Add the ability to do some user managment tasks through admin API

admin/db-user.go

@@ -37,6 +37,7 @@ import (
 	"io"
 	"net/http"
 	"strconv"
+	"time"
 
 	"github.com/julienschmidt/httprouter"
 
@@ -44,6 +45,7 @@ import (
 	"git.happydns.org/happydns/config"
 	"git.happydns.org/happydns/model"
 	"git.happydns.org/happydns/storage"
+	"git.happydns.org/happydns/utils"
 )
 
 func init() {
@@ -54,6 +56,13 @@ func init() {
 	router.GET("/api/users/:userid", api.ApiHandler(userHandler(getUser)))
 	router.PUT("/api/users/:userid", api.ApiHandler(userHandler(updateUser)))
 	router.DELETE("/api/users/:userid", api.ApiHandler(userHandler(deleteUser)))
+
+	router.POST("/api/users/:userid/recover_link", api.ApiHandler(userHandler(recoverUserAcct)))
+	router.POST("/api/users/:userid/reset_password", api.ApiHandler(userHandler(resetUserPasswd)))
+	router.POST("/api/users/:userid/send_recover_email", api.ApiHandler(userHandler(sendRecoverUserAcct)))
+	router.POST("/api/users/:userid/send_validation_email", api.ApiHandler(userHandler(sendValidateUserEmail)))
+	router.POST("/api/users/:userid/validation_link", api.ApiHandler(userHandler(emailValidationLink)))
+	router.POST("/api/users/:userid/validate_email", api.ApiHandler(userHandler(validateEmail)))
 }
 
 func getUsers(_ *config.Options, _ httprouter.Params, _ io.Reader) api.Response {
@@ -114,3 +123,51 @@ func updateUser(_ *config.Options, user *happydns.User, _ httprouter.Params, bod
 func deleteUser(_ *config.Options, user *happydns.User, _ httprouter.Params, _ io.Reader) api.Response {
 	return api.NewAPIResponse(true, storage.MainStore.DeleteUser(user))
 }
+
+func emailValidationLink(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
+	return api.NewAPIResponse(opts.GetRegistrationURL(user), nil)
+}
+
+func recoverUserAcct(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
+	return api.NewAPIResponse(opts.GetAccountRecoveryURL(user), nil)
+}
+
+type resetPassword struct {
+	Password string
+}
+
+func resetUserPasswd(_ *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
+	urp := &resetPassword{}
+	err := json.NewDecoder(body).Decode(&urp)
+	if err != nil && err != io.EOF {
+		return api.NewAPIErrorResponse(http.StatusBadRequest, fmt.Errorf("Something is wrong in received data: %w", err))
+	}
+
+	if urp.Password == "" {
+		urp.Password, err = utils.GeneratePassword()
+		if err != nil {
+			return api.NewAPIErrorResponse(http.StatusInternalServerError, err)
+		}
+	}
+
+	err = user.DefinePassword(urp.Password)
+	if err != nil {
+		return api.NewAPIErrorResponse(http.StatusInternalServerError, err)
+	}
+
+	return api.NewAPIResponse(urp, storage.MainStore.UpdateUser(user))
+}
+
+func sendRecoverUserAcct(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
+	return api.NewAPIResponse(true, api.SendRecoveryLink(opts, user))
+}
+
+func sendValidateUserEmail(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
+	return api.NewAPIResponse(true, api.SendValidationLink(opts, user))
+}
+
+func validateEmail(_ *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
+	now := time.Now()
+	user.EmailValidated = &now
+	return api.NewAPIResponse(user, storage.MainStore.UpdateUser(user))
+}

api/users.go

@@ -40,6 +40,7 @@ import (
 	"net/mail"
 	"strconv"
 	"strings"
+	"time"
 	"unicode"
 
 	"github.com/julienschmidt/httprouter"
@@ -90,7 +91,7 @@ func genUsername(user *happydns.User) (toName string) {
 	return
 }
 
-func sendValidationLink(opts *config.Options, user *happydns.User) error {
+func SendValidationLink(opts *config.Options, user *happydns.User) error {
 	toName := genUsername(user)
 	return utils.SendMail(
 		&mail.Address{Name: toName, Address: user.Email},
@@ -109,7 +110,7 @@ In order to validate your account, please follow this link now:
 	)
 }
 
-func sendRecoveryLink(opts *config.Options, user *happydns.User) error {
+func SendRecoveryLink(opts *config.Options, user *happydns.User) error {
 	toName := genUsername(user)
 	return utils.SendMail(
 		&mail.Address{Name: toName, Address: user.Email},
@@ -159,7 +160,7 @@ func registerUser(opts *config.Options, p httprouter.Params, body io.Reader) Res
 		return APIErrorResponse{
 			err: err,
 		}
-	} else if sendValidationLink(opts, user); err != nil {
+	} else if SendValidationLink(opts, user); err != nil {
 		return APIErrorResponse{
 			err: err,
 		}
@@ -189,14 +190,14 @@ func specialUserOperations(opts *config.Options, p httprouter.Params, body io.Re
 	} else {
 		if uu.Kind == "recovery" {
 			if user.EmailValidated == nil {
-				if err = sendValidationLink(opts, user); err != nil {
+				if err = SendValidationLink(opts, user); err != nil {
 					return APIErrorResponse{
 						err: err,
 					}
 
 				}
 			} else {
-				if err = sendRecoveryLink(opts, user); err != nil {
+				if err = SendRecoveryLink(opts, user); err != nil {
 					return APIErrorResponse{
 						err: err,
 					}
@@ -210,7 +211,7 @@ func specialUserOperations(opts *config.Options, p httprouter.Params, body io.Re
 		} else if uu.Kind == "validation" {
 			if user.EmailValidated != nil {
 				return res
-			} else if err = sendValidationLink(opts, user); err != nil {
+			} else if err = SendValidationLink(opts, user); err != nil {
 				return APIErrorResponse{
 					err: err,
 				}
@@ -311,6 +312,11 @@ func recoverUserAccount(opts *config.Options, user *happydns.User, body io.Reade
 		}
 	}
 
+	if user.RegistrationTime == nil {
+		now := time.Now()
+		user.RegistrationTime = &now
+	}
+
 	if err := user.CanRecoverAccount(uar.Key); err != nil {
 		return APIErrorResponse{
 			err: err,

utils/password.go

@@ -0,0 +1,62 @@
+// Copyright or © or Copr. happyDNS (2020)
+//
+// contact@happydns.org
+//
+// This software is a computer program whose purpose is to provide a modern
+// interface to interact with DNS systems.
+//
+// This software is governed by the CeCILL license under French law and abiding
+// by the rules of distribution of free software.  You can use, modify and/or
+// redistribute the software under the terms of the CeCILL license as
+// circulated by CEA, CNRS and INRIA at the following URL
+// "http://www.cecill.info".
+//
+// As a counterpart to the access to the source code and rights to copy, modify
+// and redistribute granted by the license, users are provided only with a
+// limited warranty and the software's author, the holder of the economic
+// rights, and the successive licensors have only limited liability.
+//
+// In this respect, the user's attention is drawn to the risks associated with
+// loading, using, modifying and/or developing or reproducing the software by
+// the user in light of its specific status of free software, that may mean
+// that it is complicated to manipulate, and that also therefore means that it
+// is reserved for developers and experienced professionals having in-depth
+// computer knowledge. Users are therefore encouraged to load and test the
+// software's suitability as regards their requirements in conditions enabling
+// the security of their systems and/or data to be ensured and, more generally,
+// to use and operate it in the same conditions as regards security.
+//
+// The fact that you are presently reading this means that you have had
+// knowledge of the CeCILL license and that you accept its terms.
+
+package utils
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"strings"
+)
+
+func GeneratePassword() (password string, err error) {
+	// This will make a 12 chars long password
+	b := make([]byte, 9)
+
+	if _, err = rand.Read(b); err != nil {
+		return
+	}
+
+	password = base64.StdEncoding.EncodeToString(b)
+
+	// Avoid hard to read characters
+	for _, i := range [][2]string{
+		{"v", "*"}, {"u", "("},
+		{"l", "%"}, {"1", "?"},
+		{"o", "@"}, {"O", "!"}, {"0", ">"},
+		// This one is to avoid problem with openssl
+		{"/", "^"},
+	} {
+		password = strings.Replace(password, i[0], i[1], -1)
+	}
+
+	return
+}