mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-03-03 14:57:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Reject new account if id, mail or username already exists

Browse Source
This commit is contained in:
Benedikt Kulmann
2020-09-15 19:41:38 +02:00
parent 061f12020f
commit 0272dc269e
1 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
pkg/service/v0/accounts.go
View File

@@ -157,6 +157,41 @@ func (s Service) passwordIsValid(hash string, pwd string) (ok bool) {
return c.Verify(hash, []byte(pwd)) == nil
}
func (s Service) accountExists(ctx context.Context, username, mail, id string) (exists bool, err error) {
// only search for accounts
tq := bleve.NewTermQuery("account")
tq.SetField("bleve_type")
query := bleve.NewConjunctionQuery(tq)
// parse the query like an odata filter
var q *godata.GoDataFilterQuery
queryUsername := fmt.Sprintf("on_premises_sam_account_name eq '%s'", username)
queryMail := fmt.Sprintf("mail eq '%s'", mail)
queryID := fmt.Sprintf("id eq '%s'", id)
if q, err = godata.ParseFilterString(queryUsername + " or " + queryMail + " or " + queryID); err != nil {
s.log.Error().Err(err).Msg("could not parse query")
return false, merrors.InternalServerError(s.id, "could not parse query: %v", err.Error())
}
// convert to bleve query
bq, err := provider.BuildBleveQuery(q)
if err != nil {
s.log.Error().Err(err).Msg("could not build bleve query")
return false, merrors.InternalServerError(s.id, "could not build bleve query: %v", err.Error())
}
query.AddQuery(bq)
searchRequest := bleve.NewSearchRequest(query)
var searchResult *bleve.SearchResult
searchResult, err = s.index.Search(searchRequest)
if err != nil {
s.log.Error().Err(err).Msg("could not execute bleve search")
return false, merrors.InternalServerError(s.id, "could not execute bleve search: %v", err.Error())
}
return searchResult.Total > 0, nil
}
func (s Service) hasAccountManagementPermissions(ctx context.Context) bool {
// get roles from context
roleIDs, ok := roles.ReadRoleIDsFromContext(ctx)
@@ -327,6 +362,14 @@ func (s Service) CreateAccount(ctx context.Context, in *proto.CreateAccountReque
return merrors.InternalServerError(s.id, "could not clean up account id: %v", err.Error())
}
exists, err := s.accountExists(ctx, acc.PreferredName, acc.Mail, acc.Id)
if err != nil {
return merrors.InternalServerError(s.id, "could not check if account exists: %v", err.Error())
}
if exists {
return merrors.BadRequest(s.id, "account already exists")
}
if acc.PasswordProfile != nil {
if acc.PasswordProfile.Password != "" {
// encrypt password