Add blocked notice to let users reactivate the account

3 years ago · 1584bb4a7e
parent 6ac3bb8619
commit 1584bb4a7e
6 changed files with 84 additions and 12 deletions
--- a/ldap/user.go
+++ b/ldap/user.go
@ -32,12 +32,18 @@ type User struct {
 }

 // ValidateUser in the ldap
-func (l Ldap) ValidateUser(user string, pass string) error {
+func (l Ldap) ValidateUser(user string, pass string) (User, error) {
 	conn, err := l.login(user, pass)
-	if err == nil {
-		conn.Close()
+	if err != nil {
+		return User{}, err
 	}
-	return err
+	defer conn.Close()
+
+	entry, err := l.searchUser(user, conn)
+	if err != nil {
+		return User{}, err
+	}
+	return newUser(entry), nil
 }

 // IsUserPassUptodate will be true if the password for that user in ldap is using the latest crypto
@ -208,7 +214,19 @@ func (l Ldap) ChangeRole(user string, role Role) error {

 // ChangeLocked for the user
 func (l Ldap) ChangeLocked(user string, locked Locked) error {
-	return l.changeUser(user, "sdLocked", []string{locked.String()})
+	if locked != Unlocked {
+		return l.changeUser(user, "sdLocked", []string{locked.String()})
+	}
+
+	conn, err := l.connect()
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	modifyRequest := ldap.NewModifyRequest(l.userDN(user), nil)
+	modifyRequest.Delete("sdLocked", []string{})
+	return conn.Modify(modifyRequest)
 }

 func (l Ldap) changeUser(user, attribute string, value []string) error {
--- a/server/server.go
+++ b/server/server.go
@ -42,6 +42,7 @@ func Serve(addr string, l *ldap.Ldap, m *mail.Mail, ldb *db.DB) error {
 	r.HandleFunc("/users/{name}/role/", s.roleHandler).Methods("POST")
 	r.HandleFunc("/users/{name}/password/", s.passwdadmHandler).Methods("POST")
 	r.HandleFunc("/users/{name}/shell/", s.shellHandler).Methods("POST")
+	r.HandleFunc("/unlock/", s.unlockHandler)
 	r.HandleFunc("/invites/", s.listInvitesHandler)
 	r.HandleFunc("/invites/{invite}/del/", s.deleteInviteHandler)
 	r.HandleFunc("/adduser/", s.createInviteHandler)
--- a/server/session.go
+++ b/server/session.go
@ -11,7 +11,8 @@ import (
 )

 type session struct {
-	user string
+	user        string
+	blockedUser string
 }

 type sessionStore struct {
@ -27,7 +28,15 @@ func initSessionStore() *sessionStore {

 func (store *sessionStore) set(user string, w http.ResponseWriter, r *http.Request) {
 	sessionID := genID()
-	store.sessions[sessionID] = session{user}
+	store.sessions[sessionID] = session{user, ""}
+	cookie, _ := store.cookies.Get(r, "session")
+	cookie.Values["id"] = sessionID
+	cookie.Save(r, w)
+}
+
+func (store *sessionStore) setBlocked(user string, w http.ResponseWriter, r *http.Request) {
+	sessionID := genID()
+	store.sessions[sessionID] = session{"", user}
 	cookie, _ := store.cookies.Get(r, "session")
 	cookie.Values["id"] = sessionID
 	cookie.Save(r, w)
--- a/server/template.go
+++ b/server/template.go
@ -35,6 +35,7 @@ func initTemplate() *template.Template {
 		"tmpl/password.html",
 		"tmpl/user.html",
 		"tmpl/users.html",
+		"tmpl/blocked_notice.html",
 		"tmpl/invite.html",
 		"tmpl/invites.html",
 		"tmpl/adduser.html",
--- a/server/user.go
+++ b/server/user.go
@ -1,7 +1,10 @@
 package server

 import (
+	"log"
 	"net/http"
+
+	"0xacab.org/sindominio/lowry/ldap"
 )

 func (s *server) homeHandler(w http.ResponseWriter, r *http.Request) {
@ -20,18 +23,27 @@ func (s *server) homeHandler(w http.ResponseWriter, r *http.Request) {
 }

 func (s *server) loginHandler(w http.ResponseWriter, r *http.Request) {
-	user := r.FormValue("user")
+	name := r.FormValue("user")
 	pass := r.FormValue("password")

-	err := s.ldap.ValidateUser(user, pass)
+	user, err := s.ldap.ValidateUser(name, pass)
 	if err != nil {
 		response := s.newResponse("login", w, r)
 		response.execute(true)
 		return
 	}
-
-	s.sess.set(user, w, r)
-	http.Redirect(w, r, "/", http.StatusFound)
+	switch user.Locked {
+	case ldap.Unlocked:
+		s.sess.set(name, w, r)
+		http.Redirect(w, r, "/", http.StatusFound)
+	case ldap.Blocked:
+		s.sess.setBlocked(name, w, r)
+		response := s.newResponse("blocked_notice", w, r)
+		response.execute(true)
+	default:
+		response := s.newResponse("login", w, r)
+		response.execute(true)
+	}
 }

 func (s *server) logoutHandler(w http.ResponseWriter, r *http.Request) {
@ -72,3 +84,15 @@ func (s *server) passwordHandler(w http.ResponseWriter, r *http.Request) {
 		response.execute("PassChanged")
 	}
 }
+
+func (s *server) unlockHandler(w http.ResponseWriter, r *http.Request) {
+	session := s.sess.get(w, r)
+	if session != nil && session.blockedUser != "" {
+		err := s.ldap.ChangeLocked(session.blockedUser, ldap.Unlocked)
+		if err != nil {
+			log.Printf("Error unlocking %s: %v", session.blockedUser, err)
+		}
+		s.sess.set(session.blockedUser, w, r)
+	}
+	http.Redirect(w, r, "/", http.StatusFound)
+}
--- a/tmpl/blocked_notice.html
+++ b/tmpl/blocked_notice.html
@ -0,0 +1,19 @@
+{{template "header.html"}}
+{{template "header_close.html"}}
+
+    <div class="container">
+
+      <br />
+      <div class="row justify-content-center">
+        <div class="col-md-8">
+          <p>Esta cuenta ha sido bloqueada por inactividad. Es necesario acceder por lo menos una vez cada 6 meses para continuar teniendo una cuenta en sindominio.</p>
+          <p>Puedes reactivar la cuenta dandole al boton aqui abajo. Toda cuenta bloqueada que no sea reactivada entrando en lowry y dandole a reactivar sera borrada pasado un año de inactividad y todos los datos (emails, conversaciones de chat, ...) se perderán para siempre.</p>
+          <div class="row justify-content-end">
+              <a class="btn btn-primary" href="/unlock/" role="button">Reactivar tu cuenta</a>
+          </div>
+        </div>
+      </div>
+    </div>
+
+{{template "footer.html"}}
+