ldap beta v1.0.0

mod/auth/ldap/ldap.go

@@ -183,29 +183,7 @@ func (ldap *ldapHandler) getAllUser(limit int) []UserAccount {
 	result, _ := ldap.ldapreader.GetAllUser()
 	//loop through the result
 	for i, v := range result {
-		//check the group belongs
-		var Group []string
-		var EquivGroup []string
-		regexSyntax := regexp.MustCompile("cn=([^,]+),")
-		for _, v := range v.GetAttributeValues("memberOf") {
-			groups := regexSyntax.FindStringSubmatch(v)
-			if len(groups) > 0 {
-				//check if the LDAP group is already exists in ArOZOS system
-				if ldap.permissionHandler.GroupExists(groups[1]) {
-					EquivGroup = append(EquivGroup, groups[1])
-				}
-				//LDAP list
-				Group = append(Group, groups[1])
-			}
-		}
-		if len(EquivGroup) < 1 {
-			EquivGroup = append(EquivGroup, ldap.reg.DefaultUserGroup)
-		}
-		account := UserAccount{
-			Username:   v.GetAttributeValue("cn"),
-			Group:      Group,
-			EquivGroup: EquivGroup,
-		}
+		account := ldap.convertGroup(v)
 		accounts = append(accounts, account)
 		if i > limit && limit != -1 {
 			break
@@ -218,8 +196,7 @@ func (ldap *ldapHandler) getAllUser(limit int) []UserAccount {
 	}
 }
 
-func (ldap *ldapHandler) convertGroup(ldapUser *ldap.Entry) []UserAccount {
-	var accounts []UserAccount
+func (ldap *ldapHandler) convertGroup(ldapUser *ldap.Entry) UserAccount {
 	//check the group belongs
 	var Group []string
 	var EquivGroup []string
@@ -243,12 +220,7 @@ func (ldap *ldapHandler) convertGroup(ldapUser *ldap.Entry) []UserAccount {
 		Group:      Group,
 		EquivGroup: EquivGroup,
 	}
-	accounts = append(accounts, account)
-	if len(accounts) > 0 {
-		return accounts[1:]
-	} else {
-		return []UserAccount{}
-	}
+	return account
 }
 
 func (ldap *ldapHandler) TestConnection(w http.ResponseWriter, r *http.Request) {
@@ -421,7 +393,7 @@ func (ldap *ldapHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 		//Password correct
 		if !ldap.ag.UserExists(username) {
 			authkey := ldap.syncdb.Store(username)
-			common.SendErrorResponse(w, "Redirection=system/auth/ldap/newPassword?username="+username+"&displayname="+username+"&authkey="+authkey.String())
+			common.SendErrorResponse(w, "Redirection=system/auth/ldap/newPassword?username="+username+"&displayname="+username+"&authkey="+authkey)
 		} else {
 			// Set user as authenticated
 			ldap.ag.LoginUserByRequest(w, r, username, rememberme)
@@ -440,17 +412,17 @@ func (ldap *ldapHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 }
 
 func (ldap *ldapHandler) HandleSetPassword(w http.ResponseWriter, r *http.Request) {
-	username, err := common.Mv(r, "username", false)
+	username, err := common.Mv(r, "username", true)
 	if err != nil {
 		common.SendErrorResponse(w, err.Error())
 		return
 	}
-	password, err := common.Mv(r, "password", false)
+	password, err := common.Mv(r, "password", true)
 	if err != nil {
 		common.SendErrorResponse(w, err.Error())
 		return
 	}
-	authkey, err := common.Mv(r, "authkey", false)
+	authkey, err := common.Mv(r, "authkey", true)
 	if err != nil {
 		common.SendErrorResponse(w, err.Error())
 		return
@@ -458,12 +430,25 @@ func (ldap *ldapHandler) HandleSetPassword(w http.ResponseWriter, r *http.Reques
 
 	//check if the input key matches the database's username
 	isValid := ldap.syncdb.Read(authkey) == username
+	ldap.syncdb.Delete(authkey) // remove the key
 	if isValid {
 		if !ldap.ag.UserExists(username) {
-			ldap.ag.CreateUserAccount(username, password, ldapUser.EquivGroup)
+			ldapUser, err := ldap.ldapreader.GetUser(username)
+			if err != nil {
+				common.SendErrorResponse(w, err.Error())
+				return
+			}
+			convertedInfo := ldap.convertGroup(ldapUser)
+			ldap.ag.CreateUserAccount(username, password, convertedInfo.Group)
+			common.SendOK(w)
+			return
 		} else {
 			common.SendErrorResponse(w, "User existed!!")
 			return
 		}
+	} else {
+		common.SendErrorResponse(w, "Improper key detected")
+		log.Println(r.RemoteAddr + " attempted to use invaild key to create new user but failed")
+		return
 	}
 }

system/ldap/newPasswordTemplate.html

@@ -42,7 +42,7 @@
                 <i class="remove icon"></i> <span id="errtext">Internal Server Error</span>
             </div>
             <br>
-            <p>Back to <a href="../ldapLogin.system">Login</a></p>
+            <p>Back to <a href="../../../ldapLogin.system">Login</a></p>
         </div>
     </div>
 
@@ -70,7 +70,7 @@
 
             //Should be OK now. Submit the form for reset password
             $.ajax({
-                url: "system/auth/ldap/setPassword",
+                url: "../../../system/auth/ldap/setPassword",
                 method: "POST",
                 data: {
                     username: username,
@@ -82,7 +82,7 @@
                         showErrorMessage(data.error);
                     } else {
                         //OK
-                        window.location.href = "index.html";
+                        window.location.href = "../../../ldapLogin.system";
                     }
                 }
             })