From 2cc58a6e09e1ab7b1ec23dd395cff89ce339d001 Mon Sep 17 00:00:00 2001
From: Chris Mann <chris@lesgrandsvoisins.com>
Date: Sat, 22 Jul 2023 08:28:23 +0200
Subject: [PATCH] Factoring the model user and correcting password

---
 login.go      | 180 +++++++++++++++++++++++++++-----------------------
 model-user.go |   5 ++
 2 files changed, 101 insertions(+), 84 deletions(-)

diff --git a/login.go b/login.go
index 5a8f74b..06fa3eb 100644
--- a/login.go
+++ b/login.go
@@ -88,94 +88,106 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 		return checkLogin(w, r)
 	}
 
+	ldapUser, err := get(User{
+		DN: login_info.DN,
+	}, config, l)
+
 	loginStatus := &LoginStatus{
-		Info: login_info,
-		conn: l,
+		Info:      login_info,
+		conn:      l,
+		UserEntry: ldapUser.UserEntry,
+		CanAdmin:  ldapUser.CanAdmin,
+		CanInvite: ldapUser.CanInvite,
 	}
 
-	requestKind := "(objectClass=organizationalPerson)"
-	if strings.EqualFold(login_info.DN, config.AdminAccount) {
-		requestKind = "(objectclass=*)"
-	}
-	searchRequest := ldap.NewSearchRequest(
-		login_info.DN,
-		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
-		requestKind,
-		[]string{
-			"dn",
-			"displayname",
-			"givenname",
-			"sn",
-			"mail",
-			"cn",
-			"memberof",
-			"description",
-			"garage_s3_access_key",
-		},
-		nil)
-	//			FIELD_NAME_DIRECTORY_VISIBILITY,
-	//			FIELD_NAME_PROFILE_PICTURE,
-
-	sr, err := l.Search(searchRequest)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return nil
-	}
-
-	if len(sr.Entries) != 1 {
-		http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError)
-		return nil
-	}
-
-	loginStatus.UserEntry = sr.Entries[0]
-
-	loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
-	loginStatus.CanInvite = false
-
-	groups := []EntryName{}
-	searchRequest = ldap.NewSearchRequest(
-		config.GroupBaseDN,
-		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", login_info.DN),
-		[]string{"dn", "displayName", "cn", "description"},
-		nil)
-	// // log.Printf(fmt.Sprintf("708: %v",searchRequest))
-	sr, err = l.Search(searchRequest)
-	// if err != nil {
-	// 	http.Error(w, err.Error(), http.StatusInternalServerError)
-	// 	return
-	// }
-	//// log.Printf(fmt.Sprintf("303: %v",sr.Entries))
-	for _, ent := range sr.Entries {
-		// log.Printf(fmt.Sprintf("305: %v",ent.DN))
-		groups = append(groups, EntryName{
-			DN:   ent.DN,
-			Name: ent.GetAttributeValue("cn"),
-		})
-		// log.Printf(fmt.Sprintf("310: %v",config.GroupCanInvite))
-		if config.GroupCanInvite != "" && strings.EqualFold(ent.DN, config.GroupCanInvite) {
-			loginStatus.CanInvite = true
-		}
-		// log.Printf(fmt.Sprintf("314: %v",config.GroupCanAdmin))
-		if config.GroupCanAdmin != "" && strings.EqualFold(ent.DN, config.GroupCanAdmin) {
-			loginStatus.CanAdmin = true
-		}
-	}
-
-	// for _, attr := range loginStatus.UserEntry.Attributes {
-	// 	if strings.EqualFold(attr.Name, "memberof") {
-	// 		for _, group := range attr.Values {
-	// 			if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
-	// 				loginStatus.CanInvite = true
-	// 			}
-	// 			if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
-	// 				loginStatus.CanAdmin = true
-	// 			}
-	// 		}
-	// 	}
-	// }
-
 	return loginStatus
+
+	/*
+
+		requestKind := "(objectClass=organizationalPerson)"
+		if strings.EqualFold(login_info.DN, config.AdminAccount) {
+			requestKind = "(objectclass=*)"
+		}
+		searchRequest := ldap.NewSearchRequest(
+			login_info.DN,
+			ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
+			requestKind,
+			[]string{
+				"dn",
+				"displayname",
+				"givenname",
+				"sn",
+				"mail",
+				"cn",
+				"memberof",
+				"description",
+				"garage_s3_access_key",
+			},
+			nil)
+		//			FIELD_NAME_DIRECTORY_VISIBILITY,
+		//			FIELD_NAME_PROFILE_PICTURE,
+
+		sr, err := l.Search(searchRequest)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return nil
+		}
+
+		if len(sr.Entries) != 1 {
+			http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError)
+			return nil
+		}
+
+		loginStatus.UserEntry = sr.Entries[0]
+
+		loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
+		loginStatus.CanInvite = false
+
+		groups := []EntryName{}
+		searchRequest = ldap.NewSearchRequest(
+			config.GroupBaseDN,
+			ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+			fmt.Sprintf("(&(objectClass=groupOfNames)(member=%s))", login_info.DN),
+			[]string{"dn", "displayName", "cn", "description"},
+			nil)
+		// // log.Printf(fmt.Sprintf("708: %v",searchRequest))
+		sr, err = l.Search(searchRequest)
+		// if err != nil {
+		// 	http.Error(w, err.Error(), http.StatusInternalServerError)
+		// 	return
+		// }
+		//// log.Printf(fmt.Sprintf("303: %v",sr.Entries))
+		for _, ent := range sr.Entries {
+			// log.Printf(fmt.Sprintf("305: %v",ent.DN))
+			groups = append(groups, EntryName{
+				DN:   ent.DN,
+				Name: ent.GetAttributeValue("cn"),
+			})
+			// log.Printf(fmt.Sprintf("310: %v",config.GroupCanInvite))
+			if config.GroupCanInvite != "" && strings.EqualFold(ent.DN, config.GroupCanInvite) {
+				loginStatus.CanInvite = true
+			}
+			// log.Printf(fmt.Sprintf("314: %v",config.GroupCanAdmin))
+			if config.GroupCanAdmin != "" && strings.EqualFold(ent.DN, config.GroupCanAdmin) {
+				loginStatus.CanAdmin = true
+			}
+		}
+
+		// for _, attr := range loginStatus.UserEntry.Attributes {
+		// 	if strings.EqualFold(attr.Name, "memberof") {
+		// 		for _, group := range attr.Values {
+		// 			if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
+		// 				loginStatus.CanInvite = true
+		// 			}
+		// 			if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
+		// 				loginStatus.CanAdmin = true
+		// 			}
+		// 		}
+		// 	}
+		// }
+
+		return loginStatus
+	*/
 }
 
 func handleLogout(w http.ResponseWriter, r *http.Request) {
diff --git a/model-user.go b/model-user.go
index e5084fc..ffbec03 100644
--- a/model-user.go
+++ b/model-user.go
@@ -6,6 +6,7 @@ package main
 import (
 	"fmt"
 	"log"
+	"strings"
 
 	"github.com/go-ldap/ldap/v3"
 )
@@ -25,6 +26,7 @@ type User struct {
 	Password    string
 	CanAdmin    bool
 	CanInvite   bool
+	UserEntry   *ldap.Entry
 }
 
 func get(user User, config *ConfigFile, ldapConn *ldap.Conn) (*User, error) {
@@ -52,6 +54,9 @@ func get(user User, config *ConfigFile, ldapConn *ldap.Conn) (*User, error) {
 		SN:          searchRes.Entries[0].GetAttributeValue("sn"),
 		UID:         searchRes.Entries[0].GetAttributeValue("uid"),
 		CN:          searchRes.Entries[0].GetAttributeValue("cn"),
+		CanAdmin:    strings.EqualFold(user.DN, config.AdminAccount),
+		CanInvite:   true,
+		UserEntry:   searchRes.Entries[0],
 	}
 	return &resUser, nil
 }