ldap component update part 2

ldap.go

@@ -9,7 +9,7 @@ import (
 
 func ldapInit() {
 	//ldap
-	ldapHandler := ldap.NewLdapHandler(authAgent, registerHandler, sysdb)
+	ldapHandler := ldap.NewLdapHandler(authAgent, registerHandler, sysdb, permissionHandler)
 
 	//add a entry to the system settings
 	adminRouter := prout.NewModuleRouter(prout.RouterOption{
@@ -31,4 +31,7 @@ func ldapInit() {
 
 	adminRouter.HandleFunc("/system/auth/ldap/config/read", ldapHandler.ReadConfig)
 	adminRouter.HandleFunc("/system/auth/ldap/config/write", ldapHandler.WriteConfig)
+	adminRouter.HandleFunc("/system/auth/ldap/config/testConnection", ldapHandler.TestConnection)
+	adminRouter.HandleFunc("/system/auth/ldap/config/syncorizeUser", ldapHandler.SyncorizeUser)
+
 }

mod/auth/ldap/common.go

@@ -4,7 +4,7 @@ import db "imuslab.com/arozos/mod/database"
 
 func readSingleConfig(key string, coredb *db.Database) string {
 	var value string
-	err := coredb.Read("oauth", key, &value)
+	err := coredb.Read("ldap", key, &value)
 	if err != nil {
 		value = ""
 	}
@@ -13,7 +13,7 @@ func readSingleConfig(key string, coredb *db.Database) string {
 
 func (ldap *ldapHandler) readSingleConfig(key string) string {
 	var value string
-	err := ldap.coredb.Read("oauth", key, &value)
+	err := ldap.coredb.Read("ldap", key, &value)
 	if err != nil {
 		value = ""
 	}

mod/auth/ldap/ldap.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
+	"regexp"
 	"strconv"
 
 	auth "imuslab.com/arozos/mod/auth"
@@ -11,13 +12,15 @@ import (
 	reg "imuslab.com/arozos/mod/auth/register"
 	"imuslab.com/arozos/mod/common"
 	db "imuslab.com/arozos/mod/database"
+	permission "imuslab.com/arozos/mod/permission"
 )
 
 type ldapHandler struct {
-	ag         *auth.AuthAgent
-	ldapreader *ldapreader.LdapReader
-	reg        *reg.RegisterHandler
-	coredb     *db.Database
+	ag                *auth.AuthAgent
+	ldapreader        *ldapreader.LdapReader
+	reg               *reg.RegisterHandler
+	coredb            *db.Database
+	permissionHandler *permission.PermissionHandler
 }
 
 type Config struct {
@@ -29,22 +32,19 @@ type Config struct {
 	BaseDN       string `json:"base_dn"`
 }
 
-/*
-const (
-	BindUsername = "uid=root,cn=users,dc=dsm"
-	BindPassword = "12345678"
-	FQDN         = "192.168.1.147"
-	BaseDN       = "cn=users,dc=dsm"
-)
-*/
+type UserAccount struct {
+	Username   string   `json:"username"`
+	Group      []string `json:"group"`
+	EquivGroup []string `json:"equiv_group"`
+}
 
 /*
-TODO: not sure why enabled will keep enable
+TODO: not sure why auto redirect will keep enable
 
 */
 
 //NewLdapHandler xxx
-func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, coreDb *db.Database) *ldapHandler {
+func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, coreDb *db.Database, permissionHandler *permission.PermissionHandler) *ldapHandler {
 	//ldap handler init
 	log.Println("Starting LDAP client...")
 	err := coreDb.NewTable("ldap")
@@ -60,10 +60,11 @@ func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, co
 	BaseDN := readSingleConfig("BaseDN", coreDb)
 
 	LDAPHandler := ldapHandler{
-		ag:         authAgent,
-		ldapreader: ldapreader.NewLDAPReader(BindUsername, BindPassword, FQDN, BaseDN),
-		reg:        register,
-		coredb:     coreDb,
+		ag:                authAgent,
+		ldapreader:        ldapreader.NewLDAPReader(BindUsername, BindPassword, FQDN, BaseDN),
+		reg:               register,
+		coredb:            coreDb,
+		permissionHandler: permissionHandler,
 	}
 
 	return &LDAPHandler
@@ -167,9 +168,73 @@ func (ldap *ldapHandler) WriteConfig(w http.ResponseWriter, r *http.Request) {
 	common.SendOK(w)
 }
 
-func (handler *ldapHandler) SyncInformation() {
-	result, _ := handler.ldapreader.GetAllUser()
-	for _, v := range result {
-		v.PrettyPrint(4)
+//@para limit: -1 means unlimited
+func (ldap *ldapHandler) getAllUser(limit int) []UserAccount {
+	var accounts []UserAccount
+	result, _ := ldap.ldapreader.GetAllUser()
+	//loop through the result
+	for i, v := range result {
+		//check the group belongs
+		var Group []string
+		var EquivGroup []string
+		regexSyntax := regexp.MustCompile("cn=([^,]+),")
+		for _, v := range v.GetAttributeValues("memberOf") {
+			groups := regexSyntax.FindStringSubmatch(v)
+			if len(groups) > 0 {
+				//check if the LDAP group is already exists in ArOZOS system
+				if ldap.permissionHandler.GroupExists(groups[1]) {
+					EquivGroup = append(EquivGroup, groups[1])
+				}
+				//LDAP list
+				Group = append(Group, groups[1])
+			}
+		}
+		if len(EquivGroup) < 1 {
+			EquivGroup = append(EquivGroup, ldap.reg.DefaultUserGroup)
+		}
+		account := UserAccount{
+			Username:   v.GetAttributeValue("uid"),
+			Group:      Group,
+			EquivGroup: EquivGroup,
+		}
+		accounts = append(accounts, account)
+		if i > limit && limit != -1 {
+			break
+		}
 	}
+	return accounts[1:]
+}
+
+func (ldap *ldapHandler) TestConnection(w http.ResponseWriter, r *http.Request) {
+	//marshall it and return
+	accountJSON, err := json.Marshal(ldap.getAllUser(10))
+	if err != nil {
+		empty, err := json.Marshal(UserAccount{})
+		if err != nil {
+			common.SendErrorResponse(w, "Error while marshalling information")
+		}
+		common.SendJSONResponse(w, string(empty))
+	}
+	common.SendJSONResponse(w, string(accountJSON))
+}
+
+func (ldap *ldapHandler) SyncorizeUser(w http.ResponseWriter, r *http.Request) {
+	ldapUsersList := ldap.getAllUser(-1)
+	//arozUsersList := ldap.ag.ListUsers()
+
+	for _, ldapUser := range ldapUsersList {
+		//check if user does not exist in system
+		if !ldap.ag.UserExists(ldapUser.Username) {
+			//TODO change password
+			//TODO reg.GetDefaultUserGroup()
+			ldap.ag.CreateUserAccount(ldapUser.Username, "P@ssw0rd", ldapUser.EquivGroup)
+		} else {
+			//if exists, then check if the user group is the same with ldap's setting
+			//ldapUserCurrentEquivGroup, _ := ldap.permissionHandler.GetUsersPermissionGroup(ldapUser.Username)
+			//for _, ldapUserNewEquivGroup := range ldapUser.EquivGroup {
+			//	if ldap.ag.
+			//}
+		}
+	}
+
 }

web/SystemAO/advance/ldap.html

@@ -113,6 +113,20 @@
             <button id="test_btn" onclick="test();" class="ui button" type="submit">Test Connection</button>
         </div>
         <div class="ui divider"></div>
+        <div id="testConnection" style="display: none">
+            <table class="ui celled table">
+                <thead>
+                    <tr>
+                        <th>Username</th>
+                        <th>Group belongs to</th>
+                        <th>Equivalence user group in arozos</th>
+                    </tr>
+                </thead>
+                <tbody id="information">
+                </tbody>
+            </table>
+            <button id="sync_btn" onclick="syncorize();" class="ui button" type="submit">Syncorize User</button>
+        </div>
         <br><br>
     </div>
 
@@ -133,7 +147,7 @@
                 $("#bind_username").val(data.bind_username);
                 $("#bind_password").val(data.bind_password);
                 $("#fqdn").val(data.fqdn);
-                $("#base_dn").val(data.bind_dn);
+                $("#base_dn").val(data.base_dn);
             });
         }
 
@@ -144,7 +158,7 @@
                     bind_username: $("#bind_username").val(),
                     bind_password: $("#bind_password").val(),
                     fqdn: $("#fqdn").val(),
-                    bind_dn: $("#base_dn").val(),
+                    base_dn: $("#base_dn").val(),
                 })
                 .done(function(data) {
                     if (data.error != undefined) {
@@ -155,6 +169,42 @@
                     }
                 });
         }
+
+        function test() {
+            $.get("../../system/auth/ldap/config/testConnection")
+                .done(function(data) {
+                    if (data.error != undefined) {
+                        alert(data.error);
+                    } else if (data == null) {
+                        alert("No entries was found");
+                    } else {
+                        //OK!
+                        $("#information").html("");
+                        $(data).each(function(index, element) {
+                            $("#information").append(`
+                            <tr>
+                                <td data-label="username">` + element.username + `</td>
+                                <td data-label="ldap_group">` + element.group + `</td>
+                                <td data-label="equiv_group">` + element.equiv_group + `</td>
+                            </tr>
+                            `);
+                        });
+                        $("#testConnection").show("fast");
+                    }
+                });
+        }
+
+        function syncorize() {
+            $.get("../../system/auth/ldap/config/syncorizeUser")
+                .done(function(data) {
+                    if (data.error != undefined) {
+                        alert(data.error);
+                    } else {
+                        //OK!
+                        $("#updateSet").stop().finish().slideDown("fast").delay(3000).slideUp('fast');
+                    }
+                });
+        }
     </script>
 </body>