AY's Macbook Pro před 3 roky
rodič
revize
67992fe8d5
5 změnil soubory, kde provedl 110 přidání a 8 odebrání
  1. 1 0
      go.mod
  2. 2 0
      go.sum
  3. 20 7
      mod/auth/ldap/ldap.go
  4. 79 0
      mod/auth/ldap/syncdb/syncdb.go
  5. 8 1
      web/login.system

+ 1 - 0
go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/go-git/go-git/v5 v5.2.0
 	github.com/go-ldap/ldap v3.0.3+incompatible // indirect
 	github.com/go-ldap/ldap/v3 v3.4.2 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20220221023154-0b2280d3ff96 // indirect
 	github.com/gorilla/sessions v1.2.0
 	github.com/gorilla/websocket v1.4.2

+ 2 - 0
go.sum

@@ -252,6 +252,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=

+ 20 - 7
mod/auth/ldap/ldap.go

@@ -7,8 +7,10 @@ import (
 	"regexp"
 	"strconv"
 
+	uuid "github.com/google/uuid"
 	auth "imuslab.com/arozos/mod/auth"
 	"imuslab.com/arozos/mod/auth/ldap/ldapreader"
+	"imuslab.com/arozos/mod/auth/oauth2/syncdb"
 	reg "imuslab.com/arozos/mod/auth/register"
 	"imuslab.com/arozos/mod/common"
 	db "imuslab.com/arozos/mod/database"
@@ -24,6 +26,7 @@ type ldapHandler struct {
 	permissionHandler *permission.PermissionHandler
 	userHandler       *user.UserHandler
 	iconSystem        string
+	syncdb            *syncdb.SyncDB
 }
 
 type Config struct {
@@ -70,6 +73,7 @@ func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, co
 		permissionHandler: permissionHandler,
 		userHandler:       userHandler,
 		iconSystem:        iconSystem,
+		syncdb:            syncdb.NewSyncDB(),
 	}
 
 	return &LDAPHandler
@@ -339,7 +343,6 @@ func (ldap *ldapHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 	//Check the database and see if this user is in the database
 	passwordCorrect, err := ldap.ldapreader.Authenticate(username, password)
 	if err != nil {
-		//Password not defined
 		ldap.ag.Logger.LogAuth(r, false)
 		common.SendErrorResponse(w, "Unable to connect to LDAP server")
 		log.Println("LDAP Authentication error, " + err.Error())
@@ -348,12 +351,22 @@ func (ldap *ldapHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 	//The database contain this user information. Check its password if it is correct
 	if passwordCorrect {
 		//Password correct
-		// Set user as authenticated
-		ldap.ag.LoginUserByRequest(w, r, username, rememberme)
-		//Print the login message to console
-		log.Println(username + " logged in.")
-		ldap.ag.Logger.LogAuth(r, true)
-		common.SendOK(w)
+		if !ldap.ag.UserExists(username) {
+			authkey, err := uuid.NewUUID()
+			if err != nil {
+				log.Println("UUID generation failed, " + err.Error())
+				return
+			}
+			ldap.syncdb.Store(authkey.String())
+			common.SendErrorResponse(w, "Redirection=system/auth/ldap/register.html?username="+username+"&displayname="+username+"&authkey="+authkey.String())
+		} else {
+			// Set user as authenticated
+			ldap.ag.LoginUserByRequest(w, r, username, rememberme)
+			//Print the login message to console
+			log.Println(username + " logged in.")
+			ldap.ag.Logger.LogAuth(r, true)
+			common.SendOK(w)
+		}
 	} else {
 		//Password incorrect
 		log.Println(username + " has entered an invalid username or password")

+ 79 - 0
mod/auth/ldap/syncdb/syncdb.go

@@ -0,0 +1,79 @@
+package syncdb
+
+import (
+	"fmt"
+	"sync"
+	"time"
+
+	uuid "github.com/satori/go.uuid"
+)
+
+type SyncDB struct {
+	db *sync.Map //HERE ALSO CHANGED, USE POINTER INSTEAD OF A COPY OF THE ORIGINAL SYNCNAMP
+}
+
+type dbStructure struct {
+	timestamp time.Time
+	value     string
+}
+
+func NewSyncDB() *SyncDB {
+	//Create a new SyncMap for this SyncDB Object
+	newDB := sync.Map{}
+	//Put the newly craeted syncmap into the db object
+	newSyncDB := SyncDB{db: &newDB} //!!! USE POINTER HERE INSTEAD OF THE SYNC MAP ITSELF
+	//Return the pointer of the new SyncDB object
+	newSyncDB.AutoCleaning()
+	return &newSyncDB
+}
+
+func (p SyncDB) AutoCleaning() {
+	//create the routine for auto clean trash
+	go func() {
+		for {
+			<-time.After(5 * 60 * time.Second) //no rush, clean every five minute
+			p.db.Range(func(key, value interface{}) bool {
+				if time.Now().Sub(value.(dbStructure).timestamp).Minutes() >= 30 {
+					p.db.Delete(key)
+				}
+				return true
+			})
+		}
+	}()
+}
+
+func (p SyncDB) Store(value string) string {
+	uid := uuid.NewV4().String()
+	NewField := dbStructure{
+		timestamp: time.Now(),
+		value:     value,
+	}
+	p.db.Store(uid, NewField)
+	return uid
+}
+
+func (p SyncDB) Read(uuid string) string {
+	value, ok := p.db.Load(uuid)
+	if !ok {
+		return ""
+	} else {
+		return value.(dbStructure).value
+	}
+}
+
+func (p SyncDB) Delete(uuid string) {
+	p.db.Delete(uuid)
+}
+
+func (p SyncDB) ToString() {
+	p.db.Range(func(key, value interface{}) bool {
+		fmt.Print(key)
+		fmt.Print(" : ")
+		fmt.Println(value.(dbStructure).value)
+		fmt.Print(" @ ")
+		//fmt.Print(value.(dbStructure).timestamp)
+		fmt.Print(time.Now().Sub(value.(dbStructure).timestamp).Seconds())
+		fmt.Print("\n")
+		return true
+	})
+}

+ 8 - 1
web/login.system

@@ -216,7 +216,7 @@
                         $(".ts.borderless.basic.segment").after('<div id="autoRedirectSegment" class="ts borderless basic segment"><p><i class="key icon"></i>Redirecting to organization sign-in page in 5 seconds...</p><br><a style="cursor: pointer;" onclick="stopAutoRedirect()">Cancel</a></div>');
                         autoRedirectTimer = setTimeout(function(){
                             window.location.href = "system/auth/oauth/login?redirect=" + redirectionAddress;
-                        }, 5000);
+                        }, 3000);
                     }
                 }
             });
@@ -258,6 +258,13 @@
             $.post(loginAddress, {"username": username, "password": magic, "rmbme": rmbme}).done(function(data){
                 if (data.error !== undefined){
                     //Something went wrong during the login
+
+                    //LDAP Related Code
+                    if(data.error.indexOf("Redirection=") == 0){
+                        window.location.href = data.error.split("Redirection=")[1];
+                        return;
+                    }
+
                     $("#errmsg").text(data.error);
                     $("#errmsg").parent().slideDown('fast').delay(5000).slideUp('fast');
                 }else{