Add the ability to do some user managment tasks through admin API
This commit is contained in:
parent
0e15ed3fdc
commit
9d15f6b9a6
|
@ -37,6 +37,7 @@ import (
|
|||
"io"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
|
@ -44,6 +45,7 @@ import (
|
|||
"git.happydns.org/happydns/config"
|
||||
"git.happydns.org/happydns/model"
|
||||
"git.happydns.org/happydns/storage"
|
||||
"git.happydns.org/happydns/utils"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
@ -54,6 +56,13 @@ func init() {
|
|||
router.GET("/api/users/:userid", api.ApiHandler(userHandler(getUser)))
|
||||
router.PUT("/api/users/:userid", api.ApiHandler(userHandler(updateUser)))
|
||||
router.DELETE("/api/users/:userid", api.ApiHandler(userHandler(deleteUser)))
|
||||
|
||||
router.POST("/api/users/:userid/recover_link", api.ApiHandler(userHandler(recoverUserAcct)))
|
||||
router.POST("/api/users/:userid/reset_password", api.ApiHandler(userHandler(resetUserPasswd)))
|
||||
router.POST("/api/users/:userid/send_recover_email", api.ApiHandler(userHandler(sendRecoverUserAcct)))
|
||||
router.POST("/api/users/:userid/send_validation_email", api.ApiHandler(userHandler(sendValidateUserEmail)))
|
||||
router.POST("/api/users/:userid/validation_link", api.ApiHandler(userHandler(emailValidationLink)))
|
||||
router.POST("/api/users/:userid/validate_email", api.ApiHandler(userHandler(validateEmail)))
|
||||
}
|
||||
|
||||
func getUsers(_ *config.Options, _ httprouter.Params, _ io.Reader) api.Response {
|
||||
|
@ -114,3 +123,51 @@ func updateUser(_ *config.Options, user *happydns.User, _ httprouter.Params, bod
|
|||
func deleteUser(_ *config.Options, user *happydns.User, _ httprouter.Params, _ io.Reader) api.Response {
|
||||
return api.NewAPIResponse(true, storage.MainStore.DeleteUser(user))
|
||||
}
|
||||
|
||||
func emailValidationLink(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
|
||||
return api.NewAPIResponse(opts.GetRegistrationURL(user), nil)
|
||||
}
|
||||
|
||||
func recoverUserAcct(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
|
||||
return api.NewAPIResponse(opts.GetAccountRecoveryURL(user), nil)
|
||||
}
|
||||
|
||||
type resetPassword struct {
|
||||
Password string
|
||||
}
|
||||
|
||||
func resetUserPasswd(_ *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
|
||||
urp := &resetPassword{}
|
||||
err := json.NewDecoder(body).Decode(&urp)
|
||||
if err != nil && err != io.EOF {
|
||||
return api.NewAPIErrorResponse(http.StatusBadRequest, fmt.Errorf("Something is wrong in received data: %w", err))
|
||||
}
|
||||
|
||||
if urp.Password == "" {
|
||||
urp.Password, err = utils.GeneratePassword()
|
||||
if err != nil {
|
||||
return api.NewAPIErrorResponse(http.StatusInternalServerError, err)
|
||||
}
|
||||
}
|
||||
|
||||
err = user.DefinePassword(urp.Password)
|
||||
if err != nil {
|
||||
return api.NewAPIErrorResponse(http.StatusInternalServerError, err)
|
||||
}
|
||||
|
||||
return api.NewAPIResponse(urp, storage.MainStore.UpdateUser(user))
|
||||
}
|
||||
|
||||
func sendRecoverUserAcct(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
|
||||
return api.NewAPIResponse(true, api.SendRecoveryLink(opts, user))
|
||||
}
|
||||
|
||||
func sendValidateUserEmail(opts *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
|
||||
return api.NewAPIResponse(true, api.SendValidationLink(opts, user))
|
||||
}
|
||||
|
||||
func validateEmail(_ *config.Options, user *happydns.User, _ httprouter.Params, body io.Reader) api.Response {
|
||||
now := time.Now()
|
||||
user.EmailValidated = &now
|
||||
return api.NewAPIResponse(user, storage.MainStore.UpdateUser(user))
|
||||
}
|
||||
|
|
18
api/users.go
18
api/users.go
|
@ -40,6 +40,7 @@ import (
|
|||
"net/mail"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"unicode"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
@ -90,7 +91,7 @@ func genUsername(user *happydns.User) (toName string) {
|
|||
return
|
||||
}
|
||||
|
||||
func sendValidationLink(opts *config.Options, user *happydns.User) error {
|
||||
func SendValidationLink(opts *config.Options, user *happydns.User) error {
|
||||
toName := genUsername(user)
|
||||
return utils.SendMail(
|
||||
&mail.Address{Name: toName, Address: user.Email},
|
||||
|
@ -109,7 +110,7 @@ In order to validate your account, please follow this link now:
|
|||
)
|
||||
}
|
||||
|
||||
func sendRecoveryLink(opts *config.Options, user *happydns.User) error {
|
||||
func SendRecoveryLink(opts *config.Options, user *happydns.User) error {
|
||||
toName := genUsername(user)
|
||||
return utils.SendMail(
|
||||
&mail.Address{Name: toName, Address: user.Email},
|
||||
|
@ -159,7 +160,7 @@ func registerUser(opts *config.Options, p httprouter.Params, body io.Reader) Res
|
|||
return APIErrorResponse{
|
||||
err: err,
|
||||
}
|
||||
} else if sendValidationLink(opts, user); err != nil {
|
||||
} else if SendValidationLink(opts, user); err != nil {
|
||||
return APIErrorResponse{
|
||||
err: err,
|
||||
}
|
||||
|
@ -189,14 +190,14 @@ func specialUserOperations(opts *config.Options, p httprouter.Params, body io.Re
|
|||
} else {
|
||||
if uu.Kind == "recovery" {
|
||||
if user.EmailValidated == nil {
|
||||
if err = sendValidationLink(opts, user); err != nil {
|
||||
if err = SendValidationLink(opts, user); err != nil {
|
||||
return APIErrorResponse{
|
||||
err: err,
|
||||
}
|
||||
|
||||
}
|
||||
} else {
|
||||
if err = sendRecoveryLink(opts, user); err != nil {
|
||||
if err = SendRecoveryLink(opts, user); err != nil {
|
||||
return APIErrorResponse{
|
||||
err: err,
|
||||
}
|
||||
|
@ -210,7 +211,7 @@ func specialUserOperations(opts *config.Options, p httprouter.Params, body io.Re
|
|||
} else if uu.Kind == "validation" {
|
||||
if user.EmailValidated != nil {
|
||||
return res
|
||||
} else if err = sendValidationLink(opts, user); err != nil {
|
||||
} else if err = SendValidationLink(opts, user); err != nil {
|
||||
return APIErrorResponse{
|
||||
err: err,
|
||||
}
|
||||
|
@ -311,6 +312,11 @@ func recoverUserAccount(opts *config.Options, user *happydns.User, body io.Reade
|
|||
}
|
||||
}
|
||||
|
||||
if user.RegistrationTime == nil {
|
||||
now := time.Now()
|
||||
user.RegistrationTime = &now
|
||||
}
|
||||
|
||||
if err := user.CanRecoverAccount(uar.Key); err != nil {
|
||||
return APIErrorResponse{
|
||||
err: err,
|
||||
|
|
62
utils/password.go
Normal file
62
utils/password.go
Normal file
|
@ -0,0 +1,62 @@
|
|||
// Copyright or © or Copr. happyDNS (2020)
|
||||
//
|
||||
// contact@happydns.org
|
||||
//
|
||||
// This software is a computer program whose purpose is to provide a modern
|
||||
// interface to interact with DNS systems.
|
||||
//
|
||||
// This software is governed by the CeCILL license under French law and abiding
|
||||
// by the rules of distribution of free software. You can use, modify and/or
|
||||
// redistribute the software under the terms of the CeCILL license as
|
||||
// circulated by CEA, CNRS and INRIA at the following URL
|
||||
// "http://www.cecill.info".
|
||||
//
|
||||
// As a counterpart to the access to the source code and rights to copy, modify
|
||||
// and redistribute granted by the license, users are provided only with a
|
||||
// limited warranty and the software's author, the holder of the economic
|
||||
// rights, and the successive licensors have only limited liability.
|
||||
//
|
||||
// In this respect, the user's attention is drawn to the risks associated with
|
||||
// loading, using, modifying and/or developing or reproducing the software by
|
||||
// the user in light of its specific status of free software, that may mean
|
||||
// that it is complicated to manipulate, and that also therefore means that it
|
||||
// is reserved for developers and experienced professionals having in-depth
|
||||
// computer knowledge. Users are therefore encouraged to load and test the
|
||||
// software's suitability as regards their requirements in conditions enabling
|
||||
// the security of their systems and/or data to be ensured and, more generally,
|
||||
// to use and operate it in the same conditions as regards security.
|
||||
//
|
||||
// The fact that you are presently reading this means that you have had
|
||||
// knowledge of the CeCILL license and that you accept its terms.
|
||||
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func GeneratePassword() (password string, err error) {
|
||||
// This will make a 12 chars long password
|
||||
b := make([]byte, 9)
|
||||
|
||||
if _, err = rand.Read(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
password = base64.StdEncoding.EncodeToString(b)
|
||||
|
||||
// Avoid hard to read characters
|
||||
for _, i := range [][2]string{
|
||||
{"v", "*"}, {"u", "("},
|
||||
{"l", "%"}, {"1", "?"},
|
||||
{"o", "@"}, {"O", "!"}, {"0", ">"},
|
||||
// This one is to avoid problem with openssl
|
||||
{"/", "^"},
|
||||
} {
|
||||
password = strings.Replace(password, i[0], i[1], -1)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
Loading…
Reference in New Issue
Block a user