-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathuser.go
169 lines (141 loc) · 3.83 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
package ldap4gin
import (
"fmt"
"regexp"
"strconv"
"strings"
"time"
"github.com/go-ldap/ldap/v3"
)
// User depicts profile of authorized user
type User struct {
// General
DN string // dn: uid=sveta,ou=people,dc=vodolaz095,dc=life
UID string //uid: sveta
// Names
GivenName string // `givenname` - Svetlana
CommonName string // `cn` - Svetlana Belaya
Initials string // `initials` - SA
Surname string // `sn` - Belaya
// work specific
Organization string // o: R&D
OrganizationUnit string // ou: Laboratory 47
Title string // title: developer
Description string // description: writes code
// Internet related
Website string // labeleduri: https://vodolaz095.life
Emails []string // `mail` user can have few emails
// Linux specific
UIDNumber uint64 // uidnumber 1000
GIDNumber uint64 // gidnumber 1000
HomeDirectory string // homedirectory: /home/sveta
LoginShell string // loginshell - /bin/bash
// groups
Groups []Group
// Raw entry extracted from LDAP
Entry *ldap.Entry
ExpiresAt time.Time
}
// Expired returns true, if user profile should be reloaded from ldap database
func (u *User) Expired() bool {
if u.ExpiresAt.IsZero() {
return false
}
return u.ExpiresAt.Before(time.Now())
}
// HasGroupByGID checks, if user is a member of group with this GID
func (u *User) HasGroupByGID(gid string) (ok bool) {
for i := range u.Groups {
if ok {
break
}
ok = u.Groups[i].GID == gid
}
return
}
// HasGroupByName checks, if user is a member of group with this name
func (u *User) HasGroupByName(name string) (ok bool) {
for i := range u.Groups {
if ok {
break
}
ok = u.Groups[i].Name == name
}
return
}
// PrintGroups returns string of user groups in easy to read format
func (u *User) PrintGroups() string {
out := make([]string, len(u.Groups))
for i := range u.Groups {
out[i] = fmt.Sprintf("%s(%s)", u.Groups[i].Name, u.Groups[i].GID)
}
return strings.Join(out, ",")
}
// String returns pretty print repserentation for user
func (u *User) String() string {
return u.CommonName + "(" + u.DN + ")"
}
// GetDefaultFields returns fields we extract from LDAP by default
func GetDefaultFields() []string {
return []string{
"dn",
"uid",
"givenName",
"cn",
"initials",
"sn",
"o",
"ou",
"title",
"description",
"labeledURI",
"mail",
"uidNumber",
"gidNumber",
"homeDirectory",
"loginShell",
}
}
func loadUserFromEntry(entry *ldap.Entry) (user *User, err error) {
user = &User{
DN: entry.DN,
UID: entry.GetAttributeValue("uid"),
Initials: entry.GetAttributeValue("initials"),
GivenName: entry.GetAttributeValue("givenName"),
CommonName: entry.GetAttributeValue("cn"),
Surname: entry.GetAttributeValue("sn"),
Organization: entry.GetAttributeValue("o"),
OrganizationUnit: entry.GetAttributeValue("ou"),
Description: entry.GetAttributeValue("description"),
Title: entry.GetAttributeValue("title"),
Website: entry.GetAttributeValue("labeledURI"),
HomeDirectory: entry.GetAttributeValue("homeDirectory"),
LoginShell: entry.GetAttributeValue("loginShell"),
Entry: entry,
}
var gidAsInt, uidAsInt uint64
uid := entry.GetAttributeValue("uidNumber")
if uid != "" {
uidAsInt, err = strconv.ParseUint(uid, 10, 32)
if err != nil {
err = fmt.Errorf("%s : while parsing uidNumber %s of user %s", err, uid, user.DN)
return
}
user.UIDNumber = uidAsInt
}
gid := entry.GetAttributeValue("gidNumber")
if gid != "" {
gidAsInt, err = strconv.ParseUint(uid, 10, 32)
if err != nil {
err = fmt.Errorf("%s : while parsing gidNumber %s of user %s", err, gid, user.DN)
return
}
user.GIDNumber = gidAsInt
}
emails := entry.GetRawAttributeValues("mail")
for _, email := range emails {
user.Emails = append(user.Emails, string(email))
}
return
}
var usernameRegexp *regexp.Regexp