This repository has been archived by the owner on Jun 4, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user.go
75 lines (68 loc) · 2.17 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package user
import (
"github.com/sirupsen/logrus"
"golang.org/x/crypto/bcrypt"
"github.com/MikMuellerDev/smarthome/core/database"
)
var log *logrus.Logger
func InitLogger(logger *logrus.Logger) {
log = logger
}
// Will return <true / false> based on authentication validity
// <true> means valid authentication
// Can return an error if the database fails to return a valid result, meaning service downtime
func ValidateCredentials(username string, password string) (bool, error) {
_, userExists, err := database.GetUserByUsername(username)
if err != nil {
log.Error("Failed to validate password: could not check if user exists: ", err.Error())
return false, err
}
if !userExists {
log.Trace("Credentials invalid: user does not exist")
return false, nil
}
hash, err := database.GetUserPasswordHash(username)
if err != nil {
log.Error("Failed to validate password: database failure")
return false, err
}
err = bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
if err == nil {
return true, nil
}
if err.Error() != "crypto/bcrypt: hashedPassword is not the hash of the given password" {
log.Error("failed to check password: ", err.Error())
return false, err
}
log.Trace("password check using bcrypt failed: passwords do not match")
return false, nil
}
// Removes a user, also removes everything that depends on the user (permissions, switchPermissions)
func DeleteUser(username string) error {
if err := RemoveAvatar(username); err != nil {
log.Error("Failed to delete user: removing avatar failed: ", err.Error())
return err
}
if err := database.DeleteUser(username); err != nil {
log.Error("Failed to delete user: fatabase error: ", err.Error())
return err
}
return nil
}
// Checks if the user is the only entity with user management permission
func IsStandaloneUserAdmin(username string) (bool, error) {
users, err := database.ListUsers()
if err != nil {
return false, err
}
for _, user := range users {
hasPermission, err := database.UserHasPermission(user.Username, database.PermissionManageUsers)
if err != nil {
return false, err
}
if hasPermission && user.Username != username {
return false, nil
}
}
return true, nil
}