"], ""))
|
||||
user := User{
|
||||
CN: data.Username,
|
||||
Mail: data.Mail,
|
||||
OtherMailbox: data.OtherMailbox,
|
||||
}
|
||||
err = passwordLost(user, config, l)
|
||||
err = l.Bind(config.NewUserDN, config.NewUserPassword)
|
||||
if err != nil {
|
||||
log.Printf(fmt.Sprintf("handleLostPassword : %v %v", err, l))
|
||||
}
|
||||
}
|
||||
templateLostPasswordPage.Execute(w, data)
|
||||
}
|
||||
|
||||
func handleInviteNewAccount(w http.ResponseWriter, r *http.Request) {
|
||||
l, err := ldapOpen(w)
|
||||
if err != nil {
|
||||
|
@ -54,9 +90,9 @@ func handleInviteNewAccount(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
// loginInfo, err := doLogin(w, r, "testuser", config.NewUserDN, config.NewUserPassword)
|
||||
|
||||
if err != nil {
|
||||
log.Printf(fmt.Sprintf("58: %v %v", err, l))
|
||||
}
|
||||
// if err != nil {
|
||||
// log.Printf(fmt.Sprintf("58: %v %v", err, l))
|
||||
// }
|
||||
|
||||
// l := ldapOpen(w)
|
||||
if l == nil {
|
||||
|
@ -129,7 +165,7 @@ type NewAccountData struct {
|
|||
Surname string
|
||||
Mail string
|
||||
SuggestPW string
|
||||
CN string
|
||||
OtherEmail string
|
||||
|
||||
ErrorUsernameTaken bool
|
||||
ErrorInvalidUsername bool
|
||||
|
@ -156,9 +192,9 @@ func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn, invi
|
|||
newUser.GivenName = strings.TrimSpace(strings.Join(r.Form["givenname"], ""))
|
||||
newUser.SN = strings.TrimSpace(strings.Join(r.Form["surname"], ""))
|
||||
newUser.Mail = strings.TrimSpace(strings.Join(r.Form["mail"], ""))
|
||||
newUser.UID = strings.TrimSpace(strings.Join(r.Form["username"], ""))
|
||||
newUser.CN = strings.TrimSpace(strings.Join(r.Form["cn"], ""))
|
||||
newUser.DN = "cn=" + strings.TrimSpace(strings.Join(r.Form["cn"], "")) + "," + config.InvitationBaseDN
|
||||
newUser.UID = strings.TrimSpace(strings.Join(r.Form["otheremail"], ""))
|
||||
newUser.CN = strings.TrimSpace(strings.Join(r.Form["username"], ""))
|
||||
newUser.DN = "cn=" + strings.TrimSpace(strings.Join(r.Form["username"], "")) + "," + config.InvitationBaseDN
|
||||
|
||||
password1 := strings.Join(r.Form["password"], "")
|
||||
password2 := strings.Join(r.Form["password2"], "")
|
||||
|
|
7
login.go
7
login.go
|
@ -73,8 +73,6 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
|||
Password: login_info.Password,
|
||||
}, config, l)
|
||||
|
||||
// err = l.Bind(login_info.DN, login_info.Password)
|
||||
|
||||
if err != nil {
|
||||
delete(session.Values, "login_username")
|
||||
delete(session.Values, "login_password")
|
||||
|
@ -108,8 +106,6 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
|||
CanInvite: ldapUser.CanInvite,
|
||||
}
|
||||
|
||||
return loginStatus
|
||||
|
||||
/*
|
||||
|
||||
requestKind := "(objectClass=organizationalPerson)"
|
||||
|
@ -196,6 +192,8 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
|
|||
|
||||
return loginStatus
|
||||
*/
|
||||
|
||||
return loginStatus
|
||||
}
|
||||
|
||||
func handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
|
@ -304,5 +302,4 @@ func doLogin(w http.ResponseWriter, r *http.Request, username string, user_dn st
|
|||
}
|
||||
|
||||
return &LoginInfo, nil
|
||||
|
||||
}
|
||||
|
|
1
main.go
1
main.go
|
@ -75,6 +75,7 @@ func main() {
|
|||
|
||||
r.HandleFunc("/invite/new_account", handleInviteNewAccount)
|
||||
r.HandleFunc("/invite/send_code", handleInviteSendCode)
|
||||
r.HandleFunc("/gpas", handleLostPassword)
|
||||
r.HandleFunc("/invitation/{code}", handleInvitationCode)
|
||||
|
||||
r.HandleFunc("/admin/users", handleAdminUsers)
|
||||
|
|
|
@ -31,8 +31,8 @@
|
|||
<input type="text" id="surname" name="surname" class="form-control" value="{{ .Surname }}" />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="cn">Email de secours:</label>
|
||||
<input type="text" id="cn" name="cn" class="form-control" value="{{ .CN }}" />
|
||||
<label for="otheremail">Email de secours:</label>
|
||||
<input type="text" id="otheremail" name="otheremail" class="form-control" value="{{ .OtherEmail }}" />
|
||||
<small class="form-text text-muted">
|
||||
Le courriel de l'utilisateur.
|
||||
</small>
|
||||
|
|
28
templates/lost_password.html
Normal file
28
templates/lost_password.html
Normal file
|
@ -0,0 +1,28 @@
|
|||
<h2>G Pas</h2>
|
||||
|
||||
<p>Refaire son mot de passe</p>
|
||||
|
||||
{{if .ErrorMessage}}
|
||||
<div class="alert alert-danger">Impossible
|
||||
<div style="font-size: 0.8em">{{ .ErrorMessage }}</div>
|
||||
</div>
|
||||
{{end}}
|
||||
{{if .Success}}
|
||||
<div class="alert alert-success mt-4">
|
||||
Email envoyé au courriel de secours.
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
<form method="POST">
|
||||
<div class="form-group">
|
||||
<label for="username">Identifiant :</label>
|
||||
<input type="text" name="username" id="username" class="form-control" value="{{ .Username }}" />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="username">Mail (@resdigita.com) :</label>
|
||||
<input type="text" name="mail" id="mail" class="form-control" value="{{ .Mail }}" />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="username">Mail de secours :</label>
|
||||
<input type="text" name="othermailbox" id="othermailbox" class="form-control" value="{{ .OtherMailbox }}" />
|
||||
</div>
|
Loading…
Reference in a new issue