harbor/dao/user.go

244 lines
6.0 KiB
Go
Raw Normal View History

2016-02-01 12:59:10 +01:00
/*
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
2016-02-26 11:54:14 +01:00
2016-02-01 12:59:10 +01:00
package dao
import (
"database/sql"
"errors"
2016-09-13 11:41:32 +02:00
"fmt"
2016-02-01 12:59:10 +01:00
"github.com/vmware/harbor/models"
"github.com/vmware/harbor/utils"
2016-03-28 09:34:41 +02:00
"github.com/vmware/harbor/utils/log"
2016-02-01 12:59:10 +01:00
)
// GetUser ...
2016-02-01 12:59:10 +01:00
func GetUser(query models.User) (*models.User, error) {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-02-01 12:59:10 +01:00
2016-03-28 09:34:41 +02:00
sql := `select user_id, username, email, realname, comment, reset_uuid, salt,
sysadmin_flag, creation_time, update_time
2016-02-01 12:59:10 +01:00
from user u
where deleted = 0 `
queryParam := make([]interface{}, 1)
2016-02-26 03:15:01 +01:00
if query.UserID != 0 {
2016-02-01 12:59:10 +01:00
sql += ` and user_id = ? `
2016-02-26 03:15:01 +01:00
queryParam = append(queryParam, query.UserID)
2016-02-01 12:59:10 +01:00
}
if query.Username != "" {
sql += ` and username = ? `
queryParam = append(queryParam, query.Username)
}
2016-02-26 03:15:01 +01:00
if query.ResetUUID != "" {
2016-02-01 12:59:10 +01:00
sql += ` and reset_uuid = ? `
2016-02-26 03:15:01 +01:00
queryParam = append(queryParam, query.ResetUUID)
2016-02-01 12:59:10 +01:00
}
var u []models.User
n, err := o.Raw(sql, queryParam).QueryRows(&u)
if err != nil {
return nil, err
2016-03-28 09:34:41 +02:00
}
if n == 0 {
2016-02-01 12:59:10 +01:00
return nil, nil
}
2016-03-28 09:34:41 +02:00
return &u[0], nil
2016-02-01 12:59:10 +01:00
}
// LoginByDb is used for user to login with database auth mode.
2016-02-01 12:59:10 +01:00
func LoginByDb(auth models.AuthModel) (*models.User, error) {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-03-28 09:34:41 +02:00
var users []models.User
n, err := o.Raw(`select * from user where (username = ? or email = ?) and deleted = 0`,
2016-03-28 09:34:41 +02:00
auth.Principal, auth.Principal).QueryRows(&users)
2016-02-01 12:59:10 +01:00
if err != nil {
return nil, err
2016-03-28 09:34:41 +02:00
}
if n == 0 {
return nil, nil
}
user := users[0]
if user.Password != utils.Encrypt(auth.Password, user.Salt) {
2016-02-01 12:59:10 +01:00
return nil, nil
}
user.Password = "" //do not return the password
2016-03-28 09:34:41 +02:00
return &user, nil
2016-02-01 12:59:10 +01:00
}
// ListUsers lists all users according to different conditions.
2016-02-01 12:59:10 +01:00
func ListUsers(query models.User) ([]models.User, error) {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-02-01 12:59:10 +01:00
u := []models.User{}
2016-03-28 09:34:41 +02:00
sql := `select user_id, username, email, realname, comment, reset_uuid, salt,
sysadmin_flag, creation_time, update_time
from user u
where u.deleted = 0 and u.user_id != 1 `
2016-02-01 12:59:10 +01:00
queryParam := make([]interface{}, 1)
if query.Username != "" {
2016-03-28 09:34:41 +02:00
sql += ` and username like ? `
2016-02-01 12:59:10 +01:00
queryParam = append(queryParam, query.Username)
}
2016-03-28 09:34:41 +02:00
sql += ` order by user_id desc `
2016-02-01 12:59:10 +01:00
_, err := o.Raw(sql, queryParam).QueryRows(&u)
return u, err
}
2016-04-18 05:35:46 +02:00
// ToggleUserAdminRole gives a user admin role.
2016-06-02 11:33:10 +02:00
func ToggleUserAdminRole(userID, hasAdmin int) error {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-08-05 10:23:38 +02:00
queryParams := make([]interface{}, 1)
2016-06-02 11:33:10 +02:00
sql := `update user set sysadmin_flag = ? where user_id = ?`
queryParams = append(queryParams, hasAdmin)
queryParams = append(queryParams, userID)
r, err := o.Raw(sql, queryParams).Exec()
2016-02-01 12:59:10 +01:00
if err != nil {
return err
}
2016-03-28 09:34:41 +02:00
if _, err := r.RowsAffected(); err != nil {
return err
}
return nil
2016-02-01 12:59:10 +01:00
}
// ChangeUserPassword ...
2016-03-28 09:34:41 +02:00
func ChangeUserPassword(u models.User, oldPassword ...string) (err error) {
if len(oldPassword) > 1 {
return errors.New("Wrong numbers of params.")
}
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-03-28 09:34:41 +02:00
var r sql.Result
if len(oldPassword) == 0 {
//In some cases, it may no need to check old password, just as Linux change password policies.
2016-03-28 09:34:41 +02:00
r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID).Exec()
} else {
2016-02-26 03:15:01 +01:00
r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec()
}
2016-03-28 09:34:41 +02:00
if err != nil {
return err
}
c, err := r.RowsAffected()
if err != nil {
return err
}
if c == 0 {
return errors.New("No record has been modified, change password failed.")
}
2016-03-28 09:34:41 +02:00
return nil
2016-02-01 12:59:10 +01:00
}
// ResetUserPassword ...
2016-02-01 12:59:10 +01:00
func ResetUserPassword(u models.User) error {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-02-26 03:15:01 +01:00
r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUUID).Exec()
if err != nil {
return err
}
count, err := r.RowsAffected()
if err != nil {
return err
}
if count == 0 {
return errors.New("No record be changed, reset password failed.")
}
2016-03-28 09:34:41 +02:00
return nil
2016-02-01 12:59:10 +01:00
}
// UpdateUserResetUUID ...
2016-02-26 04:26:54 +01:00
func UpdateUserResetUUID(u models.User) error {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-02-26 03:15:01 +01:00
_, err := o.Raw(`update user set reset_uuid=? where email=?`, u.ResetUUID, u.Email).Exec()
2016-02-01 12:59:10 +01:00
return err
}
// CheckUserPassword checks whether the password is correct.
2016-02-01 12:59:10 +01:00
func CheckUserPassword(query models.User) (*models.User, error) {
currentUser, err := GetUser(query)
if err != nil {
return nil, err
}
if currentUser == nil {
return nil, nil
}
2016-08-05 10:23:38 +02:00
sql := `select user_id, username, salt from user where deleted = 0 and username = ? and password = ?`
2016-02-01 12:59:10 +01:00
queryParam := make([]interface{}, 1)
2016-08-05 10:23:38 +02:00
queryParam = append(queryParam, currentUser.Username)
queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt))
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-02-01 12:59:10 +01:00
var user []models.User
n, err := o.Raw(sql, queryParam).QueryRows(&user)
if err != nil {
return nil, err
2016-03-28 09:34:41 +02:00
}
if n == 0 {
log.Warning("User principal does not match password. Current:", currentUser)
2016-02-01 12:59:10 +01:00
return nil, nil
}
2016-03-28 09:34:41 +02:00
return &user[0], nil
2016-02-01 12:59:10 +01:00
}
// DeleteUser ...
2016-02-26 04:26:54 +01:00
func DeleteUser(userID int) error {
2016-05-20 10:36:10 +02:00
o := GetOrmer()
2016-09-13 11:41:32 +02:00
user, err := GetUser(models.User{
UserID: userID,
})
if err != nil {
return err
}
name := fmt.Sprintf("%s#%d", user.Username, user.UserID)
email := fmt.Sprintf("%s#%d", user.Email, user.UserID)
_, err = o.Raw(`update user
set deleted = 1, username = ?, email = ?
where user_id = ?`, name, email, userID).Exec()
2016-02-01 12:59:10 +01:00
return err
}
// ChangeUserProfile ...
func ChangeUserProfile(user models.User) error {
2016-05-25 09:45:30 +02:00
o := GetOrmer()
2016-05-25 08:21:01 +02:00
if _, err := o.Update(&user, "Email", "Realname", "Comment"); err != nil {
2016-05-20 11:39:49 +02:00
log.Errorf("update user failed, error: %v", err)
return err
}
return nil
}