/
auth.go
144 lines (132 loc) · 3.19 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package auth
import (
"github.com/AskUbuntu/tbot/config"
"errors"
"path"
"time"
)
// Auth manages access to users. This includes adding and removing users. Only
// staff can change settings and only the administrator can perform user
// actions.
type Auth struct {
data *data
adminUser *User
}
func (a *Auth) get(username string) (*User, error) {
if username == "admin" {
return a.adminUser, nil
}
u, ok := a.data.Users[username]
if ok {
return u, nil
}
return nil, errors.New("user does not exist")
}
// New creates a new authenticator for registered users. A special entry is
// created for the admin user.
func New(config *config.Config) (*Auth, error) {
a := &Auth{
data: &data{
name: path.Join(config.DataPath, "auth_data.json"),
Users: make(map[string]*User),
},
adminUser: &User{
Type: AdminUser,
},
}
if err := a.adminUser.setPassword(config.AdminPassword); err != nil {
return nil, err
}
if err := a.data.load(); err != nil {
return nil, err
}
return a, nil
}
// Get retrieves a specific user.
func (a *Auth) Get(username string) (*User, error) {
a.data.Lock()
defer a.data.Unlock()
return a.get(username)
}
// Users returns a map of usernames to their account information.
func (a *Auth) Users() map[string]*User {
a.data.Lock()
defer a.data.Unlock()
return a.data.Users
}
// CreateUser creates a new user. Their randomly-generated password is
// returned if the process completes without error.
func (a *Auth) CreateUser(username, userType string) (string, error) {
u := &User{
Type: userType,
Created: time.Now(),
}
p, err := u.resetPassword()
if err != nil {
return "", err
}
a.data.Lock()
defer a.data.Unlock()
a.data.Users[username] = u
if err := a.data.save(); err != nil {
return "", err
}
return p, nil
}
// Authenticate attempts to authenticate the specified using their username
// and password. To make things harder for malicious users, there is no
// distinguishing between invalid usernames and invalid passwords.
func (a *Auth) Authenticate(username, password string) (*User, error) {
a.data.Lock()
defer a.data.Unlock()
u, err := a.get(username)
if err == nil {
if u.authenticate(password) {
return u, nil
}
}
return nil, errors.New("invalid username or password supplied")
}
// SetPassword attempts to set a new password for a user.
func (a *Auth) SetPassword(username, password string) error {
a.data.Lock()
defer a.data.Unlock()
u, err := a.get(username)
if err != nil {
return err
}
if err := u.setPassword(password); err != nil {
return err
}
if err := a.data.save(); err != nil {
return err
}
return nil
}
// ResetPassword attempts to reset a user's password.
func (a *Auth) ResetPassword(username string) (string, error) {
a.data.Lock()
defer a.data.Unlock()
u, err := a.get(username)
if err != nil {
return "", err
}
p, err := u.resetPassword()
if err != nil {
return "", err
}
if err := a.data.save(); err != nil {
return "", err
}
return p, nil
}
// Delete removes the specified user account.
func (a *Auth) Delete(username string) error {
a.data.Lock()
defer a.data.Unlock()
if _, err := a.get(username); err != nil {
return err
}
delete(a.data.Users, username)
return a.data.save()
}