diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-09-26 08:40:41 +0200 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-09-26 08:40:41 +0200 |
| commit | 706ff58a6f6608719feda15075d50f978df39c5b (patch) | |
| tree | d0b655454d5e13ed2238060fee27fc0d951d64c8 /login.go | |
| parent | d8633d7fb89b55996f25e1a67180408c805ba15f (diff) | |
| download | guichet-706ff58a6f6608719feda15075d50f978df39c5b.tar.gz guichet-706ff58a6f6608719feda15075d50f978df39c5b.zip | |
format
Diffstat (limited to 'login.go')
| -rw-r--r-- | login.go | 45 |
1 files changed, 23 insertions, 22 deletions
@@ -13,12 +13,12 @@ import ( var ( ErrNotAuthenticatedSession = fmt.Errorf("User has no session") - ErrNotAuthenticatedBasic = fmt.Errorf("User has not sent Authentication Basic information") - ErrNotAuthenticated = fmt.Errorf("User is not authenticated") - ErrWrongLDAPCredentials = fmt.Errorf("LDAP credentials are wrong") - ErrLDAPServerUnreachable = fmt.Errorf("Unable to open the LDAP server") + ErrNotAuthenticatedBasic = fmt.Errorf("User has not sent Authentication Basic information") + ErrNotAuthenticated = fmt.Errorf("User is not authenticated") + ErrWrongLDAPCredentials = fmt.Errorf("LDAP credentials are wrong") + ErrLDAPServerUnreachable = fmt.Errorf("Unable to open the LDAP server") ErrLDAPSearchInternalError = fmt.Errorf("LDAP Search of this user failed with an internal error") - ErrLDAPSearchNotFound = fmt.Errorf("User is authenticated but its associated data can not be found during search") + ErrLDAPSearchNotFound = fmt.Errorf("User is authenticated but its associated data can not be found during search") ) // --- Login Info --- @@ -48,10 +48,10 @@ func NewLoginInfoFromSession(r *http.Request) (*LoginInfo, error) { func NewLoginInfoFromBasicAuth(r *http.Request) (*LoginInfo, error) { username, password, ok := r.BasicAuth() if ok { - login_info := &LoginInfo{ - Username: username, - Password: password, - } + login_info := &LoginInfo{ + Username: username, + Password: password, + } return login_info, nil } @@ -69,8 +69,8 @@ func (li *LoginInfo) DN() string { // --- Login Status --- type LoginStatus struct { - Info *LoginInfo - conn *ldap.Conn + Info *LoginInfo + conn *ldap.Conn } func NewLoginStatus(r *http.Request, login_info *LoginInfo) (*LoginStatus, error) { @@ -109,12 +109,13 @@ func NewLdapCon() (*ldap.Conn, error) { // --- Capabilities --- type Capabilities struct { - CanAdmin bool + CanAdmin bool CanInvite bool } + func NewCapabilities(login *LoginStatus, entry *ldap.Entry) *Capabilities { // Initialize - canAdmin := false + canAdmin := false canInvite := false // Special case for the "admin" account that is de-facto admin @@ -135,19 +136,20 @@ func NewCapabilities(login *LoginStatus, entry *ldap.Entry) *Capabilities { } return &Capabilities{ - CanAdmin: canAdmin, + CanAdmin: canAdmin, CanInvite: canInvite, } } // --- Logged User --- type LoggedUser struct { - Login *LoginStatus + Login *LoginStatus Entry *ldap.Entry Capabilities *Capabilities - Quota *UserQuota - s3key *garage.KeyInfo + Quota *UserQuota + s3key *garage.KeyInfo } + func NewLoggedUser(login *LoginStatus) (*LoggedUser, error) { requestKind := "(objectClass=organizationalPerson)" if strings.EqualFold(login.Info.DN(), config.AdminAccount) { @@ -184,11 +186,11 @@ func NewLoggedUser(login *LoginStatus) (*LoggedUser, error) { } entry := sr.Entries[0] - lu := &LoggedUser { - Login: login, - Entry: entry, + lu := &LoggedUser{ + Login: login, + Entry: entry, Capabilities: NewCapabilities(login, entry), - Quota: NewUserQuotaFromEntry(entry), + Quota: NewUserQuotaFromEntry(entry), } return lu, nil } @@ -251,7 +253,6 @@ func RequireUser(r *http.Request) (*LoggedUser, error) { return nil, ErrNotAuthenticated } - loginStatus, err := NewLoginStatus(r, login_info) if err != nil { return nil, err |