wg-portal/internal/app/users/ldap_helper.go

package users

import (
	"fmt"
	"github.com/go-ldap/ldap/v3"
	"github.com/h44z/wg-portal/internal"
	"github.com/h44z/wg-portal/internal/config"
	"github.com/h44z/wg-portal/internal/domain"
	"strings"
	"time"
)

func convertRawLdapUser(providerName string, rawUser map[string]any, fields *config.LdapFields, adminGroupDN *ldap.DN) (*domain.User, error) {
	now := time.Now()

	isAdmin, err := internal.LdapIsMemberOf(rawUser[fields.GroupMembership].([][]byte), adminGroupDN)
	if err != nil {
		return nil, fmt.Errorf("failed to check admin group: %w", err)
	}

	return &domain.User{
		BaseModel: domain.BaseModel{
			CreatedBy: "ldap_sync",
			UpdatedBy: "ldap_sync",
			CreatedAt: now,
			UpdatedAt: now,
		},
		Identifier:   domain.UserIdentifier(internal.MapDefaultString(rawUser, fields.UserIdentifier, "")),
		Email:        strings.ToLower(internal.MapDefaultString(rawUser, fields.Email, "")),
		Source:       domain.UserSourceLdap,
		ProviderName: providerName,
		IsAdmin:      isAdmin,
		Firstname:    internal.MapDefaultString(rawUser, fields.Firstname, ""),
		Lastname:     internal.MapDefaultString(rawUser, fields.Lastname, ""),
		Phone:        internal.MapDefaultString(rawUser, fields.Phone, ""),
		Department:   internal.MapDefaultString(rawUser, fields.Department, ""),
		Notes:        "",
		Password:     "",
		Disabled:     nil,
	}, nil
}

func userChangedInLdap(dbUser, ldapUser *domain.User) bool {
	if dbUser.Firstname != ldapUser.Firstname {
		return true
	}
	if dbUser.Lastname != ldapUser.Lastname {
		return true
	}
	if dbUser.Email != ldapUser.Email {
		return true
	}
	if dbUser.Phone != ldapUser.Phone {
		return true
	}
	if dbUser.Department != ldapUser.Department {
		return true
	}

	if dbUser.IsDisabled() != ldapUser.IsDisabled() {
		return true
	}

	if dbUser.IsAdmin != ldapUser.IsAdmin {
		return true
	}

	return false
}
V2 alpha - initial version (#172) Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com> 2023-08-04 13:34:18 +02:00			`package users`

			`import (`
			`"fmt"`
			`"github.com/go-ldap/ldap/v3"`
			`"github.com/h44z/wg-portal/internal"`
			`"github.com/h44z/wg-portal/internal/config"`
			`"github.com/h44z/wg-portal/internal/domain"`
			`"strings"`
			`"time"`
			`)`

			`func convertRawLdapUser(providerName string, rawUser map[string]any, fields config.LdapFields, adminGroupDN ldap.DN) (*domain.User, error) {`
			`now := time.Now()`

			`isAdmin, err := internal.LdapIsMemberOf(rawUser[fields.GroupMembership].([][]byte), adminGroupDN)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to check admin group: %w", err)`
			`}`

			`return &domain.User{`
			`BaseModel: domain.BaseModel{`
			`CreatedBy: "ldap_sync",`
			`UpdatedBy: "ldap_sync",`
			`CreatedAt: now,`
			`UpdatedAt: now,`
			`},`
			`Identifier: domain.UserIdentifier(internal.MapDefaultString(rawUser, fields.UserIdentifier, "")),`
			`Email: strings.ToLower(internal.MapDefaultString(rawUser, fields.Email, "")),`
			`Source: domain.UserSourceLdap,`
			`ProviderName: providerName,`
			`IsAdmin: isAdmin,`
			`Firstname: internal.MapDefaultString(rawUser, fields.Firstname, ""),`
			`Lastname: internal.MapDefaultString(rawUser, fields.Lastname, ""),`
			`Phone: internal.MapDefaultString(rawUser, fields.Phone, ""),`
			`Department: internal.MapDefaultString(rawUser, fields.Department, ""),`
			`Notes: "",`
			`Password: "",`
			`Disabled: nil,`
			`}, nil`
			`}`

			`func userChangedInLdap(dbUser, ldapUser *domain.User) bool {`
			`if dbUser.Firstname != ldapUser.Firstname {`
			`return true`
			`}`
			`if dbUser.Lastname != ldapUser.Lastname {`
			`return true`
			`}`
			`if dbUser.Email != ldapUser.Email {`
			`return true`
			`}`
			`if dbUser.Phone != ldapUser.Phone {`
			`return true`
			`}`
			`if dbUser.Department != ldapUser.Department {`
			`return true`
			`}`

			`if dbUser.IsDisabled() != ldapUser.IsDisabled() {`
			`return true`
			`}`

			`if dbUser.IsAdmin != ldapUser.IsAdmin {`
			`return true`
			`}`

			`return false`
			`}`