chris2fr/gvguichet
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remember who invited who

Browse Source
This commit is contained in:
Alex Auvolat 2020-02-14 22:51:12 +01:00
parent d78ce5309a
commit 193e28cf00
2 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
guichet.hcl.example
View File

@ -12,7 +12,7 @@ job "guichet" {
task "server" { task "server" {
driver = "docker" driver = "docker"
config { config {
image = "lxpz/guichet_amd64:8" image = "lxpz/guichet_amd64:9"
readonly_rootfs = true readonly_rootfs = true
port_map { port_map {
web_port = 9991 web_port = 9991

29
invite.go
View File

@ -43,7 +43,7 @@ func handleInviteNewAccount(w http.ResponseWriter, r *http.Request) {
return return
} }
handleNewAccount(w, r, login.conn) handleNewAccount(w, r, login.conn, login.Info.DN)
} }
// New account creation using code // New account creation using code
@ -65,7 +65,25 @@ func handleInvitationCode(w http.ResponseWriter, r *http.Request) {
return return
} }
if handleNewAccount(w, r, l) { sReq := ldap.NewSearchRequest(
inviteDn,
ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(objectclass=*)"),
[]string{"dn", "creatorsname"},
nil)
sr, err := l.Search(sReq)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if len(sr.Entries) != 1 {
http.Error(w, fmt.Sprintf("Expected 1 entry, got %d", len(sr.Entries)), http.StatusInternalServerError)
return
}
invitedBy := sr.Entries[0].GetAttributeValue("creatorsname")
if handleNewAccount(w, r, l, invitedBy) {
del_req := ldap.NewDelRequest(inviteDn, nil) del_req := ldap.NewDelRequest(inviteDn, nil)
err = l.Del(del_req) err = l.Del(del_req)
if err != nil { if err != nil {
@ -91,7 +109,7 @@ type NewAccountData struct {
Success bool Success bool
} }
func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn) bool { func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn, invitedBy string) bool {
templateInviteNewAccount := template.Must(template.ParseFiles("templates/layout.html", "templates/invite_new_account.html")) templateInviteNewAccount := template.Must(template.ParseFiles("templates/layout.html", "templates/invite_new_account.html"))
data := &NewAccountData{} data := &NewAccountData{}
@ -107,14 +125,14 @@ func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn) bool
password1 := strings.Join(r.Form["password"], "") password1 := strings.Join(r.Form["password"], "")
password2 := strings.Join(r.Form["password2"], "") password2 := strings.Join(r.Form["password2"], "")
tryCreateAccount(l, data, password1, password2) tryCreateAccount(l, data, password1, password2, invitedBy)
} }
templateInviteNewAccount.Execute(w, data) templateInviteNewAccount.Execute(w, data)
return data.Success return data.Success
} }
func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string) { func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string, invitedBy string) {
// Check if username is correct // Check if username is correct
if match, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", data.Username); !(err == nil && match) { if match, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", data.Username); !(err == nil && match) {
data.ErrorInvalidUsername = true data.ErrorInvalidUsername = true
@ -156,6 +174,7 @@ func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 st
req.Attribute("objectclass", []string{"inetOrgPerson", "organizationalPerson", "person", "top"}) req.Attribute("objectclass", []string{"inetOrgPerson", "organizationalPerson", "person", "top"})
req.Attribute("structuralobjectclass", []string{"inetOrgPerson"}) req.Attribute("structuralobjectclass", []string{"inetOrgPerson"})
req.Attribute("userpassword", []string{SSHAEncode([]byte(pass1))}) req.Attribute("userpassword", []string{SSHAEncode([]byte(pass1))})
req.Attribute("invitedby", []string{invitedBy})
if len(data.DisplayName) > 0 { if len(data.DisplayName) > 0 {
req.Attribute("displayname", []string{data.DisplayName}) req.Attribute("displayname", []string{data.DisplayName})
} }