diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-07-19 10:35:14 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-07-19 10:35:14 +0200 |
commit | 3c846b6a59c1e725b56b7784c30cfbd5a3dc080b (patch) | |
tree | c5c3353f3b5332e0477a3a376192d206d6e79faf /invite.go | |
parent | 216e175eafd50b977e132ca0055df9fed9e83a6a (diff) | |
download | guichet-3c846b6a59c1e725b56b7784c30cfbd5a3dc080b.tar.gz guichet-3c846b6a59c1e725b56b7784c30cfbd5a3dc080b.zip |
Inclusive + Fix checks + Fix SSHAbetter_login
Diffstat (limited to 'invite.go')
-rw-r--r-- | invite.go | 33 |
1 files changed, 25 insertions, 8 deletions
@@ -133,9 +133,12 @@ func handleNewAccount(w http.ResponseWriter, r *http.Request, l *ldap.Conn, invi } func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 string, invitedBy string) { + checkFailed := false + // Check if username is correct - if match, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", data.Username); !(err == nil && match) { + if match, err := regexp.MatchString("^[a-z0-9._-]+$", data.Username); !(err == nil && match) { data.ErrorInvalidUsername = true + checkFailed = true } // Check if user exists @@ -150,30 +153,39 @@ func tryCreateAccount(l *ldap.Conn, data *NewAccountData, pass1 string, pass2 st sr, err := l.Search(searchRq) if err != nil { data.ErrorMessage = err.Error() - return + checkFailed = true } if len(sr.Entries) > 0 { data.ErrorUsernameTaken = true - return + checkFailed = true } // Check that password is long enough if len(pass1) < 8 { data.ErrorPasswordTooShort = true - return + checkFailed = true } if pass1 != pass2 { data.ErrorPasswordMismatch = true - return + checkFailed = true } + if checkFailed { + return + } + // Actually create user req := ldap.NewAddRequest(userDn, nil) req.Attribute("objectclass", []string{"inetOrgPerson", "organizationalPerson", "person", "top"}) req.Attribute("structuralobjectclass", []string{"inetOrgPerson"}) - req.Attribute("userpassword", []string{SSHAEncode([]byte(pass1))}) + pw, err := SSHAEncode(pass1) + if err != nil { + data.ErrorMessage = err.Error() + return + } + req.Attribute("userpassword", []string{pw}) req.Attribute("invitedby", []string{invitedBy}) if len(data.DisplayName) > 0 { req.Attribute("displayname", []string{data.DisplayName}) @@ -259,10 +271,15 @@ func trySendCode(login *LoginStatus, choice string, sendto string, data *SendCod // Create invitation object in database inviteDn := config.InvitationNameAttr + "=" + code_id + "," + config.InvitationBaseDN req := ldap.NewAddRequest(inviteDn, nil) - req.Attribute("userpassword", []string{SSHAEncode([]byte(code_pw))}) + pw, err := SSHAEncode(code_pw) + if err != nil { + data.ErrorMessage = err.Error() + return + } + req.Attribute("userpassword", []string{pw}) req.Attribute("objectclass", []string{"top", "invitationCode"}) - err := login.conn.Add(req) + err = login.conn.Add(req) if err != nil { data.ErrorMessage = err.Error() return |