2016-02-01 12:59:10 +01:00
/ *
Copyright ( c ) 2016 VMware , Inc . All Rights Reserved .
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
2016-02-26 11:54:14 +01:00
2016-02-01 12:59:10 +01:00
package dao
import (
2016-02-24 13:44:46 +01:00
"database/sql"
2016-02-23 21:02:08 +01:00
"errors"
2016-02-01 12:59:10 +01:00
"github.com/vmware/harbor/models"
"github.com/vmware/harbor/utils"
"github.com/astaxie/beego/orm"
2016-03-28 09:34:41 +02:00
"github.com/vmware/harbor/utils/log"
2016-02-01 12:59:10 +01:00
)
2016-02-26 11:13:13 +01:00
// GetUser ...
2016-02-01 12:59:10 +01:00
func GetUser ( query models . User ) ( * models . User , error ) {
o := orm . NewOrm ( )
2016-03-28 09:34:41 +02:00
sql := ` select user_id , username , email , realname , comment , reset_uuid , salt ,
sysadmin_flag , creation_time , update_time
2016-02-01 12:59:10 +01:00
from user u
where deleted = 0 `
queryParam := make ( [ ] interface { } , 1 )
2016-02-26 03:15:01 +01:00
if query . UserID != 0 {
2016-02-01 12:59:10 +01:00
sql += ` and user_id = ? `
2016-02-26 03:15:01 +01:00
queryParam = append ( queryParam , query . UserID )
2016-02-01 12:59:10 +01:00
}
if query . Username != "" {
sql += ` and username = ? `
queryParam = append ( queryParam , query . Username )
}
2016-02-26 03:15:01 +01:00
if query . ResetUUID != "" {
2016-02-01 12:59:10 +01:00
sql += ` and reset_uuid = ? `
2016-02-26 03:15:01 +01:00
queryParam = append ( queryParam , query . ResetUUID )
2016-02-01 12:59:10 +01:00
}
var u [ ] models . User
n , err := o . Raw ( sql , queryParam ) . QueryRows ( & u )
if err != nil {
return nil , err
2016-03-28 09:34:41 +02:00
}
if n == 0 {
2016-02-01 12:59:10 +01:00
return nil , nil
}
2016-03-28 09:34:41 +02:00
return & u [ 0 ] , nil
2016-02-01 12:59:10 +01:00
}
2016-02-26 11:13:13 +01:00
// LoginByDb is used for user to login with database auth mode.
2016-02-01 12:59:10 +01:00
func LoginByDb ( auth models . AuthModel ) ( * models . User , error ) {
o := orm . NewOrm ( )
2016-03-28 09:34:41 +02:00
var users [ ] models . User
n , err := o . Raw ( ` select * from user where (username = ? or email = ?) ` ,
auth . Principal , auth . Principal ) . QueryRows ( & users )
2016-02-01 12:59:10 +01:00
if err != nil {
return nil , err
2016-03-28 09:34:41 +02:00
}
if n == 0 {
return nil , nil
}
user := users [ 0 ]
if user . Password != utils . Encrypt ( auth . Password , user . Salt ) {
2016-02-01 12:59:10 +01:00
return nil , nil
}
2016-03-28 09:34:41 +02:00
return & user , nil
2016-02-01 12:59:10 +01:00
}
2016-02-26 11:13:13 +01:00
// ListUsers lists all users according to different conditions.
2016-02-01 12:59:10 +01:00
func ListUsers ( query models . User ) ( [ ] models . User , error ) {
o := orm . NewOrm ( )
u := [ ] models . User { }
2016-03-28 09:34:41 +02:00
sql := ` select user_id , username , email , realname , comment , reset_uuid , salt ,
sysadmin_flag , creation_time , update_time
from user u
where u . deleted = 0 and u . user_id != 1 `
2016-02-01 12:59:10 +01:00
queryParam := make ( [ ] interface { } , 1 )
if query . Username != "" {
2016-03-28 09:34:41 +02:00
sql += ` and username like ? `
2016-02-01 12:59:10 +01:00
queryParam = append ( queryParam , query . Username )
}
2016-03-28 09:34:41 +02:00
sql += ` order by user_id desc `
2016-02-01 12:59:10 +01:00
_ , err := o . Raw ( sql , queryParam ) . QueryRows ( & u )
return u , err
}
2016-02-26 11:13:13 +01:00
// ToggleUserAdminRole gives a user admim role.
2016-02-01 12:59:10 +01:00
func ToggleUserAdminRole ( u models . User ) error {
o := orm . NewOrm ( )
2016-03-28 09:34:41 +02:00
var user models . User
err := o . Raw ( ` select sysadmin_flag from user where user_id = ? ` , u . UserID ) . QueryRow ( & user )
2016-02-01 12:59:10 +01:00
if err != nil {
return err
}
2016-03-28 09:34:41 +02:00
var sysAdminFlag int
if user . HasAdminRole == 0 {
sysAdminFlag = 1
2016-02-01 12:59:10 +01:00
} else {
2016-03-28 09:34:41 +02:00
sysAdminFlag = 0
2016-02-01 12:59:10 +01:00
}
2016-03-28 09:34:41 +02:00
sql := ` update user set sysadmin_flag = ? where user_id = ? `
r , err := o . Raw ( sql , sysAdminFlag , u . UserID ) . Exec ( )
2016-02-01 12:59:10 +01:00
if err != nil {
return err
}
2016-03-28 09:34:41 +02:00
if _ , err := r . RowsAffected ( ) ; err != nil {
return err
}
return nil
2016-02-01 12:59:10 +01:00
}
2016-02-26 11:13:13 +01:00
// ChangeUserPassword ...
2016-03-28 09:34:41 +02:00
func ChangeUserPassword ( u models . User , oldPassword ... string ) ( err error ) {
2016-02-01 12:59:10 +01:00
o := orm . NewOrm ( )
2016-03-28 09:34:41 +02:00
2016-02-24 13:44:46 +01:00
var r sql . Result
2016-02-24 11:58:28 +01:00
if len ( oldPassword ) == 0 {
2016-02-24 13:44:46 +01:00
//In some cases, it may no need to check old password, just as Linux change password policies.
2016-03-28 09:34:41 +02:00
r , err = o . Raw ( ` update user set password=?, salt=? where user_id=? ` , utils . Encrypt ( u . Password , u . Salt ) , u . Salt , u . UserID ) . Exec ( )
if err != nil {
return err
}
c , err := r . RowsAffected ( )
if err != nil {
return err
}
if c == 0 {
return errors . New ( "No record has been modified, change password failed." )
}
return nil
}
if len ( oldPassword ) == 1 {
2016-02-26 03:15:01 +01:00
r , err = o . Raw ( ` update user set password=?, salt=? where user_id=? and password = ? ` , utils . Encrypt ( u . Password , u . Salt ) , u . Salt , u . UserID , utils . Encrypt ( oldPassword [ 0 ] , u . Salt ) ) . Exec ( )
2016-02-24 14:36:45 +01:00
if err != nil {
return err
}
2016-03-28 09:34:41 +02:00
c , err := r . RowsAffected ( )
2016-02-24 14:36:45 +01:00
if err != nil {
return err
}
2016-03-28 09:34:41 +02:00
if c == 0 {
return errors . New ( "No record has been modified, change password failed." )
2016-02-24 14:36:45 +01:00
}
2016-03-28 09:34:41 +02:00
return nil
2016-02-24 13:44:46 +01:00
}
2016-03-28 09:34:41 +02:00
return errors . New ( "Wrong numbers of params." )
2016-02-01 12:59:10 +01:00
}
2016-02-26 11:13:13 +01:00
// ResetUserPassword ...
2016-02-01 12:59:10 +01:00
func ResetUserPassword ( u models . User ) error {
o := orm . NewOrm ( )
2016-02-26 03:15:01 +01:00
r , err := o . Raw ( ` update user set password=?, reset_uuid=? where reset_uuid=? ` , utils . Encrypt ( u . Password , u . Salt ) , "" , u . ResetUUID ) . Exec ( )
2016-02-23 21:02:08 +01:00
if err != nil {
return err
}
count , err := r . RowsAffected ( )
2016-02-24 14:36:45 +01:00
if err != nil {
return err
}
2016-02-23 21:02:08 +01:00
if count == 0 {
2016-02-24 13:44:46 +01:00
return errors . New ( "No record be changed, reset password failed." )
2016-02-23 21:02:08 +01:00
}
2016-03-28 09:34:41 +02:00
return nil
2016-02-01 12:59:10 +01:00
}
2016-02-26 11:13:13 +01:00
// UpdateUserResetUUID ...
2016-02-26 04:26:54 +01:00
func UpdateUserResetUUID ( u models . User ) error {
2016-02-01 12:59:10 +01:00
o := orm . NewOrm ( )
2016-02-26 03:15:01 +01:00
_ , err := o . Raw ( ` update user set reset_uuid=? where email=? ` , u . ResetUUID , u . Email ) . Exec ( )
2016-02-01 12:59:10 +01:00
return err
}
2016-02-26 11:13:13 +01:00
// CheckUserPassword checks whether the password is correct.
2016-02-01 12:59:10 +01:00
func CheckUserPassword ( query models . User ) ( * models . User , error ) {
currentUser , err := GetUser ( query )
if err != nil {
return nil , err
}
if currentUser == nil {
return nil , nil
}
sql := ` select user_id, username, salt from user where deleted = 0 `
queryParam := make ( [ ] interface { } , 1 )
2016-02-26 03:15:01 +01:00
if query . UserID != 0 {
2016-02-01 12:59:10 +01:00
sql += ` and password = ? and user_id = ? `
queryParam = append ( queryParam , utils . Encrypt ( query . Password , currentUser . Salt ) )
2016-02-26 03:15:01 +01:00
queryParam = append ( queryParam , query . UserID )
2016-02-01 12:59:10 +01:00
} else {
sql += ` and username = ? and password = ? `
queryParam = append ( queryParam , currentUser . Username )
queryParam = append ( queryParam , utils . Encrypt ( query . Password , currentUser . Salt ) )
}
o := orm . NewOrm ( )
var user [ ] models . User
n , err := o . Raw ( sql , queryParam ) . QueryRows ( & user )
if err != nil {
return nil , err
2016-03-28 09:34:41 +02:00
}
if n == 0 {
log . Warning ( "User principal does not match password. Current:" , currentUser )
2016-02-01 12:59:10 +01:00
return nil , nil
}
2016-03-28 09:34:41 +02:00
return & user [ 0 ] , nil
2016-02-01 12:59:10 +01:00
}
2016-02-26 11:13:13 +01:00
// DeleteUser ...
2016-02-26 04:26:54 +01:00
func DeleteUser ( userID int ) error {
2016-02-01 12:59:10 +01:00
o := orm . NewOrm ( )
2016-02-26 04:26:54 +01:00
_ , err := o . Raw ( ` update user set deleted = 1 where user_id = ? ` , userID ) . Exec ( )
2016-02-01 12:59:10 +01:00
return err
}