This commit is contained in:
nemunaire 2020-09-02 15:09:14 +02:00
parent f819320f5a
commit b8d9118b56
4 changed files with 11 additions and 16 deletions

10
ldap.go
View File

@ -24,10 +24,10 @@ type LDAP struct {
func (l LDAP) Connect() (*LDAPConn, error) { func (l LDAP) Connect() (*LDAPConn, error) {
if l.Ssl { if l.Ssl {
if c, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", l.Host, l.Port), &tls.Config{ServerName: l.Host}); err != nil { if c, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", l.Host, l.Port), &tls.Config{ServerName: l.Host}); err != nil {
return nil, errors.New("unable to establish LDAPS connection to " + fmt.Sprintf("%s:%d", l.Host, l.Port) + ": " + err.Error()) return nil, errors.New("unable to establish LDAPS connection to " + fmt.Sprintf("%s:%d", l.Host, l.Port) + ": " + err.Error())
} else { } else {
return &LDAPConn{ return &LDAPConn{
LDAP: l, LDAP: l,
connection: c, connection: c,
}, nil }, nil
} }
@ -42,13 +42,12 @@ func (l LDAP) Connect() (*LDAPConn, error) {
} }
return &LDAPConn{ return &LDAPConn{
LDAP: l, LDAP: l,
connection: c, connection: c,
}, nil }, nil
} }
} }
type LDAPConn struct { type LDAPConn struct {
LDAP LDAP
connection *ldap.Conn connection *ldap.Conn
@ -117,7 +116,7 @@ func (l LDAPConn) ChangePassword(dn string, rawpassword string) error {
return err return err
} }
hashedpasswd, err := crypt.Crypt(rawpassword, "$6$" + salt + "$") hashedpasswd, err := crypt.Crypt(rawpassword, "$6$"+salt+"$")
if err != nil { if err != nil {
return err return err
} }
@ -125,6 +124,5 @@ func (l LDAPConn) ChangePassword(dn string, rawpassword string) error {
modify := ldap.NewModifyRequest(dn) modify := ldap.NewModifyRequest(dn)
modify.Replace("userPassword", []string{"{CRYPT}" + hashedpasswd}) modify.Replace("userPassword", []string{"{CRYPT}" + hashedpasswd})
return l.connection.Modify(modify) return l.connection.Modify(modify)
} }

View File

@ -5,8 +5,8 @@ import (
"encoding/base64" "encoding/base64"
"encoding/binary" "encoding/binary"
"io" "io"
"net/http"
"log" "log"
"net/http"
"os" "os"
"os/exec" "os/exec"
"time" "time"
@ -51,7 +51,6 @@ func (l LDAPConn) genToken(dn string, previous bool) string {
return base64.StdEncoding.EncodeToString(hash.Sum(nil)[:]) return base64.StdEncoding.EncodeToString(hash.Sum(nil)[:])
} }
func lostPassword(w http.ResponseWriter, r *http.Request) { func lostPassword(w http.ResponseWriter, r *http.Request) {
if r.Method != "POST" { if r.Method != "POST" {
displayTmpl(w, "lost.html", map[string]interface{}{}) displayTmpl(w, "lost.html", map[string]interface{}{})
@ -115,7 +114,7 @@ func lostPassword(w http.ResponseWriter, r *http.Request) {
m.SetHeader("From", "noreply@nemunai.re") m.SetHeader("From", "noreply@nemunai.re")
m.SetHeader("To", email) m.SetHeader("To", email)
m.SetHeader("Subject", "SSO nemunai.re: password recovery") m.SetHeader("Subject", "SSO nemunai.re: password recovery")
m.SetBody("text/plain", "Hello " + cn + "!\n\nSomeone, and we hope it's you, requested to reset your account password. \nIn order to continue, go to:\nhttps://ldap.nemunai.re/reset?l=" + r.PostFormValue("login") + "&t=" + token + "\n\nBest regards,\n-- \nnemunai.re SSO") m.SetBody("text/plain", "Hello "+cn+"!\n\nSomeone, and we hope it's you, requested to reset your account password. \nIn order to continue, go to:\nhttps://ldap.nemunai.re/reset?l="+r.PostFormValue("login")+"&t="+token+"\n\nBest regards,\n-- \nnemunai.re SSO")
// Using local sendmail: delegate to the local admin sys the responsability to transport the mail // Using local sendmail: delegate to the local admin sys the responsability to transport the mail
s := gomail.SendFunc(func(from string, to []string, msg io.WriterTo) error { s := gomail.SendFunc(func(from string, to []string, msg io.WriterTo) error {

11
main.go
View File

@ -18,14 +18,13 @@ import (
) )
var myLDAP = LDAP{ var myLDAP = LDAP{
Host: "localhost", Host: "localhost",
Port: 389, Port: 389,
BaseDN: "dc=example,dc=com", BaseDN: "dc=example,dc=com",
} }
type ResponseWriterPrefix struct { type ResponseWriterPrefix struct {
real http.ResponseWriter real http.ResponseWriter
prefix string prefix string
} }
@ -35,7 +34,7 @@ func (r ResponseWriterPrefix) Header() http.Header {
func (r ResponseWriterPrefix) WriteHeader(s int) { func (r ResponseWriterPrefix) WriteHeader(s int) {
if v, exists := r.real.Header()["Location"]; exists { if v, exists := r.real.Header()["Location"]; exists {
r.real.Header().Set("Location", r.prefix + v[0]) r.real.Header().Set("Location", r.prefix+v[0])
} }
r.real.WriteHeader(s) r.real.WriteHeader(s)
} }
@ -50,7 +49,7 @@ func StripPrefix(prefix string, h http.Handler) http.Handler {
} }
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if prefix != "/" && r.URL.Path == "/" { if prefix != "/" && r.URL.Path == "/" {
http.Redirect(w, r, prefix + "/", http.StatusFound) http.Redirect(w, r, prefix+"/", http.StatusFound)
} else if p := strings.TrimPrefix(r.URL.Path, prefix); len(p) < len(r.URL.Path) { } else if p := strings.TrimPrefix(r.URL.Path, prefix); len(p) < len(r.URL.Path) {
r2 := new(http.Request) r2 := new(http.Request)
*r2 = *r *r2 = *r

View File

@ -6,7 +6,6 @@ import (
"strings" "strings"
) )
func resetPassword(w http.ResponseWriter, r *http.Request) { func resetPassword(w http.ResponseWriter, r *http.Request) {
if len(r.URL.Query().Get("l")) == 0 || len(r.URL.Query().Get("t")) == 0 { if len(r.URL.Query().Get("l")) == 0 || len(r.URL.Query().Get("t")) == 0 {
http.Redirect(w, r, "lost", http.StatusFound) http.Redirect(w, r, "lost", http.StatusFound)