gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-11-14 21:57:49 +08:00
Code Issues Projects Releases Packages Wiki Activity
netmaker/controllers/user.go

548 lines
17 KiB
Go
Raw Normal View History

first commit
2021-03-26 00:17:52 +08:00
package controller
import (
userdelete fixed
2021-04-18 02:03:01 +08:00
"encoding/json"
"errors"
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
"fmt"
userdelete fixed
2021-04-18 02:03:01 +08:00
"net/http"
"github.com/gorilla/mux"
initial commit
2022-09-14 03:25:56 +08:00
"github.com/gorilla/websocket"
began oauth implementation
2021-10-22 03:28:58 +08:00
"github.com/gravitl/netmaker/auth"
remade server logs
2021-12-07 04:31:08 +08:00
"github.com/gravitl/netmaker/logger"
began oauth implementation
2021-10-22 03:28:58 +08:00
"github.com/gravitl/netmaker/logic"
userdelete fixed
2021-04-18 02:03:01 +08:00
"github.com/gravitl/netmaker/models"
session management for remote access client (#2592) * feat(NET-584): wip: session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): only enable if client is disabled * feat(NET-584): check only for normal users * feat(NET-584): fix condition
2023-10-02 12:57:58 +08:00
"github.com/gravitl/netmaker/mq"
initial commit
2022-09-14 03:25:56 +08:00
"github.com/gravitl/netmaker/servercfg"
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
"golang.org/x/exp/slog"
initial commit
2022-09-14 03:25:56 +08:00
)
var (
upgrader = websocket.Upgrader{}
first commit
2021-03-26 00:17:52 +08:00
)
func userHandlers(r *mux.Router) {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
r.HandleFunc("/api/users/adm/hassuperadmin", hasSuperAdmin).Methods(http.MethodGet)
r.HandleFunc("/api/users/adm/createsuperadmin", createSuperAdmin).Methods(http.MethodPost)
r.HandleFunc("/api/users/adm/transfersuperadmin/{username}", logic.SecurityCheck(true, http.HandlerFunc(transferSuperAdmin))).Methods(http.MethodPost)
Replaced string methods with HTTP consts
2022-12-23 22:49:08 +08:00
r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods(http.MethodPost)
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUser))).Methods(http.MethodPut)
[NET-494 / ACC-322] New free tier limits (#2495) * Rename var * Rename consts and use iota * Use switch instead of repeated else if * Rename limits related vars * Introduce new free tier limits * Measure new limits and report on license validation * Separate usage and limits, have new ones * Don't check for hosts and clients limits, but for machines instead * Error on egress creation @ free tier w/ internet gateways * Remove clients and hosts limit from code * Rename var * Rename consts and use iota * Use switch instead of repeated else if * Rename limits related vars * Introduce new free tier limits * Measure new limits and report on license validation * Separate usage and limits, have new ones * Don't check for hosts and clients limits, but for machines instead * Error on egress creation @ free tier w/ internet gateways * Remove clients and hosts limit from code
2023-08-09 01:47:49 +08:00
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceUsers, http.HandlerFunc(createUser)))).Methods(http.MethodPost)
Replaced string methods with HTTP consts
2022-12-23 22:49:08 +08:00
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(deleteUser))).Methods(http.MethodDelete)
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUser)))).Methods(http.MethodGet)
r.HandleFunc("/api/users", logic.SecurityCheck(true, http.HandlerFunc(getUsers))).Methods(http.MethodGet)
r.HandleFunc("/api/oauth/login", auth.HandleAuthLogin).Methods(http.MethodGet)
r.HandleFunc("/api/oauth/callback", auth.HandleAuthCallback).Methods(http.MethodGet)
add headless sso login
2023-01-02 15:48:40 +08:00
r.HandleFunc("/api/oauth/headless", auth.HandleHeadlessSSO)
adapted sso to host registration
2023-04-13 23:36:13 +08:00
r.HandleFunc("/api/oauth/register/{regKey}", auth.RegisterHostSSO).Methods(http.MethodGet)
first commit
2021-03-26 00:17:52 +08:00
}
open api spec file (#2595) * remove usergroup * superadmin * superadmin creation * generate openapi spec file * statticcheck * review comments
2023-10-04 14:26:38 +08:00
// swagger:route POST /api/users/adm/authenticate authenticate authenticateUser
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
open api spec file (#2595) * remove usergroup * superadmin * superadmin creation * generate openapi spec file * statticcheck * review comments
2023-10-04 14:26:38 +08:00
// User authenticates using its password and retrieves a JWT for authorization.
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: successResponse
first commit
2021-03-26 00:17:52 +08:00
func authenticateUser(response http.ResponseWriter, request *http.Request) {
revert changes to comments before functions
2021-10-16 20:01:38 +08:00
// Auth request consists of Mac Address and Password (from node that is authorizing
// in case of Master, auth is ignored and mac is set to "mastermac"
userdelete fixed
2021-04-18 02:03:01 +08:00
var authRequest models.UserAuthParams
var errorResponse = models.ErrorResponse{
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
}
initial commit
2022-09-14 03:25:56 +08:00
if !servercfg.IsBasicAuthEnabled() {
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
initial commit
2022-09-14 03:25:56 +08:00
return
}
userdelete fixed
2021-04-18 02:03:01 +08:00
decoder := json.NewDecoder(request.Body)
decoderErr := decoder.Decode(&authRequest)
defer request.Body.Close()
if decoderErr != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, "error decoding request body: ",
decoderErr.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, errorResponse)
adding returns for auth to remove superfluous writeheader calls
2021-03-27 04:13:51 +08:00
return
userHttpController tests complete
2021-04-30 06:14:13 +08:00
}
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
username := authRequest.UserName
good first draft, fixed test
2021-10-22 08:32:23 +08:00
jwt, err := logic.VerifyAuthRequest(authRequest)
userHttpController tests complete
2021-04-30 06:14:13 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, username, "user validation failed: ",
err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "badrequest"))
updated test/user tests
2021-04-30 23:30:19 +08:00
return
userHttpController tests complete
2021-04-30 06:14:13 +08:00
}
if jwt == "" {
revert changes to comments before functions
2021-10-16 20:01:38 +08:00
// very unlikely that err is !nil and no jwt returned, but handle it anyways.
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, username, "jwt token is empty")
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("no token returned"), "internal"))
userHttpController tests complete
2021-04-30 06:14:13 +08:00
return
}
var successResponse = models.SuccessResponse{
Code: http.StatusOK,
added logging
2021-07-19 23:30:27 +08:00
Message: "W1R3: Device " + username + " Authorized",
userHttpController tests complete
2021-04-30 06:14:13 +08:00
Response: models.SuccessfulUserLoginResponse{
AuthToken: jwt,
added logging
2021-07-19 23:30:27 +08:00
UserName: username,
userHttpController tests complete
2021-04-30 06:14:13 +08:00
},
}
revert changes to comments before functions
2021-10-16 20:01:38 +08:00
// Send back the JWT
userHttpController tests complete
2021-04-30 06:14:13 +08:00
successJSONResponse, jsonError := json.Marshal(successResponse)
if jsonError != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, username,
"error marshalling resp: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(response, request, errorResponse)
userHttpController tests complete
2021-04-30 06:14:13 +08:00
return
first commit
2021-03-26 00:17:52 +08:00
}
remade server logs
2021-12-07 04:31:08 +08:00
logger.Log(2, username, "was authenticated")
userHttpController tests complete
2021-04-30 06:14:13 +08:00
response.Header().Set("Content-Type", "application/json")
response.Write(successJSONResponse)
session management for remote access client (#2592) * feat(NET-584): wip: session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): session mgmt for RAC * feat(NET-584): only enable if client is disabled * feat(NET-584): check only for normal users * feat(NET-584): fix condition
2023-10-02 12:57:58 +08:00
go func() {
if servercfg.IsPro && servercfg.GetRacAutoDisable() {
// enable all associeated clients for the user
clients, err := logic.GetAllExtClients()
if err != nil {
slog.Error("error getting clients: ", "error", err)
return
}
for _, client := range clients {
if client.OwnerID == username && !client.Enabled {
slog.Info(fmt.Sprintf("enabling ext client %s for user %s due to RAC autodisabling feature", client.ClientID, client.OwnerID))
if newClient, err := logic.ToggleExtClientConnectivity(&client, true); err != nil {
slog.Error("error disabling ext client in RAC autodisable hook", "error", err)
continue // dont return but try for other clients
} else {
// publish peer update to ingress gateway
if ingressNode, err := logic.GetNodeByID(newClient.IngressGatewayID); err == nil {
if err = mq.PublishPeerUpdate(); err != nil {
slog.Error("error updating ext clients on", "ingress", ingressNode.ID.String(), "err", err.Error())
}
}
}
}
}
}
}()
userHttpController tests complete
2021-04-30 06:14:13 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
// swagger:route GET /api/users/adm/hassuperadmin user hasSuperAdmin
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
// Checks whether the server has an admin.
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
open api spec file (#2595) * remove usergroup * superadmin * superadmin creation * generate openapi spec file * statticcheck * review comments
2023-10-04 14:26:38 +08:00
// 200: hasAdmin
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
func hasSuperAdmin(w http.ResponseWriter, r *http.Request) {
first commit
2021-03-26 00:17:52 +08:00
w.Header().Set("Content-Type", "application/json")
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
hasSuperAdmin, err := logic.HasSuperAdmin()
fixing login err
2021-08-10 01:30:40 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, "failed to check for admin: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
fixing login err
2021-08-10 01:30:40 +08:00
return
fixed user tests
2021-09-06 22:36:14 +08:00
}
first commit
2021-03-26 00:17:52 +08:00
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
json.NewEncoder(w).Encode(hasSuperAdmin)
first commit
2021-03-26 00:17:52 +08:00
}
Fix sections for /server/ and /users/ paths in Swagger docs
2022-09-15 20:47:48 +08:00
// swagger:route GET /api/users/{username} user getUser
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
// Get an individual user.
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
first commit
2021-03-26 00:17:52 +08:00
func getUser(w http.ResponseWriter, r *http.Request) {
// set header.
w.Header().Set("Content-Type", "application/json")
userdelete fixed
2021-04-18 02:03:01 +08:00
var params = mux.Vars(r)
added logging
2021-07-19 23:30:27 +08:00
usernameFetched := params["username"]
Don't expose user hashed password (#2419)
2023-06-26 13:23:00 +08:00
user, err := logic.GetReturnUser(usernameFetched)
first commit
2021-03-26 00:17:52 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, usernameFetched, "failed to fetch user: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
first commit
2021-03-26 00:17:52 +08:00
return
}
remade server logs
2021-12-07 04:31:08 +08:00
logger.Log(2, r.Header.Get("user"), "fetched user", usernameFetched)
first commit
2021-03-26 00:17:52 +08:00
json.NewEncoder(w).Encode(user)
}
Fix sections for /server/ and /users/ paths in Swagger docs
2022-09-15 20:47:48 +08:00
// swagger:route GET /api/users user getUsers
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
Update swagger docs
2022-09-11 12:51:59 +08:00
// Get all users.
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
multitenancy working
2021-07-02 12:03:46 +08:00
func getUsers(w http.ResponseWriter, r *http.Request) {
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
// set header.
w.Header().Set("Content-Type", "application/json")
multitenancy working
2021-07-02 12:03:46 +08:00
began oauth implementation
2021-10-22 03:28:58 +08:00
users, err := logic.GetUsers()
multitenancy working
2021-07-02 12:03:46 +08:00
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, "failed to fetch users: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
return
}
multitenancy working
2021-07-02 12:03:46 +08:00
Added user sorting and fixed error
2023-04-04 02:36:38 +08:00
logic.SortUsers(users[:])
remade server logs
2021-12-07 04:31:08 +08:00
logger.Log(2, r.Header.Get("user"), "fetched users")
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
json.NewEncoder(w).Encode(users)
multitenancy working
2021-07-02 12:03:46 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
// swagger:route POST /api/users/adm/createsuperadmin user createAdmin
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
// Make a user an admin.
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
func createSuperAdmin(w http.ResponseWriter, r *http.Request) {
first commit
2021-03-26 00:17:52 +08:00
w.Header().Set("Content-Type", "application/json")
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
var u models.User
refactored and added unit test
2021-10-15 04:36:14 +08:00
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
err := json.NewDecoder(r.Body).Decode(&u)
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
slog.Error("error decoding request body", "error", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
return
}
updated test/user tests
2021-04-30 23:30:19 +08:00
initial commit
2022-09-14 03:25:56 +08:00
if !servercfg.IsBasicAuthEnabled() {
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
initial commit
2022-09-14 03:25:56 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
err = logic.CreateSuperAdmin(&u)
userdelete fixed
2021-04-18 02:03:01 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
slog.Error("failed to create admin", "error", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
userdelete fixed
2021-04-18 02:03:01 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
logger.Log(1, u.UserName, "was made a super admin")
json.NewEncoder(w).Encode(logic.ToReturnUser(u))
first commit
2021-03-26 00:17:52 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
// swagger:route POST /api/users/adm/transfersuperadmin user transferSuperAdmin
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
// Transfers superadmin role to an admin user.
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
w.Header().Set("Content-Type", "application/json")
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
caller, err := logic.GetUser(r.Header.Get("user"))
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
if !caller.IsSuperAdmin {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only superadmin can assign the superadmin role to another user"), "forbidden"))
return
}
var params = mux.Vars(r)
username := params["username"]
u, err := logic.GetUser(username)
if err != nil {
slog.Error("error getting user", "user", u.UserName, "error", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
if !u.IsAdmin {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only admins can be promoted to superadmin role"), "forbidden"))
return
}
if !servercfg.IsBasicAuthEnabled() {
logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"))
return
}
initial commit
2022-09-14 03:25:56 +08:00
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
u.IsSuperAdmin = true
u.IsAdmin = false
err = logic.UpsertUser(*u)
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
slog.Error("error updating user to superadmin: ", "user", u.UserName, "error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
caller.IsSuperAdmin = false
caller.IsAdmin = true
err = logic.UpsertUser(*caller)
if err != nil {
slog.Error("error demoting user to admin: ", "user", caller.UserName, "error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
slog.Info("user was made a super admin", "user", u.UserName)
json.NewEncoder(w).Encode(logic.ToReturnUser(*u))
multitenancy working
2021-07-02 12:03:46 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
// swagger:route POST /api/users/{username} user createUser
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
// Create a user.
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
func createUser(w http.ResponseWriter, r *http.Request) {
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
w.Header().Set("Content-Type", "application/json")
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
caller, err := logic.GetUser(r.Header.Get("user"))
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
if err != nil {
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
var user models.User
err = json.NewDecoder(r.Body).Decode(&user)
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
logger.Log(0, user.UserName, "error decoding request body: ",
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
if !caller.IsSuperAdmin && user.IsAdmin {
err = errors.New("only superadmin can create admin users")
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
if user.IsSuperAdmin {
err = errors.New("additional superadmins cannot be created")
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
err = logic.CreateUser(&user)
Don't expose user hashed password (#2419)
2023-06-26 13:23:00 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
slog.Error("error creating new user: ", "user", user.UserName, "error", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
NET-53 Fixed user update returns old data (#2312) * fixed gids in user update * review comments * review comments * review comments
2023-05-23 05:57:32 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
slog.Info("user was created", "username", user.UserName)
json.NewEncoder(w).Encode(logic.ToReturnUser(user))
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
}
Fix sections for /server/ and /users/ paths in Swagger docs
2022-09-15 20:47:48 +08:00
// swagger:route PUT /api/users/{username} user updateUser
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
// Update a user.
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
first commit
2021-03-26 00:17:52 +08:00
func updateUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var params = mux.Vars(r)
revert changes to comments before functions
2021-10-16 20:01:38 +08:00
// start here
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
var caller *models.User
var err error
var ismaster bool
if r.Header.Get("user") == logic.MasterUser {
ismaster = true
} else {
caller, err = logic.GetUser(r.Header.Get("user"))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
add checks to user update processing
2023-03-31 03:10:17 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
added logging
2021-07-19 23:30:27 +08:00
username := params["username"]
Refactored user functions to use refrences rather than values
2022-12-21 04:10:40 +08:00
user, err := logic.GetUser(username)
userdelete fixed
2021-04-18 02:03:01 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, username,
"failed to update user info: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
userdelete fixed
2021-04-18 02:03:01 +08:00
return
}
var userchange models.User
// we decode our body request params
err = json.NewDecoder(r.Body).Decode(&userchange)
first commit
2021-03-26 00:17:52 +08:00
if err != nil {
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
slog.Error("failed to decode body", "error ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
userdelete fixed
2021-04-18 02:03:01 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
if user.UserName != userchange.UserName {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("user in param and request body not matching"), "badrequest"))
add checks to user update processing
2023-03-31 03:10:17 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
selfUpdate := false
if !ismaster && caller.UserName == user.UserName {
selfUpdate = true
first commit
2021-03-26 00:17:52 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
if !ismaster && !selfUpdate {
if caller.IsAdmin && user.IsSuperAdmin {
slog.Error("non-superadmin user", "caller", caller.UserName, "attempted to update superadmin user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"))
return
}
if !caller.IsAdmin && !caller.IsSuperAdmin {
slog.Error("operation not allowed", "caller", caller.UserName, "attempted to update user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"))
return
}
if caller.IsAdmin && user.IsAdmin {
slog.Error("admin user cannot update another admin", "caller", caller.UserName, "attempted to update admin user", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("admin user cannot update another admin"), "forbidden"))
return
}
if caller.IsAdmin && userchange.IsAdmin {
err = errors.New("admin user cannot update role of an another user to admin")
slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
}
if !ismaster && selfUpdate {
if user.IsAdmin != userchange.IsAdmin || user.IsSuperAdmin != userchange.IsSuperAdmin {
slog.Error("user cannot change his own role", "caller", caller.UserName, "attempted to update user role", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("user not allowed to self assign role"), "forbidden"))
return
}
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
if ismaster {
if !user.IsSuperAdmin && userchange.IsSuperAdmin {
slog.Error("operation not allowed", "caller", logic.MasterUser, "attempted to update user role to superadmin", username)
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("attempted to update user role to superadmin"), "forbidden"))
return
}
}
NET-647: Allow Role Update of OAuth User (#2609) * allow update of oauth user role * allow update of role for an oauth user
2023-10-04 14:15:41 +08:00
if auth.IsOauthUser(user) == nil && userchange.Password != "" {
err := fmt.Errorf("cannot update user's password for an oauth user %s", username)
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
added ability for admisn to change user's networks
2021-10-26 02:51:52 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
Refactored user functions to use refrences rather than values
2022-12-21 04:10:40 +08:00
user, err = logic.UpdateUser(&userchange, user)
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, username,
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
"failed to update user info: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
Added logging and user specific requests
2021-07-15 04:47:05 +08:00
return
}
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
logger.Log(1, username, "was updated")
Don't expose user hashed password (#2419)
2023-06-26 13:23:00 +08:00
json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
multitenancy working
2021-07-02 12:03:46 +08:00
}
Fix sections for /server/ and /users/ paths in Swagger docs
2022-09-15 20:47:48 +08:00
// swagger:route DELETE /api/users/{username} user deleteUser
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
// Delete a user.
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Schemes: https
Added swagger for API docs.
2022-09-06 20:20:24 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Security:
// oauth
Update swagger docs
2022-09-11 12:51:59 +08:00
//
add headless sso login
2023-01-02 15:48:40 +08:00
// Responses:
// 200: userBodyResponse
first commit
2021-03-26 00:17:52 +08:00
func deleteUser(w http.ResponseWriter, r *http.Request) {
// Set header
w.Header().Set("Content-Type", "application/json")
// get params
var params = mux.Vars(r)
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
caller, err := logic.GetUser(r.Header.Get("user"))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
}
added logging
2021-07-19 23:30:27 +08:00
username := params["username"]
NET-551: User Mgmt Re-Design (#2547) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix
2023-09-01 16:57:08 +08:00
user, err := logic.GetUser(username)
if err != nil {
logger.Log(0, username,
"failed to update user info: ", err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
if user.IsSuperAdmin {
slog.Error(
"failed to delete user: ", "user", username, "error", "superadmin cannot be deleted")
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
if !caller.IsSuperAdmin {
if caller.IsAdmin && user.IsAdmin {
slog.Error(
"failed to delete user: ", "user", username, "error", "admin cannot delete another admin user")
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
}
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
success, err := logic.DeleteUser(username)
fixing runtime panic on user delete
2021-04-15 10:59:25 +08:00
if err != nil {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
logger.Log(0, username,
"failed to delete user: ", err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
first commit
2021-03-26 00:17:52 +08:00
return
fixing runtime panic on user delete
2021-04-15 10:59:25 +08:00
} else if !success {
GRA-414: added additional logs for user controllers
2022-07-12 18:49:49 +08:00
err := errors.New("delete unsuccessful")
logger.Log(0, username, err.Error())
refactoring for ee
2022-09-15 01:26:31 +08:00
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
userdelete fixed
2021-04-18 02:03:01 +08:00
return
}
first commit
2021-03-26 00:17:52 +08:00
remade server logs
2021-12-07 04:31:08 +08:00
logger.Log(1, username, "was deleted")
first commit
2021-03-26 00:17:52 +08:00
json.NewEncoder(w).Encode(params["username"] + " deleted.")
}
initial commit
2022-09-14 03:25:56 +08:00
// Called when vpn client dials in to start the auth flow and first stage is to get register URL itself
func socketHandler(w http.ResponseWriter, r *http.Request) {
// Upgrade our raw HTTP connection to a websocket based one
conn, err := upgrader.Upgrade(w, r, nil)
if err != nil {
PR comments addressed
2022-09-15 22:23:19 +08:00
logger.Log(0, "error during connection upgrade for node sign-in:", err.Error())
return
}
if conn == nil {
logger.Log(0, "failed to establish web-socket connection during node sign-in")
initial commit
2022-09-14 03:25:56 +08:00
return
}
// Start handling the session
adapted sso to host registration
2023-04-13 23:36:13 +08:00
go auth.SessionHandler(conn)
initial commit
2022-09-14 03:25:56 +08:00
}
Reference in a new issue Copy permalink