Add blocked notice to let users reactivate the account

merge-requests/11/head
meskio 3 years ago
parent 6ac3bb8619
commit 1584bb4a7e
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 28
      ldap/user.go
  2. 1
      server/server.go
  3. 13
      server/session.go
  4. 1
      server/template.go
  5. 34
      server/user.go
  6. 19
      tmpl/blocked_notice.html

@ -32,12 +32,18 @@ type User struct {
}
// ValidateUser in the ldap
func (l Ldap) ValidateUser(user string, pass string) error {
func (l Ldap) ValidateUser(user string, pass string) (User, error) {
conn, err := l.login(user, pass)
if err == nil {
conn.Close()
if err != nil {
return User{}, err
}
return err
defer conn.Close()
entry, err := l.searchUser(user, conn)
if err != nil {
return User{}, err
}
return newUser(entry), nil
}
// IsUserPassUptodate will be true if the password for that user in ldap is using the latest crypto
@ -208,7 +214,19 @@ func (l Ldap) ChangeRole(user string, role Role) error {
// ChangeLocked for the user
func (l Ldap) ChangeLocked(user string, locked Locked) error {
return l.changeUser(user, "sdLocked", []string{locked.String()})
if locked != Unlocked {
return l.changeUser(user, "sdLocked", []string{locked.String()})
}
conn, err := l.connect()
if err != nil {
return err
}
defer conn.Close()
modifyRequest := ldap.NewModifyRequest(l.userDN(user), nil)
modifyRequest.Delete("sdLocked", []string{})
return conn.Modify(modifyRequest)
}
func (l Ldap) changeUser(user, attribute string, value []string) error {

@ -42,6 +42,7 @@ func Serve(addr string, l *ldap.Ldap, m *mail.Mail, ldb *db.DB) error {
r.HandleFunc("/users/{name}/role/", s.roleHandler).Methods("POST")
r.HandleFunc("/users/{name}/password/", s.passwdadmHandler).Methods("POST")
r.HandleFunc("/users/{name}/shell/", s.shellHandler).Methods("POST")
r.HandleFunc("/unlock/", s.unlockHandler)
r.HandleFunc("/invites/", s.listInvitesHandler)
r.HandleFunc("/invites/{invite}/del/", s.deleteInviteHandler)
r.HandleFunc("/adduser/", s.createInviteHandler)

@ -11,7 +11,8 @@ import (
)
type session struct {
user string
user string
blockedUser string
}
type sessionStore struct {
@ -27,7 +28,15 @@ func initSessionStore() *sessionStore {
func (store *sessionStore) set(user string, w http.ResponseWriter, r *http.Request) {
sessionID := genID()
store.sessions[sessionID] = session{user}
store.sessions[sessionID] = session{user, ""}
cookie, _ := store.cookies.Get(r, "session")
cookie.Values["id"] = sessionID
cookie.Save(r, w)
}
func (store *sessionStore) setBlocked(user string, w http.ResponseWriter, r *http.Request) {
sessionID := genID()
store.sessions[sessionID] = session{"", user}
cookie, _ := store.cookies.Get(r, "session")
cookie.Values["id"] = sessionID
cookie.Save(r, w)

@ -35,6 +35,7 @@ func initTemplate() *template.Template {
"tmpl/password.html",
"tmpl/user.html",
"tmpl/users.html",
"tmpl/blocked_notice.html",
"tmpl/invite.html",
"tmpl/invites.html",
"tmpl/adduser.html",

@ -1,7 +1,10 @@
package server
import (
"log"
"net/http"
"0xacab.org/sindominio/lowry/ldap"
)
func (s *server) homeHandler(w http.ResponseWriter, r *http.Request) {
@ -20,18 +23,27 @@ func (s *server) homeHandler(w http.ResponseWriter, r *http.Request) {
}
func (s *server) loginHandler(w http.ResponseWriter, r *http.Request) {
user := r.FormValue("user")
name := r.FormValue("user")
pass := r.FormValue("password")
err := s.ldap.ValidateUser(user, pass)
user, err := s.ldap.ValidateUser(name, pass)
if err != nil {
response := s.newResponse("login", w, r)
response.execute(true)
return
}
s.sess.set(user, w, r)
http.Redirect(w, r, "/", http.StatusFound)
switch user.Locked {
case ldap.Unlocked:
s.sess.set(name, w, r)
http.Redirect(w, r, "/", http.StatusFound)
case ldap.Blocked:
s.sess.setBlocked(name, w, r)
response := s.newResponse("blocked_notice", w, r)
response.execute(true)
default:
response := s.newResponse("login", w, r)
response.execute(true)
}
}
func (s *server) logoutHandler(w http.ResponseWriter, r *http.Request) {
@ -72,3 +84,15 @@ func (s *server) passwordHandler(w http.ResponseWriter, r *http.Request) {
response.execute("PassChanged")
}
}
func (s *server) unlockHandler(w http.ResponseWriter, r *http.Request) {
session := s.sess.get(w, r)
if session != nil && session.blockedUser != "" {
err := s.ldap.ChangeLocked(session.blockedUser, ldap.Unlocked)
if err != nil {
log.Printf("Error unlocking %s: %v", session.blockedUser, err)
}
s.sess.set(session.blockedUser, w, r)
}
http.Redirect(w, r, "/", http.StatusFound)
}

@ -0,0 +1,19 @@
{{template "header.html"}}
{{template "header_close.html"}}
<div class="container">
<br />
<div class="row justify-content-center">
<div class="col-md-8">
<p>Esta cuenta ha sido bloqueada por inactividad. Es necesario acceder por lo menos una vez cada 6 meses para continuar teniendo una cuenta en sindominio.</p>
<p>Puedes reactivar la cuenta dandole al boton aqui abajo. Toda cuenta bloqueada que no sea reactivada entrando en lowry y dandole a reactivar sera borrada pasado un año de inactividad y todos los datos (emails, conversaciones de chat, ...) se perderán para siempre.</p>
<div class="row justify-content-end">
<a class="btn btn-primary" href="/unlock/" role="button">Reactivar tu cuenta</a>
</div>
</div>
</div>
</div>
{{template "footer.html"}}
Loading…
Cancel
Save