Documentation ¶
Index ¶
- Constants
- Variables
- func AddGroup(tx *sqlx.Tx, name string, description string) error
- func AddUserToGroup(tx *sqlx.Tx, user string, group string) error
- func DeleteGroup(tx *sql.Tx, name string) error
- func GetAllUsersAndGroups(tx *sqlx.Tx) (users map[int64]*(User), groups map[int64]*(Group), err error)
- func GetGroupsMapWithoutUsers(tx *sqlx.Tx) (groups map[int64]*(Group), err error)
- func GetUsersMapWithoutGroups(tx *sqlx.Tx) (users map[int64]*(User), err error)
- func Login(tx *sqlx.Tx, username string, password string) (err error)
- func RemoveUserFromGroup(tx *sqlx.Tx, user string, group string) error
- func SetUserPassword(tx *sqlx.Tx, username string, password string) error
- func UserDisable(tx *sqlx.Tx, username string) (err error)
- func UserEnable(tx *sqlx.Tx, username string) (err error)
- func ValidatePasswordResetToken(tx *sqlx.Tx, token string) (username string, err error)
- type Group
- type GroupMembership
- type User
- func (u *User) CanEditUser(username string) bool
- func (u *User) CanViewUser(username string) bool
- func (u User) CommonName() string
- func (u *User) GetGroupsNotMemberOf(tx *sqlx.Tx) (groups []string, err error)
- func (u *User) GetPasswordResetToken(hours int64) string
- func (u *User) GetPasswordResetValue() []byte
- func (u User) HomeDirectory() string
- func (u User) IsAdmin() bool
- func (u *User) SendPasswordResetEmail() error
- func (u User) UnixGroupID() int64
- func (u User) UnixUserID() int64
Constants ¶
const ( // MySQLZeroDate is a workaround for MySQL not supporting Go's Zero-value // for Dates (0000-00-00 00:00:00). So instead, we have to set each MySQL // date column to also have a default of this. MySQLZeroDate = `0001-01-01 00:00:00` )
Variables ¶
var ( ErrorLogin = merry.New("login error") ErrorLoginDisabled = merry.WithMessage(ErrorLogin, "account disabled") ErrorLoginPassword = merry.WithMessage(ErrorLogin, "wrong password") )
Functions ¶
func AddUserToGroup ¶
AddUserToGroup adds the User to a Group.
func GetAllUsersAndGroups ¶
func GetAllUsersAndGroups(tx *sqlx.Tx) (users map[int64]*(User), groups map[int64]*(Group), err error)
GetAllUsersAndGroups Users and Groups, WITH membership info populated.
This exists because it *should* be more efficient for populating group membership info IF AND ONLY IF you need all or most of the users and groups.
func GetGroupsMapWithoutUsers ¶
GetGroupsMapWithoutUsers returns a map of all Groups (using their DB ID as the key), sans Members attribute.
If you need the Members attribute, please consider using user2group.GetAll() as this will likely be more efficient.
func GetUsersMapWithoutGroups ¶
GetUsersWithoutGroups returns a map of users, stored by their database ID.
func RemoveUserFromGroup ¶
RemoveUserFromGroup removes the User from a Group.
func SetUserPassword ¶
SetUserPassword checks the password's strength, and if ok, updates the database.
Types ¶
type Group ¶
type Group struct { ID int64 `db:"ID"` Name string `db:"Name"` Description string `db:"Description"` Members []string }
Group represents and LDAP group's attributes and members
func (Group) UnixGroupID ¶
UnixGroupID is always their database ID + 100. This assumes that regular groups start at 100.
** Doesn't use a pointer to `u` so it can be use in HTML templates.
type GroupMembership ¶
GroupMembership indicates the name and whether the User is a member or not.
func GetUsersMembership ¶
func GetUsersMembership(tx *sqlx.Tx, userID int64) (groups []GroupMembership, err error)
GetUsersMembership takes a User ID, and returns a slice of Groups, indicating whether that User is a member or not.
type User ¶
type User struct { ID int64 `db:"ID"` // Database ID Username string `db:"Username"` // FirstName represents the user's first name. In LDAP it's referred to as // their given name (givenName). FirstName string `db:"FirstName"` // LastName represents the user's last (or family) name. In LDAP it's // referred to as their surname (sn). LastName string `db:"LastName"` Email string `db:"Email"` PasswordHash string `db:"PasswordHash"` // SQL Default: '-' // Date and time when was this password last set or changed. PasswordSet time.Time `db:"PasswordSet"` // SQL Default: 0001-01-01 00:00:00 // Date and time when this user last logged in. LastLogin time.Time `db:"LastLogin"` // SQL Default: 0001-01-01 00:00:00 // If disabled, LDAP binds for this account will fail. Logins to zauth's // user management page will continue to work however! Disabled bool `db:"Disabled"` // If true, don't allow to login Groups []string }
User represents an LDAP user's attributes and group membership
Assumptions:
- Database IDs, and Usernames MUST be unique, and will NEVER change.
- Only admins can create new users, change groups, and enable/disable users
- Enabled means that user can perform LDAP BIND operations. Disabled users can still login to this website to see and change their info however.
- A user's UnixUserID and UnixGroupID are ALWAYS their DB ID + 1000.
func GetUserWithGroups ¶
GetUserWithGroups returns a single User struct, including the groups they belong to (in alphabetical ascending order by name).
func NewUser ¶
NewUser creates a new user (if details are valid), and send them an email so they can set their initial password.
func (*User) CanEditUser ¶
CanEditUser returns true if THIS user can edit USERNAME's details.
Admins can view/edit all users. All others can only view/edit themselves.
func (*User) CanViewUser ¶
CanViewUser returns true if THIS user can view USERNAME's details.
Admins can view/edit all users. All others can only view/edit themselves.
func (User) CommonName ¶
CommonName is the user's full name (returns the first and last names).
The name of this function is a reference to LDAP's terminology 'cn' for the full name of a user (LDAP uses 'sn' or Surname, and 'givenname' as the first name).
** Doesn't use a pointer to `u` so it can be use in HTML templates.
func (*User) GetGroupsNotMemberOf ¶
GetGroupsNotMemberOf returns a slice of all Group names this user is NOT a member of.
func (*User) GetPasswordResetToken ¶
GetPasswordResetToken returns a new token allowing the user to authenticate and reset their password for a limited time.
The token will expire in the number of hours specified at creation.
func (*User) GetPasswordResetValue ¶
GetPasswordResetValue return the password reset value for THIS user.
Use user.GetPasswordResetValue(username) if you don't already have the user in memory.
func (User) HomeDirectory ¶
HomeDirectory returns their Unix directory as "/home/username"
** Doesn't use a pointer to `u` so it can be use in HTML templates.
func (User) IsAdmin ¶
IsAdmin returns true if this User belongs to a group named 'admin'.
** Doesn't use a pointer to `u` so it can be use in HTML templates.
func (*User) SendPasswordResetEmail ¶
SendPasswordResetEmail uses `GetPasswordResetToken` to create and send a password reset link.
This uses the configured site name, URI, reply email, and reset timeout to create the email. If these are incorrectly configured, this may not work!
func (User) UnixGroupID ¶
UnixGroupID returns the same value as UnixUserID, which assumes that they belong to their own group.
** Doesn't use a pointer to `u` so it can be use in HTML templates.
func (User) UnixUserID ¶
UnixUserID returns their Unix ID, which is always their database ID + 1000. This assumes that regular user accounts start at 1000.
** Doesn't use a pointer to `u` so it can be use in HTML templates.