|
|
@@ -44,6 +44,13 @@ type UserAccount struct {
|
|
|
EquivGroup []string `json:"equiv_group"`
|
|
|
}
|
|
|
|
|
|
+//syncorizeUserReturnInterface not designed to be used outside
|
|
|
+type syncorizeUserReturnInterface struct {
|
|
|
+ Userinfo []UserAccount `json:"userinfo"`
|
|
|
+ Length int `json:"length"`
|
|
|
+ Error string `json:"error"`
|
|
|
+}
|
|
|
+
|
|
|
//NewLdapHandler xxx
|
|
|
func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, coreDb *db.Database, permissionHandler *permission.PermissionHandler, userHandler *user.UserHandler, iconSystem string) *ldapHandler {
|
|
|
//ldap handler init
|
|
|
@@ -315,6 +322,7 @@ func (ldap *ldapHandler) HandleLoginPage(w http.ResponseWriter, r *http.Request)
|
|
|
}
|
|
|
|
|
|
func (ldap *ldapHandler) HandleNewPasswordPage(w http.ResponseWriter, r *http.Request) {
|
|
|
+ //get the parameter from the request
|
|
|
acc, err := common.Mv(r, "username", false)
|
|
|
if err != nil {
|
|
|
common.SendErrorResponse(w, err.Error())
|
|
|
@@ -330,7 +338,7 @@ func (ldap *ldapHandler) HandleNewPasswordPage(w http.ResponseWriter, r *http.Re
|
|
|
common.SendErrorResponse(w, err.Error())
|
|
|
return
|
|
|
}
|
|
|
-
|
|
|
+ //init the web interface
|
|
|
imgsrc := "./web/" + ldap.iconSystem
|
|
|
if !common.FileExists(imgsrc) {
|
|
|
imgsrc = "./web/img/public/auth_icon.png"
|
|
|
@@ -388,9 +396,10 @@ func (ldap *ldapHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
|
|
|
//The database contain this user information. Check its password if it is correct
|
|
|
if passwordCorrect {
|
|
|
//Password correct
|
|
|
+ //if user not exist then redirect to create pwd screen
|
|
|
if !ldap.ag.UserExists(username) {
|
|
|
authkey := ldap.syncdb.Store(username)
|
|
|
- common.SendErrorResponse(w, "Redirection=system/auth/ldap/newPassword?username="+username+"&displayname="+username+"&authkey="+authkey)
|
|
|
+ common.SendJSONResponse(w, "{\"redirect\":\"system/auth/ldap/newPassword?username="+username+"&displayname="+username+"&authkey="+authkey+"\"}")
|
|
|
} else {
|
|
|
// Set user as authenticated
|
|
|
ldap.ag.LoginUserByRequest(w, r, username, rememberme)
|
|
|
@@ -409,6 +418,7 @@ func (ldap *ldapHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
|
|
|
}
|
|
|
|
|
|
func (ldap *ldapHandler) HandleSetPassword(w http.ResponseWriter, r *http.Request) {
|
|
|
+ //get paramters from request
|
|
|
username, err := common.Mv(r, "username", true)
|
|
|
if err != nil {
|
|
|
common.SendErrorResponse(w, err.Error())
|
|
|
@@ -427,19 +437,28 @@ func (ldap *ldapHandler) HandleSetPassword(w http.ResponseWriter, r *http.Reques
|
|
|
|
|
|
//check if the input key matches the database's username
|
|
|
isValid := ldap.syncdb.Read(authkey) == username
|
|
|
- ldap.syncdb.Delete(authkey) // remove the key
|
|
|
+ ldap.syncdb.Delete(authkey) // remove the key, aka key is one time use only
|
|
|
+ //if db data match the username, proceed
|
|
|
if isValid {
|
|
|
+ //if not exists
|
|
|
if !ldap.ag.UserExists(username) {
|
|
|
+ //get the user from ldap server
|
|
|
ldapUser, err := ldap.ldapreader.GetUser(username)
|
|
|
if err != nil {
|
|
|
common.SendErrorResponse(w, err.Error())
|
|
|
return
|
|
|
}
|
|
|
+ //convert the ldap usergroup to arozos usergroup
|
|
|
convertedInfo := ldap.convertGroup(ldapUser)
|
|
|
+ //create user account and login
|
|
|
ldap.ag.CreateUserAccount(username, password, convertedInfo.EquivGroup)
|
|
|
- common.SendOK(w)
|
|
|
+ ldap.ag.Logger.LogAuth(r, true)
|
|
|
+ ldap.ag.LoginUserByRequest(w, r, username, false)
|
|
|
+ http.Redirect(w, r, "index.html", 301)
|
|
|
+ //common.SendOK(w)
|
|
|
return
|
|
|
} else {
|
|
|
+ //if exist then return error
|
|
|
common.SendErrorResponse(w, "User exists, please contact the system administrator if you believe this is an error.")
|
|
|
return
|
|
|
}
|
AY's Macbook Pro