lsm/mindoc
1
0
Fork 0
mirror of https://github.com/mindoc-org/mindoc.git synced 2025-05-08 07:37:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #39 from naokij/ldap

Browse Source 
实现ldap功能
This commit is contained in:
Minho 2017-05-25 08:58:29 +08:00 committed by GitHub
commit 2b1ba118c4
4 changed files with 165 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
commands/install.go
View File

@ -32,7 +32,6 @@ func initialization() {
o := orm.NewOrm() o := orm.NewOrm()
_, err := o.Raw(`INSERT INTO md_options (option_title, option_name, option_value) SELECT '是否启用注册','ENABLED_REGISTER','false' WHERE NOT exists(SELECT * FROM md_options WHERE option_name = 'ENABLED_REGISTER');`).Exec() _, err := o.Raw(`INSERT INTO md_options (option_title, option_name, option_value) SELECT '是否启用注册','ENABLED_REGISTER','false' WHERE NOT exists(SELECT * FROM md_options WHERE option_name = 'ENABLED_REGISTER');`).Exec()
if err != nil { if err != nil {
@ -64,6 +63,7 @@ func initialization() {
member.Account = "admin" member.Account = "admin"
member.Avatar = "/static/images/headimgurl.jpg" member.Avatar = "/static/images/headimgurl.jpg"
member.Password = "123456" member.Password = "123456"
member.AuthMethod = "local"
member.Role = 0 member.Role = 0
member.Email = "admin@iminho.me" member.Email = "admin@iminho.me"

22
conf/app.conf.example
View File

@ -77,11 +77,23 @@ cdnimg=
################百度地图密钥################# ################百度地图密钥#################
baidumapkey= baidumapkey=
################Active Directory/LDAP################
#是否启用ldap
ldap_enable=false
#ldap主机名
ldap_host=ad.example.com
#ldap端口
ldap_port=3268
#ldap内哪个属性作为用户名
ldap_attribute=sAMAccountName
#搜索范围
ldap_base=DC=example,DC=com
#第一次绑定ldap用户dn
ldap_user=CN=ldap helper,OU=example.com,DC=example,DC=com
#第一次绑定ldap用户密码
ldap_password=superSecret
#自动注册用户角色0 超级管理员 /1 管理员/ 2 普通用户
ldap_user_role=2

11
models/errors.go
View File

@ -9,6 +9,17 @@ var(
ErrMemberDisabled = errors.New("用户被禁用") ErrMemberDisabled = errors.New("用户被禁用")
// ErrorMemberPasswordError 密码错误. // ErrorMemberPasswordError 密码错误.
ErrorMemberPasswordError = errors.New("用户密码错误") ErrorMemberPasswordError = errors.New("用户密码错误")
//ErrorMemberAuthMethodInvalid 不支持此认证方式
ErrMemberAuthMethodInvalid = errors.New("不支持此认证方式")
//ErrLDAPConnect 无法连接到LDAP服务器
ErrLDAPConnect = errors.New("无法连接到LDAP服务器")
//ErrLDAPFirstBind 第一次LDAP绑定失败
ErrLDAPFirstBind = errors.New("第一次LDAP绑定失败")
//ErrLDAPSearch LDAP搜索失败
ErrLDAPSearch = errors.New("LDAP搜索失败")
//ErrLDAPUserNotFoundOrTooMany
ErrLDAPUserNotFoundOrTooMany = errors.New("LDAP用户不存在或者多于一个")
// ErrDataNotExist 指定的服务已存在. // ErrDataNotExist 指定的服务已存在.
ErrDataNotExist = errors.New("数据不存在") ErrDataNotExist = errors.New("数据不存在")

112
models/member.go
View File

@ -2,20 +2,27 @@
package models package models
import ( import (
"time"
"github.com/astaxie/beego/orm"
"github.com/lifei6671/godoc/utils"
"github.com/lifei6671/godoc/conf"
"github.com/astaxie/beego/logs"
"errors" "errors"
"fmt"
"regexp" "regexp"
"strings" "strings"
"time"
ldap "gopkg.in/ldap.v2"
"github.com/astaxie/beego"
"github.com/astaxie/beego/logs"
"github.com/astaxie/beego/orm"
"github.com/lifei6671/godoc/conf"
"github.com/lifei6671/godoc/utils"
) )
type Member struct { type Member struct {
MemberId int `orm:"pk;auto;unique;column(member_id)" json:"member_id"` MemberId int `orm:"pk;auto;unique;column(member_id)" json:"member_id"`
Account string `orm:"size(100);unique;column(account)" json:"account"` Account string `orm:"size(100);unique;column(account)" json:"account"`
Password string `orm:"size(1000);column(password)" json:"-"` Password string `orm:"size(1000);column(password)" json:"-"`
//认证方式: local 本地数据库 /ldap LDAP
AuthMethod string `orm:"size(10);column(auth_method);default(local)" json:"auth_method)"`
Description string `orm:"column(description);size(2000)" json:"description"` Description string `orm:"column(description);size(2000)" json:"description"`
Email string `orm:"size(100);column(email);unique" json:"email"` Email string `orm:"size(100);column(email);unique" json:"email"`
Phone string `orm:"size(255);column(phone);null;default(null)" json:"phone"` Phone string `orm:"size(255);column(phone);null;default(null)" json:"phone"`
@ -27,13 +34,13 @@ type Member struct {
CreateTime time.Time `orm:"type(datetime);column(create_time);auto_now_add" json:"create_time"` CreateTime time.Time `orm:"type(datetime);column(create_time);auto_now_add" json:"create_time"`
CreateAt int `orm:"type(int);column(create_at)" json:"create_at"` CreateAt int `orm:"type(int);column(create_at)" json:"create_at"`
LastLoginTime time.Time `orm:"type(datetime);column(last_login_time);null" json:"last_login_time"` LastLoginTime time.Time `orm:"type(datetime);column(last_login_time);null" json:"last_login_time"`
} }
// TableName 获取对应数据库表名. // TableName 获取对应数据库表名.
func (m *Member) TableName() string { func (m *Member) TableName() string {
return "members" return "members"
} }
// TableEngine 获取数据使用的引擎. // TableEngine 获取数据使用的引擎.
func (m *Member) TableEngine() string { func (m *Member) TableEngine() string {
return "INNODB" return "INNODB"
@ -53,25 +60,86 @@ func (m *Member) Login(account string,password string) (*Member,error) {
member := &Member{} member := &Member{}
err := o.QueryTable(m.TableNameWithPrefix()).Filter("account",account).Filter("status",0).One(member); err := o.QueryTable(m.TableNameWithPrefix()).Filter("account", account).Filter("status", 0).One(member)
if err != nil { if err != nil {
if beego.AppConfig.DefaultBool("ldap_enable", false) == true {
logs.Info("转入LDAP登陆")
return member.ldapLogin(account, password)
} else {
logs.Error("用户登录 => ", err) logs.Error("用户登录 => ", err)
return member, ErrMemberNoExist return member, ErrMemberNoExist
} }
}
ok,err := utils.PasswordVerify(member.Password,password) ; switch member.AuthMethod {
case "local":
ok, err := utils.PasswordVerify(member.Password, password)
if ok && err == nil { if ok && err == nil {
m.ResolveRoleName() m.ResolveRoleName()
return member, nil return member, nil
} }
case "ldap":
return member.ldapLogin(account, password)
default:
return member, ErrMemberAuthMethodInvalid
}
return member, ErrorMemberPasswordError return member, ErrorMemberPasswordError
} }
//ldapLogin 通过LDAP登陆
func (m *Member) ldapLogin(account string, password string) (*Member, error) {
if beego.AppConfig.DefaultBool("ldap_enable", false) == false {
return m, ErrMemberAuthMethodInvalid
}
var err error
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", beego.AppConfig.String("ldap_host"), beego.AppConfig.DefaultInt("ldap_port", 3268)))
if err != nil {
return m, ErrLDAPConnect
}
defer lc.Close()
err = lc.Bind(beego.AppConfig.String("ldap_user"), beego.AppConfig.String("ldap_password"))
if err != nil {
return m, ErrLDAPFirstBind
}
searchRequest := ldap.NewSearchRequest(
beego.AppConfig.String("ldap_base"),
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=User)(%s=%s))", beego.AppConfig.String("ldap_attribute"), account),
[]string{"dn", "mail"},
nil,
)
searchResult, err := lc.Search(searchRequest)
if err != nil {
return m, ErrLDAPSearch
}
if len(searchResult.Entries) != 1 {
return m, ErrLDAPUserNotFoundOrTooMany
}
userdn := searchResult.Entries[0].DN
err = lc.Bind(userdn, password)
if err != nil {
return m, ErrorMemberPasswordError
}
if m.Account == "" {
m.Account = account
m.Email = searchResult.Entries[0].GetAttributeValue("mail")
m.AuthMethod = "ldap"
m.Avatar = "/static/images/headimgurl.jpg"
m.Role = beego.AppConfig.DefaultInt("ldap_user_role", 2)
err = m.Add()
if err != nil {
logs.Error("自动注册LDAP用户错误", err)
return m, ErrorMemberPasswordError
}
m.ResolveRoleName()
}
return m, nil
}
// Add 添加一个用户. // Add 添加一个用户.
func (m *Member) Add () (error) { func (m *Member) Add() error {
o := orm.NewOrm() o := orm.NewOrm()
if ok, err := regexp.MatchString(conf.RegexpAccount, m.Account); m.Account == "" || !ok || err != nil { if ok, err := regexp.MatchString(conf.RegexpAccount, m.Account); m.Account == "" || !ok || err != nil {
@ -83,14 +151,16 @@ func (m *Member) Add () (error) {
if ok, err := regexp.MatchString(conf.RegexpEmail, m.Email); !ok || err != nil || m.Email == "" { if ok, err := regexp.MatchString(conf.RegexpEmail, m.Email); !ok || err != nil || m.Email == "" {
return errors.New("邮箱格式不正确") return errors.New("邮箱格式不正确")
} }
if m.AuthMethod == "local" {
if l := strings.Count(m.Password, ""); l < 6 || l >= 50 { if l := strings.Count(m.Password, ""); l < 6 || l >= 50 {
return errors.New("密码不能为空且必须在6-50个字符之间") return errors.New("密码不能为空且必须在6-50个字符之间")
} }
}
if c, err := o.QueryTable(m.TableNameWithPrefix()).Filter("email", m.Email).Count(); err == nil && c > 0 { if c, err := o.QueryTable(m.TableNameWithPrefix()).Filter("email", m.Email).Count(); err == nil && c > 0 {
return errors.New("邮箱已被使用") return errors.New("邮箱已被使用")
} }
hash ,err := utils.PasswordHash(m.Password); hash, err := utils.PasswordHash(m.Password)
if err != nil { if err != nil {
return err return err
@ -108,7 +178,7 @@ func (m *Member) Add () (error) {
} }
// Update 更新用户信息. // Update 更新用户信息.
func (m *Member) Update(cols... string) (error) { func (m *Member) Update(cols ...string) error {
o := orm.NewOrm() o := orm.NewOrm()
if m.Email == "" { if m.Email == "" {
@ -177,7 +247,6 @@ func (m *Member) FindToPager(pageIndex, pageSize int) ([]*Member,int64,error) {
return members, totalCount, nil return members, totalCount, nil
} }
func (c *Member) IsAdministrator() bool { func (c *Member) IsAdministrator() bool {
if c == nil || c.MemberId <= 0 { if c == nil || c.MemberId <= 0 {
return false return false
@ -192,20 +261,3 @@ func (m *Member) FindByFieldFirst(field string,value interface{}) (*Member,error
return m, err return m, err
} }