diff options
| author | Alex Auvolat <alex@adnab.me> | 2020-02-14 22:51:12 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2020-02-14 22:51:12 +0100 |
| commit | 193e28cf0086a4b4a1f6d562c42b7c22b6e34561 (patch) | |
| tree | 300b6f3f79013c72b8177f4f99e0bc93b49da5e4 | |
| parent | d78ce5309a2753693a4076697b101d2fb474822c (diff) | |
| download | guichet-193e28cf0086a4b4a1f6d562c42b7c22b6e34561.tar.gz guichet-193e28cf0086a4b4a1f6d562c42b7c22b6e34561.zip | |
Remember who invited who
| -rw-r--r-- | guichet.hcl.example | 2 | ||||
| -rw-r--r-- | invite.go | 29 |
2 files changed, 25 insertions, 6 deletions
diff --git a/guichet.hcl.example b/guichet.hcl.example index 1a1c328..358421a 100644 --- a/guichet.hcl.example +++ b/guichet.hcl.example @@ -12,7 +12,7 @@ job "guichet" { task "server" { driver = "docker" config { - image = "lxpz/guichet_amd64:8" + image = "lxpz/guichet_amd64:9" readonly_rootfs = true port_map { web_port = 9991 @@ -43,7 +43,7 @@ func handleInviteNewAccount(w http.ResponseWriter, r *http.Request) { return } - handleNewAccount(w, r, login.conn) + handleNewAccount(w, r, login.conn, login.Info.DN) } // New account creation using code @@ -65,7 +65,25 @@ func handleInvitationCode(w http.ResponseWriter, r *http.Request) { return } - if handleNewAccount(w, r, l) { + sReq := ldap.NewSearchRequest( + inviteDn, + ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(objectclass=*)"), + []string{"dn", "creatorsname"}, + nil) + sr, err := l.Search(sReq) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + if len(sr.Entries) != 1 { + http.Error(w, fmt.Sprintf("Expected 1 entry, got %d", len(sr.Entries)), http.StatusInternalServerError) + return + } + + invitedBy := sr.Entries[0].GetAttributeValue("creatorsname") + + if handleNewAccount(w, r, l, invitedBy) { del_req := ldap.NewDelRequest(inviteDn, nil) err = l.Del(del_req) if err != nil { @@ -91,7 +109,7 @@ type NewAccountData struct { Success bool } -func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn) bool { +func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn, invitedBy string) bool { templateInviteNewAccount := template.Must(template.ParseFiles("templates/layout.html", "templates/invite_new_account.html")) data := &NewAccountData{} @@ -107,14 +125,14 @@ func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn) bool password1 := strings.Join(r.Form["password"], "") password2 := strings.Join(r.Form["password2"], "") - tryCreateAccount(l, data, password1, password2) + tryCreateAccount(l, data, password1, password2, invitedBy) } templateInviteNewAccount.Execute(w, data) return data.Success } -func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string) { +func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string, invitedBy string) { // Check if username is correct if match, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", data.Username); !(err == nil && match) { data.ErrorInvalidUsername = true @@ -156,6 +174,7 @@ func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 st req.Attribute("objectclass", []string{"inetOrgPerson", "organizationalPerson", "person", "top"}) req.Attribute("structuralobjectclass", []string{"inetOrgPerson"}) req.Attribute("userpassword", []string{SSHAEncode([]byte(pass1))}) + req.Attribute("invitedby", []string{invitedBy}) if len(data.DisplayName) > 0 { req.Attribute("displayname", []string{data.DisplayName}) } |