wg-portal/internal/server/handlers_auth.go
2020-11-16 22:39:41 +01:00

136 lines
3.7 KiB
Go

package server
import (
"net/http"
"strings"
log "github.com/sirupsen/logrus"
"github.com/gin-gonic/gin"
)
func (s *Server) GetLogin(c *gin.Context) {
currentSession := s.getSessionData(c)
if currentSession.LoggedIn {
c.Redirect(http.StatusSeeOther, "/") // already logged in
}
authError := c.DefaultQuery("err", "")
errMsg := "Unknown error occurred, try again!"
switch authError {
case "missingdata":
errMsg = "Invalid login data retrieved, please fill out all fields and try again!"
case "authfail":
errMsg = "Authentication failed!"
case "loginreq":
errMsg = "Login required!"
}
c.HTML(http.StatusOK, "login.html", gin.H{
"error": authError != "",
"message": errMsg,
"static": s.getStaticData(),
})
}
func (s *Server) PostLogin(c *gin.Context) {
currentSession := s.getSessionData(c)
if currentSession.LoggedIn {
// already logged in
c.Redirect(http.StatusSeeOther, "/")
return
}
username := strings.ToLower(c.PostForm("username"))
password := c.PostForm("password")
// Validate form input
if strings.Trim(username, " ") == "" || strings.Trim(password, " ") == "" {
c.Redirect(http.StatusSeeOther, "/auth/login?err=missingdata")
return
}
adminAuthenticated := false
if s.config.Core.AdminUser != "" && username == s.config.Core.AdminUser && password == s.config.Core.AdminPassword {
adminAuthenticated = true
}
// Check if user is in cache, avoid unnecessary ldap requests
if !adminAuthenticated && !s.ldapUsers.UserExists(username) {
c.Redirect(http.StatusSeeOther, "/auth/login?err=authfail")
}
// Check if username and password match
if !adminAuthenticated && !s.ldapAuth.CheckLogin(username, password) {
c.Redirect(http.StatusSeeOther, "/auth/login?err=authfail")
return
}
var sessionData SessionData
if adminAuthenticated {
sessionData = SessionData{
LoggedIn: true,
IsAdmin: true,
Email: "autodetected@example.com",
UID: "adminuid",
UserName: username,
Firstname: "System",
Lastname: "Administrator",
SortedBy: "mail",
SortDirection: "asc",
Search: "",
}
} else {
dn := s.ldapUsers.GetUserDN(username)
userData := s.ldapUsers.GetUserData(dn)
sessionData = SessionData{
LoggedIn: true,
IsAdmin: s.ldapUsers.IsInGroup(username, s.config.AdminLdapGroup),
UID: userData.GetUID(),
UserName: username,
Email: userData.Mail,
Firstname: userData.Firstname,
Lastname: userData.Lastname,
SortedBy: "mail",
SortDirection: "asc",
Search: "",
}
}
// Check if user already has a peer setup, if not create one
if s.config.Core.CreateInterfaceOnLogin && !adminAuthenticated {
users := s.users.GetUsersByMail(sessionData.Email)
if len(users) == 0 { // Create vpn peer
err := s.CreateUser(User{
Identifier: sessionData.Firstname + " " + sessionData.Lastname + " (Default)",
Email: sessionData.Email,
CreatedBy: sessionData.Email,
UpdatedBy: sessionData.Email,
})
log.Errorf("Failed to automatically create vpn peer for %s: %v", sessionData.Email, err)
}
}
if err := s.updateSessionData(c, sessionData); err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "login error", "failed to save session")
return
}
c.Redirect(http.StatusSeeOther, "/")
}
func (s *Server) GetLogout(c *gin.Context) {
currentSession := s.getSessionData(c)
if !currentSession.LoggedIn { // Not logged in
c.Redirect(http.StatusSeeOther, "/")
return
}
if err := s.destroySessionData(c); err != nil {
s.GetHandleError(c, http.StatusInternalServerError, "logout error", "failed to destroy session")
return
}
c.Redirect(http.StatusSeeOther, "/")
}