nemunaire/chldapasswd
1
0
Fork 0
Code Issues Pull Requests 1 Releases Activity

Can delete own aliases
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
nemunaire 2024-05-31 17:08:15 +02:00
parent e6a4271a75
commit daab7bf699
3 changed files with 62 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
addy.go
View File

@ -66,25 +66,32 @@ func checkAddyApiAuthorization(authorization []byte) *string {
return &username return &username
} }
func addyAliasAPI(w http.ResponseWriter, r *http.Request) { func addyAliasAPIAuth(r *http.Request) (*string, error) {
// Check authorization header // Check authorization header
fields := strings.Fields(r.Header.Get("Authorization")) fields := strings.Fields(r.Header.Get("Authorization"))
if len(fields) != 2 || fields[0] != "Bearer" { if len(fields) != 2 || fields[0] != "Bearer" {
http.Error(w, "Authorization header should be a valid Bearer token", http.StatusUnauthorized) return nil, fmt.Errorf("Authorization header should be a valid Bearer token")
return
} }
// Decode header // Decode header
authorization, err := base32.StdEncoding.DecodeString(fields[1]) authorization, err := base32.StdEncoding.DecodeString(fields[1])
if err != nil { if err != nil {
log.Println("Invalid Authorization header: %s", err.Error()) log.Println("Invalid Authorization header: %s", err.Error())
http.Error(w, "Authorization header should be a valid Bearer token", http.StatusUnauthorized) return nil, err
return
} }
user := checkAddyApiAuthorization(authorization) user := checkAddyApiAuthorization(authorization)
if user == nil { if user == nil {
http.Error(w, "Not authorized", http.StatusUnauthorized) return nil, fmt.Errorf("Not authorized")
}
return user, nil
}
func addyAliasAPI(w http.ResponseWriter, r *http.Request) {
user, err := addyAliasAPIAuth(r)
if err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return return
} }
@ -154,6 +161,47 @@ func addyAliasAPI(w http.ResponseWriter, r *http.Request) {
} }
} }
func addyAliasAPIDelete(w http.ResponseWriter, r *http.Request) {
user, err := addyAliasAPIAuth(r)
if err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
email := r.PathValue("alias")
conn, err := myLDAP.Connect()
if err != nil || conn == nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
err = conn.ServiceBind()
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
dn, err := conn.SearchDN(*user, true)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
err = conn.DelMailAlias(dn, email)
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
log.Printf("Alias deleted for %s: %s", dn, email)
http.Error(w, "", http.StatusOK)
}
func generateRandomString(length int) string { func generateRandomString(length int) string {
charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
result := make([]byte, length) result := make([]byte, length)

8
login.go
View File

@ -50,17 +50,21 @@ func tryLogin(w http.ResponseWriter, r *http.Request) {
log.Println(err) log.Println(err)
displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()}) displayTmplError(w, http.StatusInternalServerError, "login.html", map[string]interface{}{"error": err.Error()})
} else { } else {
apiToken := AddyAPIToken(r.PostFormValue("login"))
cnt := "<ul>" cnt := "<ul>"
for _, e := range entries { for _, e := range entries {
for _, v := range e.Values { for i, v := range e.Values {
if e.Name == "userPassword" { if e.Name == "userPassword" {
cnt += "<li><strong>" + e.Name + ":</strong> <em>[...]</em></li>" cnt += "<li><strong>" + e.Name + ":</strong> <em>[...]</em></li>"
} else if e.Name == "mailAlias" && len(strings.SplitN(v, "@", 2)[0]) == 10 {
cnt += "<li id='" + fmt.Sprintf("mailAlias-%d", i) + "'><strong>" + e.Name + ":</strong> " + v + `<button type="button" class="mx-1 btn btn-sm btn-danger" onclick="fetch('/api/v1/aliases/` + v + `', {'method': 'delete', 'headers': {'Authorization': 'Bearer ` + apiToken + `'}}).then((res) => { if (res.ok) document.getElementById('` + fmt.Sprintf("mailAlias-%d", i) + `').remove(); });">Supprimer</a></li>`
} else { } else {
cnt += "<li><strong>" + e.Name + ":</strong> " + v + "</li>" cnt += "<li><strong>" + e.Name + ":</strong> " + v + "</li>"
} }
} }
} }
displayTmpl(w, "message.html", map[string]interface{}{"details": template.HTML(`Login ok<br><br>Here are the information we have about you:` + cnt + "</ul><p>To use our Addy.io compatible API, use the following token: <code>" + AddyAPIToken(r.PostFormValue("login")) + "</code></p>")}) displayTmpl(w, "message.html", map[string]interface{}{"details": template.HTML(`Login ok<br><br>Here are the information we have about you:` + cnt + "</ul><p>To use our Addy.io compatible API, use the following token: <code>" + apiToken + "</code></p>")})
} }
} }

3
main.go
View File

@ -148,8 +148,9 @@ func main() {
signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM) signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM)
// Register handlers // Register handlers
http.HandleFunc(fmt.Sprintf("%s/", *baseURL), changePassword) http.HandleFunc(fmt.Sprintf("%s/{$}", *baseURL), changePassword)
http.HandleFunc(fmt.Sprintf("POST %s/api/v1/aliases", *baseURL), addyAliasAPI) http.HandleFunc(fmt.Sprintf("POST %s/api/v1/aliases", *baseURL), addyAliasAPI)
http.HandleFunc(fmt.Sprintf("DELETE %s/api/v1/aliases/{alias}", *baseURL), addyAliasAPIDelete)
http.HandleFunc(fmt.Sprintf("%s/auth", *baseURL), httpBasicAuth) http.HandleFunc(fmt.Sprintf("%s/auth", *baseURL), httpBasicAuth)
http.HandleFunc(fmt.Sprintf("%s/login", *baseURL), tryLogin) http.HandleFunc(fmt.Sprintf("%s/login", *baseURL), tryLogin)
http.HandleFunc(fmt.Sprintf("%s/change", *baseURL), changePassword) http.HandleFunc(fmt.Sprintf("%s/change", *baseURL), changePassword)