harbor/dao/user.go

/*
   Copyright (c) 2016 VMware, Inc. All Rights Reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/

package dao

import (
	"database/sql"
	"errors"

	"github.com/vmware/harbor/models"
	"github.com/vmware/harbor/utils"

	"github.com/astaxie/beego/orm"
	"github.com/vmware/harbor/utils/log"
)

// GetUser ...
func GetUser(query models.User) (*models.User, error) {

	o := orm.NewOrm()

	sql := `select user_id, username, email, realname, comment, reset_uuid, salt,
		sysadmin_flag, creation_time, update_time
		from user u
		where deleted = 0 `
	queryParam := make([]interface{}, 1)
	if query.UserID != 0 {
		sql += ` and user_id = ? `
		queryParam = append(queryParam, query.UserID)
	}

	if query.Username != "" {
		sql += ` and username = ? `
		queryParam = append(queryParam, query.Username)
	}

	if query.ResetUUID != "" {
		sql += ` and reset_uuid = ? `
		queryParam = append(queryParam, query.ResetUUID)
	}

	var u []models.User
	n, err := o.Raw(sql, queryParam).QueryRows(&u)

	if err != nil {
		return nil, err
	}
	if n == 0 {
		return nil, nil
	}

	return &u[0], nil
}

// LoginByDb is used for user to login with database auth mode.
func LoginByDb(auth models.AuthModel) (*models.User, error) {
	o := orm.NewOrm()

	var users []models.User
	n, err := o.Raw(`select * from user where (username = ? or email = ?) and deleted = 0`,
		auth.Principal, auth.Principal).QueryRows(&users)
	if err != nil {
		return nil, err
	}
	if n == 0 {
		return nil, nil
	}

	user := users[0]

	if user.Password != utils.Encrypt(auth.Password, user.Salt) {
		return nil, nil
	}

	user.Password = "" //do not return the password

	return &user, nil
}

// ListUsers lists all users according to different conditions.
func ListUsers(query models.User) ([]models.User, error) {
	o := orm.NewOrm()
	u := []models.User{}
	sql := `select  user_id, username, email, realname, comment, reset_uuid, salt,
		sysadmin_flag, creation_time, update_time
		from user u
		where u.deleted = 0 and u.user_id != 1 `

	queryParam := make([]interface{}, 1)
	if query.Username != "" {
		sql += ` and username like ? `
		queryParam = append(queryParam, query.Username)
	}
	sql += ` order by user_id desc `

	_, err := o.Raw(sql, queryParam).QueryRows(&u)
	return u, err
}

// ToggleUserAdminRole gives a user admim role.
func ToggleUserAdminRole(u models.User) error {
	o := orm.NewOrm()

	sql := `update user set sysadmin_flag =not sysadmin_flag where user_id = ?`

	r, err := o.Raw(sql, u.UserID).Exec()
	if err != nil {
		return err
	}

	if _, err := r.RowsAffected(); err != nil {
		return err
	}

	return nil
}

// ChangeUserPassword ...
func ChangeUserPassword(u models.User, oldPassword ...string) (err error) {
	if len(oldPassword) > 1 {
		return errors.New("Wrong numbers of params.")
	}

	o := orm.NewOrm()

	var r sql.Result
	if len(oldPassword) == 0 {
		//In some cases, it may no need to check old password, just as Linux change password policies.
		r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID).Exec()
	} else {
		r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec()
	}

	if err != nil {
		return err
	}
	c, err := r.RowsAffected()
	if err != nil {
		return err
	}
	if c == 0 {
		return errors.New("No record has been modified, change password failed.")
	}

	return nil
}

// ResetUserPassword ...
func ResetUserPassword(u models.User) error {
	o := orm.NewOrm()
	r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUUID).Exec()
	if err != nil {
		return err
	}
	count, err := r.RowsAffected()
	if err != nil {
		return err
	}
	if count == 0 {
		return errors.New("No record be changed, reset password failed.")
	}
	return nil
}

// UpdateUserResetUUID ...
func UpdateUserResetUUID(u models.User) error {
	o := orm.NewOrm()
	_, err := o.Raw(`update user set reset_uuid=? where email=?`, u.ResetUUID, u.Email).Exec()
	return err
}

// CheckUserPassword checks whether the password is correct.
func CheckUserPassword(query models.User) (*models.User, error) {

	currentUser, err := GetUser(query)

	if err != nil {
		return nil, err
	}

	if currentUser == nil {
		return nil, nil
	}

	sql := `select user_id, username, salt from user where deleted = 0`

	queryParam := make([]interface{}, 1)

	if query.UserID != 0 {
		sql += ` and password = ? and user_id = ?`
		queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt))
		queryParam = append(queryParam, query.UserID)
	} else {
		sql += ` and username = ? and password = ?`
		queryParam = append(queryParam, currentUser.Username)
		queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt))
	}
	o := orm.NewOrm()
	var user []models.User

	n, err := o.Raw(sql, queryParam).QueryRows(&user)

	if err != nil {
		return nil, err
	}

	if n == 0 {
		log.Warning("User principal does not match password. Current:", currentUser)
		return nil, nil
	}

	return &user[0], nil
}

// DeleteUser ...
func DeleteUser(userID int) error {
	o := orm.NewOrm()
	_, err := o.Raw(`update user set deleted = 1 where user_id = ?`, userID).Exec()
	return err
}
Initial commit 2016-02-01 12:59:10 +01:00			`/*`
			`Copyright (c) 2016 VMware, Inc. All Rights Reserved.`
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`
fix package comment issue 2016-02-26 11:54:14 +01:00
Initial commit 2016-02-01 12:59:10 +01:00			`package dao`

			`import (`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`"database/sql"`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`"errors"`

Initial commit 2016-02-01 12:59:10 +01:00			`"github.com/vmware/harbor/models"`
			`"github.com/vmware/harbor/utils"`

			`"github.com/astaxie/beego/orm"`
db refactor 2016-03-28 09:34:41 +02:00			`"github.com/vmware/harbor/utils/log"`
Initial commit 2016-02-01 12:59:10 +01:00			`)`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// GetUser ...`
Initial commit 2016-02-01 12:59:10 +01:00			`func GetUser(query models.User) (*models.User, error) {`

			`o := orm.NewOrm()`

db refactor 2016-03-28 09:34:41 +02:00			sql := `select user_id, username, email, realname, comment, reset_uuid, salt,
			`sysadmin_flag, creation_time, update_time`
Initial commit 2016-02-01 12:59:10 +01:00			`from user u`
			where deleted = 0 `
			`queryParam := make([]interface{}, 1)`
golint refactor for model 2016-02-26 03:15:01 +01:00			`if query.UserID != 0 {`
Initial commit 2016-02-01 12:59:10 +01:00			sql += ` and user_id = ? `
golint refactor for model 2016-02-26 03:15:01 +01:00			`queryParam = append(queryParam, query.UserID)`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`if query.Username != "" {`
			sql += ` and username = ? `
			`queryParam = append(queryParam, query.Username)`
			`}`

golint refactor for model 2016-02-26 03:15:01 +01:00			`if query.ResetUUID != "" {`
Initial commit 2016-02-01 12:59:10 +01:00			sql += ` and reset_uuid = ? `
golint refactor for model 2016-02-26 03:15:01 +01:00			`queryParam = append(queryParam, query.ResetUUID)`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`var u []models.User`
			`n, err := o.Raw(sql, queryParam).QueryRows(&u)`

			`if err != nil {`
			`return nil, err`
db refactor 2016-03-28 09:34:41 +02:00			`}`
			`if n == 0 {`
Initial commit 2016-02-01 12:59:10 +01:00			`return nil, nil`
			`}`
db refactor 2016-03-28 09:34:41 +02:00
			`return &u[0], nil`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// LoginByDb is used for user to login with database auth mode.`
Initial commit 2016-02-01 12:59:10 +01:00			`func LoginByDb(auth models.AuthModel) (*models.User, error) {`
			`o := orm.NewOrm()`
db refactor 2016-03-28 09:34:41 +02:00
			`var users []models.User`
return nil if the user is deleted in LoginByDb() 2016-03-30 08:36:38 +02:00			n, err := o.Raw(`select * from user where (username = ? or email = ?) and deleted = 0`,
db refactor 2016-03-28 09:34:41 +02:00			`auth.Principal, auth.Principal).QueryRows(&users)`
Initial commit 2016-02-01 12:59:10 +01:00			`if err != nil {`
			`return nil, err`
db refactor 2016-03-28 09:34:41 +02:00			`}`
			`if n == 0 {`
			`return nil, nil`
			`}`

			`user := users[0]`

			`if user.Password != utils.Encrypt(auth.Password, user.Salt) {`
Initial commit 2016-02-01 12:59:10 +01:00			`return nil, nil`
			`}`

modified code according to the comments 2016-03-30 11:40:49 +02:00			`user.Password = "" //do not return the password`

db refactor 2016-03-28 09:34:41 +02:00			`return &user, nil`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// ListUsers lists all users according to different conditions.`
Initial commit 2016-02-01 12:59:10 +01:00			`func ListUsers(query models.User) ([]models.User, error) {`
			`o := orm.NewOrm()`
			`u := []models.User{}`
db refactor 2016-03-28 09:34:41 +02:00			sql := `select user_id, username, email, realname, comment, reset_uuid, salt,
			`sysadmin_flag, creation_time, update_time`
			`from user u`
			where u.deleted = 0 and u.user_id != 1 `
Initial commit 2016-02-01 12:59:10 +01:00
			`queryParam := make([]interface{}, 1)`
			`if query.Username != "" {`
db refactor 2016-03-28 09:34:41 +02:00			sql += ` and username like ? `
Initial commit 2016-02-01 12:59:10 +01:00			`queryParam = append(queryParam, query.Username)`
			`}`
db refactor 2016-03-28 09:34:41 +02:00			sql += ` order by user_id desc `
Initial commit 2016-02-01 12:59:10 +01:00
			`_, err := o.Raw(sql, queryParam).QueryRows(&u)`
			`return u, err`
			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// ToggleUserAdminRole gives a user admim role.`
Initial commit 2016-02-01 12:59:10 +01:00			`func ToggleUserAdminRole(u models.User) error {`
			`o := orm.NewOrm()`

modified code according to the comments 2016-03-30 11:40:49 +02:00			sql := `update user set sysadmin_flag =not sysadmin_flag where user_id = ?`
db refactor 2016-03-28 09:34:41 +02:00
modified code according to the comments 2016-03-30 11:40:49 +02:00			`r, err := o.Raw(sql, u.UserID).Exec()`
Initial commit 2016-02-01 12:59:10 +01:00			`if err != nil {`
			`return err`
			`}`

db refactor 2016-03-28 09:34:41 +02:00			`if _, err := r.RowsAffected(); err != nil {`
			`return err`
			`}`

			`return nil`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// ChangeUserPassword ...`
db refactor 2016-03-28 09:34:41 +02:00			`func ChangeUserPassword(u models.User, oldPassword ...string) (err error) {`
modified code according to the comments 2016-03-30 11:40:49 +02:00			`if len(oldPassword) > 1 {`
			`return errors.New("Wrong numbers of params.")`
			`}`

Initial commit 2016-02-01 12:59:10 +01:00			`o := orm.NewOrm()`
db refactor 2016-03-28 09:34:41 +02:00
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`var r sql.Result`
fixed no need to provide old password when initialization. 2016-02-24 11:58:28 +01:00			`if len(oldPassword) == 0 {`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`//In some cases, it may no need to check old password, just as Linux change password policies.`
db refactor 2016-03-28 09:34:41 +02:00			r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID).Exec()
modified code according to the comments 2016-03-30 11:40:49 +02:00			`} else {`
golint refactor for model 2016-02-26 03:15:01 +01:00			r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec()
modified code according to the comments 2016-03-30 11:40:49 +02:00			`}`
db refactor 2016-03-28 09:34:41 +02:00
modified code according to the comments 2016-03-30 11:40:49 +02:00			`if err != nil {`
			`return err`
			`}`
			`c, err := r.RowsAffected()`
			`if err != nil {`
			`return err`
			`}`
			`if c == 0 {`
			`return errors.New("No record has been modified, change password failed.")`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`}`
db refactor 2016-03-28 09:34:41 +02:00
modified code according to the comments 2016-03-30 11:40:49 +02:00			`return nil`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// ResetUserPassword ...`
Initial commit 2016-02-01 12:59:10 +01:00			`func ResetUserPassword(u models.User) error {`
			`o := orm.NewOrm()`
golint refactor for model 2016-02-26 03:15:01 +01:00			r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUUID).Exec()
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`if err != nil {`
			`return err`
			`}`
			`count, err := r.RowsAffected()`
refined error check in changing and resetting password, added ut for changing password with incorrect old password. 2016-02-24 14:36:45 +01:00			`if err != nil {`
			`return err`
			`}`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`if count == 0 {`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`return errors.New("No record be changed, reset password failed.")`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`}`
db refactor 2016-03-28 09:34:41 +02:00			`return nil`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// UpdateUserResetUUID ...`
golint refactor for dao 2016-02-26 04:26:54 +01:00			`func UpdateUserResetUUID(u models.User) error {`
Initial commit 2016-02-01 12:59:10 +01:00			`o := orm.NewOrm()`
golint refactor for model 2016-02-26 03:15:01 +01:00			_, err := o.Raw(`update user set reset_uuid=? where email=?`, u.ResetUUID, u.Email).Exec()
Initial commit 2016-02-01 12:59:10 +01:00			`return err`
			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// CheckUserPassword checks whether the password is correct.`
Initial commit 2016-02-01 12:59:10 +01:00			`func CheckUserPassword(query models.User) (*models.User, error) {`

			`currentUser, err := GetUser(query)`

			`if err != nil {`
			`return nil, err`
			`}`

			`if currentUser == nil {`
			`return nil, nil`
			`}`

			sql := `select user_id, username, salt from user where deleted = 0`

			`queryParam := make([]interface{}, 1)`

golint refactor for model 2016-02-26 03:15:01 +01:00			`if query.UserID != 0 {`
Initial commit 2016-02-01 12:59:10 +01:00			sql += ` and password = ? and user_id = ?`
			`queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt))`
golint refactor for model 2016-02-26 03:15:01 +01:00			`queryParam = append(queryParam, query.UserID)`
Initial commit 2016-02-01 12:59:10 +01:00			`} else {`
			sql += ` and username = ? and password = ?`
			`queryParam = append(queryParam, currentUser.Username)`
			`queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt))`
			`}`
			`o := orm.NewOrm()`
			`var user []models.User`

			`n, err := o.Raw(sql, queryParam).QueryRows(&user)`

			`if err != nil {`
			`return nil, err`
db refactor 2016-03-28 09:34:41 +02:00			`}`

			`if n == 0 {`
			`log.Warning("User principal does not match password. Current:", currentUser)`
Initial commit 2016-02-01 12:59:10 +01:00			`return nil, nil`
			`}`
db refactor 2016-03-28 09:34:41 +02:00
			`return &user[0], nil`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint comment for model, dao and utils 2016-02-26 11:13:13 +01:00			`// DeleteUser ...`
golint refactor for dao 2016-02-26 04:26:54 +01:00			`func DeleteUser(userID int) error {`
Initial commit 2016-02-01 12:59:10 +01:00			`o := orm.NewOrm()`
golint refactor for dao 2016-02-26 04:26:54 +01:00			_, err := o.Raw(`update user set deleted = 1 where user_id = ?`, userID).Exec()
Initial commit 2016-02-01 12:59:10 +01:00			`return err`
			`}`