mirror of
https://github.com/casdoor/casdoor.git
synced 2025-08-27 01:40:22 +08:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
a4524e9996 | ||
|
|
b469928780 | ||
|
|
dc6fe13f75 | ||
|
|
8227762988 | ||
|
|
d92b072ed0 |
@@ -453,7 +453,7 @@ func (c *ApiController) GetUserinfo2() {
|
||||
// GetCaptcha ...
|
||||
// @Tag Login API
|
||||
// @Title GetCaptcha
|
||||
// @router /api/get-captcha [get]
|
||||
// @router /get-captcha [get]
|
||||
// @Success 200 {object} object.Userinfo The Response object
|
||||
func (c *ApiController) GetCaptcha() {
|
||||
applicationId := c.Input().Get("applicationId")
|
||||
|
||||
@@ -916,9 +916,9 @@ func (c *ApiController) HandleSamlLogin() {
|
||||
}
|
||||
|
||||
// HandleOfficialAccountEvent ...
|
||||
// @Tag HandleOfficialAccountEvent API
|
||||
// @Tag System API
|
||||
// @Title HandleOfficialAccountEvent
|
||||
// @router /api/webhook [POST]
|
||||
// @router /webhook [POST]
|
||||
// @Success 200 {object} object.Userinfo The Response object
|
||||
func (c *ApiController) HandleOfficialAccountEvent() {
|
||||
respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
|
||||
@@ -947,9 +947,9 @@ func (c *ApiController) HandleOfficialAccountEvent() {
|
||||
}
|
||||
|
||||
// GetWebhookEventType ...
|
||||
// @Tag GetWebhookEventType API
|
||||
// @Tag System API
|
||||
// @Title GetWebhookEventType
|
||||
// @router /api/get-webhook-event [GET]
|
||||
// @router /get-webhook-event [GET]
|
||||
// @Success 200 {object} object.Userinfo The Response object
|
||||
func (c *ApiController) GetWebhookEventType() {
|
||||
lock.Lock()
|
||||
@@ -970,7 +970,7 @@ func (c *ApiController) GetWebhookEventType() {
|
||||
// @Description Get Login Error Counts
|
||||
// @Param id query string true "The id ( owner/name ) of user"
|
||||
// @Success 200 {object} controllers.Response The Response object
|
||||
// @router /api/get-captcha-status [get]
|
||||
// @router /get-captcha-status [get]
|
||||
func (c *ApiController) GetCaptchaStatus() {
|
||||
organization := c.Input().Get("organization")
|
||||
userId := c.Input().Get("userId")
|
||||
@@ -1001,7 +1001,7 @@ func (c *ApiController) GetCaptchaStatus() {
|
||||
// @Title Callback
|
||||
// @Tag Callback API
|
||||
// @Description Get Login Error Counts
|
||||
// @router /api/Callback [post]
|
||||
// @router /Callback [post]
|
||||
// @Success 200 {object} object.Userinfo The Response object
|
||||
func (c *ApiController) Callback() {
|
||||
code := c.GetString("code")
|
||||
|
||||
@@ -24,7 +24,7 @@ import (
|
||||
|
||||
// Enforce
|
||||
// @Title Enforce
|
||||
// @Tag Enforce API
|
||||
// @Tag Enforcer API
|
||||
// @Description Call Casbin Enforce API
|
||||
// @Param body body []string true "Casbin request"
|
||||
// @Param permissionId query string false "permission id"
|
||||
@@ -151,7 +151,7 @@ func (c *ApiController) Enforce() {
|
||||
|
||||
// BatchEnforce
|
||||
// @Title BatchEnforce
|
||||
// @Tag Enforce API
|
||||
// @Tag Enforcer API
|
||||
// @Description Call Casbin BatchEnforce API
|
||||
// @Param body body []string true "array of casbin requests"
|
||||
// @Param permissionId query string false "permission id"
|
||||
|
||||
@@ -18,7 +18,7 @@ import "github.com/casdoor/casdoor/object"
|
||||
|
||||
// GetDashboard
|
||||
// @Title GetDashboard
|
||||
// @Tag GetDashboard API
|
||||
// @Tag System API
|
||||
// @Description get information of dashboard
|
||||
// @Success 200 {object} controllers.Response The Response object
|
||||
// @router /get-dashboard [get]
|
||||
|
||||
@@ -20,7 +20,7 @@ import (
|
||||
|
||||
// GetPrometheusInfo
|
||||
// @Title GetPrometheusInfo
|
||||
// @Tag Prometheus API
|
||||
// @Tag System API
|
||||
// @Description get Prometheus Info
|
||||
// @Success 200 {object} object.PrometheusInfo The Response object
|
||||
// @router /get-prometheus-info [get]
|
||||
|
||||
@@ -52,7 +52,7 @@ type NotificationForm struct {
|
||||
// @Param clientSecret query string true "The clientSecret of the application"
|
||||
// @Param from body controllers.EmailForm true "Details of the email request"
|
||||
// @Success 200 {object} controllers.Response The Response object
|
||||
// @router /api/send-email [post]
|
||||
// @router /send-email [post]
|
||||
func (c *ApiController) SendEmail() {
|
||||
userId, ok := c.RequireSignedIn()
|
||||
if !ok {
|
||||
@@ -148,7 +148,7 @@ func (c *ApiController) SendEmail() {
|
||||
// @Param clientSecret query string true "The clientSecret of the application"
|
||||
// @Param from body controllers.SmsForm true "Details of the sms request"
|
||||
// @Success 200 {object} controllers.Response The Response object
|
||||
// @router /api/send-sms [post]
|
||||
// @router /send-sms [post]
|
||||
func (c *ApiController) SendSms() {
|
||||
provider, err := c.GetProviderFromContext("SMS")
|
||||
if err != nil {
|
||||
@@ -186,7 +186,7 @@ func (c *ApiController) SendSms() {
|
||||
// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
// @Param from body controllers.NotificationForm true "Details of the notification request"
|
||||
// @Success 200 {object} controllers.Response The Response object
|
||||
// @router /api/send-notification [post]
|
||||
// @router /send-notification [post]
|
||||
func (c *ApiController) SendNotification() {
|
||||
provider, err := c.GetProviderFromContext("Notification")
|
||||
if err != nil {
|
||||
|
||||
@@ -156,7 +156,7 @@ func (c *ApiController) DeleteToken() {
|
||||
// @Success 200 {object} object.TokenWrapper The Response object
|
||||
// @Success 400 {object} object.TokenError The Response object
|
||||
// @Success 401 {object} object.TokenError The Response object
|
||||
// @router api/login/oauth/access_token [post]
|
||||
// @router /login/oauth/access_token [post]
|
||||
func (c *ApiController) GetOAuthToken() {
|
||||
clientId := c.Input().Get("client_id")
|
||||
clientSecret := c.Input().Get("client_secret")
|
||||
@@ -273,6 +273,7 @@ func (c *ApiController) RefreshToken() {
|
||||
|
||||
// IntrospectToken
|
||||
// @Title IntrospectToken
|
||||
// @Tag Login API
|
||||
// @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
|
||||
// parameter representing an OAuth 2.0 token and returns a JSON document
|
||||
// representing the meta information surrounding the
|
||||
|
||||
@@ -272,7 +272,7 @@ func (c *ApiController) VerifyCaptcha() {
|
||||
// ResetEmailOrPhone ...
|
||||
// @Tag Account API
|
||||
// @Title ResetEmailOrPhone
|
||||
// @router /api/reset-email-or-phone [post]
|
||||
// @router /reset-email-or-phone [post]
|
||||
// @Success 200 {object} object.Userinfo The Response object
|
||||
func (c *ApiController) ResetEmailOrPhone() {
|
||||
user, ok := c.RequireSignedInUser()
|
||||
@@ -367,7 +367,7 @@ func (c *ApiController) ResetEmailOrPhone() {
|
||||
// VerifyCode
|
||||
// @Tag Verification API
|
||||
// @Title VerifyCode
|
||||
// @router /api/verify-code [post]
|
||||
// @router /verify-code [post]
|
||||
// @Success 200 {object} object.Userinfo The Response object
|
||||
func (c *ApiController) VerifyCode() {
|
||||
var authForm form.AuthForm
|
||||
|
||||
12
form/auth.go
12
form/auth.go
@@ -14,6 +14,8 @@
|
||||
|
||||
package form
|
||||
|
||||
import "reflect"
|
||||
|
||||
type AuthForm struct {
|
||||
Type string `json:"type"`
|
||||
SigninMethod string `json:"signinMethod"`
|
||||
@@ -60,3 +62,13 @@ type AuthForm struct {
|
||||
Plan string `json:"plan"`
|
||||
Pricing string `json:"pricing"`
|
||||
}
|
||||
|
||||
func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {
|
||||
val := reflect.ValueOf(*form)
|
||||
fieldValue := val.FieldByName(fieldName)
|
||||
|
||||
if fieldValue.IsValid() && fieldValue.Kind() == reflect.String {
|
||||
return true, fieldValue.String()
|
||||
}
|
||||
return false, ""
|
||||
}
|
||||
|
||||
149
ldap/server.go
149
ldap/server.go
@@ -18,7 +18,6 @@ import (
|
||||
"fmt"
|
||||
"hash/fnv"
|
||||
"log"
|
||||
"strings"
|
||||
|
||||
"github.com/casdoor/casdoor/conf"
|
||||
"github.com/casdoor/casdoor/object"
|
||||
@@ -50,17 +49,7 @@ func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
|
||||
res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
|
||||
|
||||
if r.AuthenticationChoice() == "simple" {
|
||||
bindDN := string(r.Name())
|
||||
bindPassword := string(r.AuthenticationSimple())
|
||||
|
||||
if bindDN == "" && bindPassword == "" {
|
||||
res.SetResultCode(ldap.LDAPResultInappropriateAuthentication)
|
||||
res.SetDiagnosticMessage("Anonymous bind disallowed")
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
|
||||
bindUsername, bindOrg, err := getNameAndOrgFromDN(bindDN)
|
||||
bindUsername, bindOrg, err := getNameAndOrgFromDN(string(r.Name()))
|
||||
if err != nil {
|
||||
log.Printf("getNameAndOrgFromDN() error: %s", err.Error())
|
||||
res.SetResultCode(ldap.LDAPResultInvalidDNSyntax)
|
||||
@@ -69,6 +58,7 @@ func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
|
||||
return
|
||||
}
|
||||
|
||||
bindPassword := string(r.AuthenticationSimple())
|
||||
bindUser, err := object.CheckUserPassword(bindOrg, bindUsername, bindPassword, "en")
|
||||
if err != nil {
|
||||
log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
|
||||
@@ -103,46 +93,7 @@ func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {
|
||||
}
|
||||
|
||||
r := m.GetSearchRequest()
|
||||
|
||||
// case insensitive match
|
||||
if strings.EqualFold(r.FilterString(), "(objectClass=*)") {
|
||||
if len(r.Attributes()) == 0 {
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
first_attr := string(r.Attributes()[0])
|
||||
|
||||
if string(r.BaseObject()) == "" {
|
||||
// handle special search requests
|
||||
|
||||
if first_attr == "namingContexts" {
|
||||
orgs, code := GetFilteredOrganizations(m)
|
||||
if code != ldap.LDAPResultSuccess {
|
||||
res.SetResultCode(code)
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
e := ldap.NewSearchResultEntry(string(r.BaseObject()))
|
||||
dnlist := make([]message.AttributeValue, len(orgs))
|
||||
for i, org := range orgs {
|
||||
dnlist[i] = message.AttributeValue(fmt.Sprintf("ou=%s", org.Name))
|
||||
}
|
||||
e.AddAttribute("namingContexts", dnlist...)
|
||||
w.Write(e)
|
||||
} else if first_attr == "subschemaSubentry" {
|
||||
e := ldap.NewSearchResultEntry(string(r.BaseObject()))
|
||||
e.AddAttribute("subschemaSubentry", message.AttributeValue("cn=Subschema"))
|
||||
w.Write(e)
|
||||
}
|
||||
} else if strings.EqualFold(first_attr, "objectclasses") && string(r.BaseObject()) == "cn=Subschema" {
|
||||
e := ldap.NewSearchResultEntry(string(r.BaseObject()))
|
||||
e.AddAttribute("objectClasses", []message.AttributeValue{
|
||||
"( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )",
|
||||
"( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) )",
|
||||
}...)
|
||||
w.Write(e)
|
||||
}
|
||||
|
||||
if r.FilterString() == "(objectClass=*)" {
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
@@ -155,72 +106,38 @@ func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {
|
||||
default:
|
||||
}
|
||||
|
||||
objectClass := searchFilterForEquality(r.Filter(), "objectClass", "posixAccount", "posixGroup")
|
||||
switch objectClass {
|
||||
case "posixAccount":
|
||||
users, code := GetFilteredUsers(m)
|
||||
if code != ldap.LDAPResultSuccess {
|
||||
res.SetResultCode(code)
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
|
||||
// log.Printf("Handling posixAccount filter=%s", r.FilterString())
|
||||
for _, user := range users {
|
||||
dn := fmt.Sprintf("uid=%s,cn=users,%s", user.Name, string(r.BaseObject()))
|
||||
e := ldap.NewSearchResultEntry(dn)
|
||||
attrs := r.Attributes()
|
||||
for _, attr := range attrs {
|
||||
if string(attr) == "*" {
|
||||
attrs = AdditionalLdapUserAttributes
|
||||
break
|
||||
}
|
||||
}
|
||||
for _, attr := range attrs {
|
||||
if strings.HasSuffix(string(attr), ";binary") {
|
||||
// unsupported: userCertificate;binary
|
||||
continue
|
||||
}
|
||||
field, ok := ldapUserAttributesMapping.CaseInsensitiveGet(string(attr))
|
||||
if ok {
|
||||
e.AddAttribute(message.AttributeDescription(attr), field.GetAttributeValues(user)...)
|
||||
}
|
||||
}
|
||||
w.Write(e)
|
||||
}
|
||||
|
||||
case "posixGroup":
|
||||
// log.Printf("Handling posixGroup filter=%s", r.FilterString())
|
||||
groups, code := GetFilteredGroups(m)
|
||||
if code != ldap.LDAPResultSuccess {
|
||||
res.SetResultCode(code)
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
|
||||
for _, group := range groups {
|
||||
dn := fmt.Sprintf("cn=%s,cn=groups,%s", group.Name, string(r.BaseObject()))
|
||||
e := ldap.NewSearchResultEntry(dn)
|
||||
attrs := r.Attributes()
|
||||
for _, attr := range attrs {
|
||||
if string(attr) == "*" {
|
||||
attrs = AdditionalLdapGroupAttributes
|
||||
break
|
||||
}
|
||||
}
|
||||
for _, attr := range attrs {
|
||||
field, ok := ldapGroupAttributesMapping.CaseInsensitiveGet(string(attr))
|
||||
if ok {
|
||||
e.AddAttribute(message.AttributeDescription(attr), field.GetAttributeValues(group)...)
|
||||
}
|
||||
}
|
||||
w.Write(e)
|
||||
}
|
||||
|
||||
case "":
|
||||
log.Printf("Unmatched search request. filter=%s", r.FilterString())
|
||||
users, code := GetFilteredUsers(m)
|
||||
if code != ldap.LDAPResultSuccess {
|
||||
res.SetResultCode(code)
|
||||
w.Write(res)
|
||||
return
|
||||
}
|
||||
|
||||
for _, user := range users {
|
||||
dn := fmt.Sprintf("uid=%s,cn=%s,%s", user.Id, user.Name, string(r.BaseObject()))
|
||||
e := ldap.NewSearchResultEntry(dn)
|
||||
uidNumberStr := fmt.Sprintf("%v", hash(user.Name))
|
||||
e.AddAttribute("uidNumber", message.AttributeValue(uidNumberStr))
|
||||
e.AddAttribute("gidNumber", message.AttributeValue(uidNumberStr))
|
||||
e.AddAttribute("homeDirectory", message.AttributeValue("/home/"+user.Name))
|
||||
e.AddAttribute("cn", message.AttributeValue(user.Name))
|
||||
e.AddAttribute("uid", message.AttributeValue(user.Id))
|
||||
attrs := r.Attributes()
|
||||
for _, attr := range attrs {
|
||||
if string(attr) == "*" {
|
||||
attrs = AdditionalLdapAttributes
|
||||
break
|
||||
}
|
||||
}
|
||||
for _, attr := range attrs {
|
||||
e.AddAttribute(message.AttributeDescription(attr), getAttribute(string(attr), user))
|
||||
if string(attr) == "cn" {
|
||||
e.AddAttribute(message.AttributeDescription(attr), getAttribute("title", user))
|
||||
}
|
||||
}
|
||||
|
||||
w.Write(e)
|
||||
}
|
||||
w.Write(res)
|
||||
}
|
||||
|
||||
|
||||
342
ldap/util.go
342
ldap/util.go
@@ -18,7 +18,6 @@ import (
|
||||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/casdoor/casdoor/object"
|
||||
"github.com/casdoor/casdoor/util"
|
||||
@@ -29,259 +28,65 @@ import (
|
||||
"github.com/xorm-io/builder"
|
||||
)
|
||||
|
||||
type V = message.AttributeValue
|
||||
type AttributeMapper func(user *object.User) message.AttributeValue
|
||||
|
||||
type UserAttributeMapper func(user *object.User) []V
|
||||
|
||||
type UserFieldRelation struct {
|
||||
type FieldRelation struct {
|
||||
userField string
|
||||
ldapField string
|
||||
notSearchable bool
|
||||
hideOnStarOp bool
|
||||
fieldMapper UserAttributeMapper
|
||||
constantValue []V
|
||||
fieldMapper AttributeMapper
|
||||
}
|
||||
|
||||
func (rel UserFieldRelation) GetField() (string, error) {
|
||||
func (rel FieldRelation) GetField() (string, error) {
|
||||
if rel.notSearchable {
|
||||
return "", fmt.Errorf("attribute %s not supported", rel.userField)
|
||||
}
|
||||
return rel.userField, nil
|
||||
}
|
||||
|
||||
func (rel UserFieldRelation) GetAttributeValues(user *object.User) []V {
|
||||
if rel.constantValue != nil && rel.fieldMapper == nil {
|
||||
return rel.constantValue
|
||||
}
|
||||
func (rel FieldRelation) GetAttributeValue(user *object.User) message.AttributeValue {
|
||||
return rel.fieldMapper(user)
|
||||
}
|
||||
|
||||
type UserFieldRelationMap map[string]UserFieldRelation
|
||||
|
||||
func (m UserFieldRelationMap) CaseInsensitiveGet(key string) (UserFieldRelation, bool) {
|
||||
lowerKey := strings.ToLower(key)
|
||||
ret, ok := m[lowerKey]
|
||||
return ret, ok
|
||||
}
|
||||
|
||||
type GroupAttributeMapper func(group *object.Group) []V
|
||||
|
||||
type GroupFieldRelation struct {
|
||||
groupField string
|
||||
ldapField string
|
||||
notSearchable bool
|
||||
hideOnStarOp bool
|
||||
fieldMapper GroupAttributeMapper
|
||||
constantValue []V
|
||||
}
|
||||
|
||||
func (rel GroupFieldRelation) GetField() (string, error) {
|
||||
if rel.notSearchable {
|
||||
return "", fmt.Errorf("attribute %s not supported", rel.groupField)
|
||||
}
|
||||
return rel.groupField, nil
|
||||
}
|
||||
|
||||
func (rel GroupFieldRelation) GetAttributeValues(group *object.Group) []V {
|
||||
if rel.constantValue != nil && rel.fieldMapper == nil {
|
||||
return rel.constantValue
|
||||
}
|
||||
return rel.fieldMapper(group)
|
||||
}
|
||||
|
||||
type GroupFieldRelationMap map[string]GroupFieldRelation
|
||||
|
||||
func (m GroupFieldRelationMap) CaseInsensitiveGet(key string) (GroupFieldRelation, bool) {
|
||||
lowerKey := strings.ToLower(key)
|
||||
ret, ok := m[lowerKey]
|
||||
return ret, ok
|
||||
}
|
||||
|
||||
var ldapUserAttributesMapping = UserFieldRelationMap{
|
||||
"cn": {ldapField: "cn", userField: "name", hideOnStarOp: true, fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Name)}
|
||||
var ldapAttributesMapping = map[string]FieldRelation{
|
||||
"cn": {userField: "name", hideOnStarOp: true, fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.Name)
|
||||
}},
|
||||
"uid": {ldapField: "uid", userField: "name", hideOnStarOp: true, fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Name)}
|
||||
"uid": {userField: "name", hideOnStarOp: true, fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.Name)
|
||||
}},
|
||||
"displayname": {ldapField: "displayName", userField: "displayName", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.DisplayName)}
|
||||
"displayname": {userField: "displayName", fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.DisplayName)
|
||||
}},
|
||||
"email": {ldapField: "email", userField: "email", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Email)}
|
||||
"email": {userField: "email", fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.Email)
|
||||
}},
|
||||
"mail": {ldapField: "mail", userField: "email", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Email)}
|
||||
"mail": {userField: "email", fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.Email)
|
||||
}},
|
||||
"mobile": {ldapField: "mobile", userField: "phone", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Phone)}
|
||||
"mobile": {userField: "phone", fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.Phone)
|
||||
}},
|
||||
"telephonenumber": {ldapField: "telephoneNumber", userField: "phone", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Phone)}
|
||||
"title": {userField: "tag", fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(user.Tag)
|
||||
}},
|
||||
"postaladdress": {ldapField: "postalAddress", userField: "address", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(strings.Join(user.Address, " "))}
|
||||
}},
|
||||
"title": {ldapField: "title", userField: "title", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.Title)}
|
||||
}},
|
||||
"gecos": {ldapField: "gecos", userField: "displayName", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.DisplayName)}
|
||||
}},
|
||||
"description": {ldapField: "description", userField: "displayName", fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(user.DisplayName)}
|
||||
}},
|
||||
"logindisabled": {ldapField: "loginDisabled", userField: "isForbidden", fieldMapper: func(user *object.User) []V {
|
||||
if user.IsForbidden {
|
||||
return []V{V("1")}
|
||||
} else {
|
||||
return []V{V("0")}
|
||||
}
|
||||
}},
|
||||
"userpassword": {
|
||||
ldapField: "userPassword",
|
||||
"userPassword": {
|
||||
userField: "userPassword",
|
||||
notSearchable: true,
|
||||
fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(getUserPasswordWithType(user))}
|
||||
fieldMapper: func(user *object.User) message.AttributeValue {
|
||||
return message.AttributeValue(getUserPasswordWithType(user))
|
||||
},
|
||||
},
|
||||
"uidnumber": {ldapField: "uidNumber", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
return []V{V(fmt.Sprintf("%v", hash(user.Name)))}
|
||||
}},
|
||||
"gidnumber": {ldapField: "gidNumber", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
if len(user.Groups) == 0 {
|
||||
return []V{V("")}
|
||||
}
|
||||
group, err := object.GetGroup(user.Groups[0])
|
||||
if err != nil {
|
||||
log.Printf("gidnumber object.GetGroup error: %s", err)
|
||||
return []V{V("")}
|
||||
}
|
||||
return []V{V(fmt.Sprintf("%v", hash(group.Name)))}
|
||||
}},
|
||||
"homedirectory": {ldapField: "homeDirectory", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
return []V{V("/home/" + user.Name)}
|
||||
}},
|
||||
"loginshell": {ldapField: "loginShell", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
if user.IsForbidden || user.IsDeleted {
|
||||
return []V{V("/sbin/nologin")}
|
||||
} else {
|
||||
return []V{V("/bin/bash")}
|
||||
}
|
||||
}},
|
||||
"shadowlastchange": {ldapField: "shadowLastChange", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
// "this attribute specifies number of days between January 1, 1970, and the date that the password was last modified"
|
||||
updatedTime, err := time.Parse(time.RFC3339, user.UpdatedTime)
|
||||
if err != nil {
|
||||
log.Printf("shadowlastchange time.Parse error: %s", err)
|
||||
updatedTime = time.Now()
|
||||
}
|
||||
return []V{V(fmt.Sprint(updatedTime.Unix() / 86400))}
|
||||
}},
|
||||
"pwdchangedtime": {ldapField: "pwdChangedTime", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
updatedTime, err := time.Parse(time.RFC3339, user.UpdatedTime)
|
||||
if err != nil {
|
||||
log.Printf("pwdchangedtime time.Parse error: %s", err)
|
||||
updatedTime = time.Now()
|
||||
}
|
||||
return []V{V(updatedTime.UTC().Format("20060102030405Z"))}
|
||||
}},
|
||||
"shadowmin": {ldapField: "shadowMin", notSearchable: true, constantValue: []V{V("0")}},
|
||||
"shadowmax": {ldapField: "shadowMax", notSearchable: true, constantValue: []V{V("99999")}},
|
||||
"shadowwarning": {ldapField: "shadowWarning", notSearchable: true, constantValue: []V{V("7")}},
|
||||
"shadowexpire": {ldapField: "shadowExpire", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
if user.IsForbidden {
|
||||
return []V{V("1")}
|
||||
} else {
|
||||
return []V{V("-1")}
|
||||
}
|
||||
}},
|
||||
"shadowinactive": {ldapField: "shadowInactive", notSearchable: true, constantValue: []V{V("0")}},
|
||||
"shadowflag": {ldapField: "shadowFlag", notSearchable: true, constantValue: []V{V("0")}},
|
||||
"memberof": {ldapField: "memberOf", notSearchable: true, fieldMapper: func(user *object.User) []V {
|
||||
var groupdn []V
|
||||
for _, groupId := range user.Groups {
|
||||
group, err := object.GetGroup(groupId)
|
||||
if err != nil {
|
||||
log.Printf("memberOf object.GetGroup error: %s", err)
|
||||
continue
|
||||
}
|
||||
groupdn = append(groupdn, V(fmt.Sprintf("cn=%s,cn=groups,ou=%s", group.Name, group.Owner)))
|
||||
}
|
||||
return groupdn
|
||||
}},
|
||||
"objectclass": {ldapField: "objectClass", notSearchable: true, constantValue: []V{
|
||||
V("top"),
|
||||
V("posixAccount"),
|
||||
V("shadowAccount"),
|
||||
V("person"),
|
||||
V("organizationalPerson"),
|
||||
V("inetOrgPerson"),
|
||||
V("apple-user"),
|
||||
V("sambaSamAccount"),
|
||||
V("sambaIdmapEntry"),
|
||||
V("extensibleObject"),
|
||||
}},
|
||||
}
|
||||
|
||||
var ldapGroupAttributesMapping = GroupFieldRelationMap{
|
||||
"cn": {ldapField: "cn", hideOnStarOp: true, fieldMapper: func(group *object.Group) []V {
|
||||
return []V{V(group.Name)}
|
||||
}},
|
||||
"gidnumber": {ldapField: "gidNumber", hideOnStarOp: true, fieldMapper: func(group *object.Group) []V {
|
||||
return []V{V(fmt.Sprintf("%v", hash(group.Name)))}
|
||||
}},
|
||||
"member": {ldapField: "member", fieldMapper: func(group *object.Group) []V {
|
||||
users, err := object.GetGroupUsers(group.GetId())
|
||||
if err != nil {
|
||||
log.Printf("member object.GetGroupUsers error: %s", err)
|
||||
return []V{V("")}
|
||||
}
|
||||
var members []V
|
||||
for _, user := range users {
|
||||
members = append(members, V(fmt.Sprintf("uid=%s,cn=users,ou=%s", user.Name, user.Owner)))
|
||||
}
|
||||
return members
|
||||
}},
|
||||
"memberuid": {ldapField: "memberUid", fieldMapper: func(group *object.Group) []V {
|
||||
users, err := object.GetGroupUsers(group.GetId())
|
||||
if err != nil {
|
||||
log.Printf("member object.GetGroupUsers error: %s", err)
|
||||
return []V{V("")}
|
||||
}
|
||||
var members []message.AttributeValue
|
||||
for _, user := range users {
|
||||
members = append(members, message.AttributeValue(user.Name))
|
||||
}
|
||||
return members
|
||||
}},
|
||||
"description": {ldapField: "description", hideOnStarOp: true, fieldMapper: func(group *object.Group) []V {
|
||||
return []V{V(group.DisplayName)}
|
||||
}},
|
||||
"objectclass": {ldapField: "objectClass", hideOnStarOp: true, constantValue: []V{
|
||||
V("top"),
|
||||
V("posixGroup"),
|
||||
}},
|
||||
}
|
||||
|
||||
var (
|
||||
AdditionalLdapUserAttributes []message.LDAPString
|
||||
AdditionalLdapGroupAttributes []message.LDAPString
|
||||
)
|
||||
var AdditionalLdapAttributes []message.LDAPString
|
||||
|
||||
func init() {
|
||||
for _, v := range ldapUserAttributesMapping {
|
||||
for k, v := range ldapAttributesMapping {
|
||||
if v.hideOnStarOp {
|
||||
continue
|
||||
}
|
||||
AdditionalLdapUserAttributes = append(AdditionalLdapUserAttributes, message.LDAPString(v.ldapField))
|
||||
}
|
||||
for _, v := range ldapGroupAttributesMapping {
|
||||
if v.hideOnStarOp {
|
||||
continue
|
||||
}
|
||||
AdditionalLdapGroupAttributes = append(AdditionalLdapGroupAttributes, message.LDAPString(v.ldapField))
|
||||
AdditionalLdapAttributes = append(AdditionalLdapAttributes, message.LDAPString(k))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -502,52 +307,6 @@ func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int)
|
||||
}
|
||||
}
|
||||
|
||||
func GetFilteredOrganizations(m *ldap.Message) ([]*object.Organization, int) {
|
||||
if m.Client.IsGlobalAdmin {
|
||||
organizations, err := object.GetOrganizations("")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return organizations, ldap.LDAPResultSuccess
|
||||
} else if m.Client.IsOrgAdmin {
|
||||
requestUserId := util.GetId(m.Client.OrgName, m.Client.UserName)
|
||||
user, err := object.GetUser(requestUserId)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
organization, err := object.GetOrganizationByUser(user)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return []*object.Organization{organization}, ldap.LDAPResultSuccess
|
||||
} else {
|
||||
return nil, ldap.LDAPResultInsufficientAccessRights
|
||||
}
|
||||
}
|
||||
|
||||
func GetFilteredGroups(m *ldap.Message) ([]*object.Group, int) {
|
||||
if m.Client.IsGlobalAdmin {
|
||||
groups, err := object.GetGroups("")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return groups, ldap.LDAPResultSuccess
|
||||
} else if m.Client.IsOrgAdmin {
|
||||
requestUserId := util.GetId(m.Client.OrgName, m.Client.UserName)
|
||||
user, err := object.GetUser(requestUserId)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
groups, err := object.GetGroups(user.Owner)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return groups, ldap.LDAPResultSuccess
|
||||
} else {
|
||||
return nil, ldap.LDAPResultInsufficientAccessRights
|
||||
}
|
||||
}
|
||||
|
||||
// get user password with hash type prefix
|
||||
// TODO not handle salt yet
|
||||
// @return {md5}5f4dcc3b5aa765d61d8327deb882cf99
|
||||
@@ -571,49 +330,18 @@ func getUserPasswordWithType(user *object.User) string {
|
||||
return fmt.Sprintf("{%s}%s", prefix, user.Password)
|
||||
}
|
||||
|
||||
func getAttribute(attributeName string, user *object.User) message.AttributeValue {
|
||||
v, ok := ldapAttributesMapping[attributeName]
|
||||
if !ok {
|
||||
return ""
|
||||
}
|
||||
return v.GetAttributeValue(user)
|
||||
}
|
||||
|
||||
func getUserFieldFromAttribute(attributeName string) (string, error) {
|
||||
v, ok := ldapUserAttributesMapping.CaseInsensitiveGet(attributeName)
|
||||
v, ok := ldapAttributesMapping[attributeName]
|
||||
if !ok {
|
||||
return "", fmt.Errorf("attribute %s not supported", attributeName)
|
||||
}
|
||||
return v.GetField()
|
||||
}
|
||||
|
||||
func searchFilterForEquality(filter message.Filter, desc string, values ...string) string {
|
||||
switch f := filter.(type) {
|
||||
case message.FilterAnd:
|
||||
for _, child := range f {
|
||||
if val := searchFilterForEquality(child, desc, values...); val != "" {
|
||||
return val
|
||||
}
|
||||
}
|
||||
case message.FilterOr:
|
||||
for _, child := range f {
|
||||
if val := searchFilterForEquality(child, desc, values...); val != "" {
|
||||
return val
|
||||
}
|
||||
}
|
||||
case message.FilterNot:
|
||||
return searchFilterForEquality(f.Filter, desc, values...)
|
||||
case message.FilterSubstrings:
|
||||
// Handle FilterSubstrings case if needed
|
||||
case message.FilterEqualityMatch:
|
||||
if strings.EqualFold(string(f.AttributeDesc()), desc) {
|
||||
for _, value := range values {
|
||||
if val := string(f.AssertionValue()); val == value {
|
||||
return val
|
||||
}
|
||||
}
|
||||
}
|
||||
case message.FilterGreaterOrEqual:
|
||||
// Handle FilterGreaterOrEqual case if needed
|
||||
case message.FilterLessOrEqual:
|
||||
// Handle FilterLessOrEqual case if needed
|
||||
case message.FilterPresent:
|
||||
// Handle FilterPresent case if needed
|
||||
case message.FilterApproxMatch:
|
||||
// Handle FilterApproxMatch case if needed
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ package object
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
"unicode"
|
||||
@@ -32,89 +33,89 @@ const (
|
||||
DefaultFailedSigninFrozenTime = 15
|
||||
)
|
||||
|
||||
func CheckUserSignup(application *Application, organization *Organization, form *form.AuthForm, lang string) string {
|
||||
func CheckUserSignup(application *Application, organization *Organization, authForm *form.AuthForm, lang string) string {
|
||||
if organization == nil {
|
||||
return i18n.Translate(lang, "check:Organization does not exist")
|
||||
}
|
||||
|
||||
if application.IsSignupItemVisible("Username") {
|
||||
if len(form.Username) <= 1 {
|
||||
if len(authForm.Username) <= 1 {
|
||||
return i18n.Translate(lang, "check:Username must have at least 2 characters")
|
||||
}
|
||||
if unicode.IsDigit(rune(form.Username[0])) {
|
||||
if unicode.IsDigit(rune(authForm.Username[0])) {
|
||||
return i18n.Translate(lang, "check:Username cannot start with a digit")
|
||||
}
|
||||
if util.IsEmailValid(form.Username) {
|
||||
if util.IsEmailValid(authForm.Username) {
|
||||
return i18n.Translate(lang, "check:Username cannot be an email address")
|
||||
}
|
||||
if util.ReWhiteSpace.MatchString(form.Username) {
|
||||
if util.ReWhiteSpace.MatchString(authForm.Username) {
|
||||
return i18n.Translate(lang, "check:Username cannot contain white spaces")
|
||||
}
|
||||
|
||||
if msg := CheckUsername(form.Username, lang); msg != "" {
|
||||
if msg := CheckUsername(authForm.Username, lang); msg != "" {
|
||||
return msg
|
||||
}
|
||||
|
||||
if HasUserByField(organization.Name, "name", form.Username) {
|
||||
if HasUserByField(organization.Name, "name", authForm.Username) {
|
||||
return i18n.Translate(lang, "check:Username already exists")
|
||||
}
|
||||
if HasUserByField(organization.Name, "email", form.Email) {
|
||||
if HasUserByField(organization.Name, "email", authForm.Email) {
|
||||
return i18n.Translate(lang, "check:Email already exists")
|
||||
}
|
||||
if HasUserByField(organization.Name, "phone", form.Phone) {
|
||||
if HasUserByField(organization.Name, "phone", authForm.Phone) {
|
||||
return i18n.Translate(lang, "check:Phone already exists")
|
||||
}
|
||||
}
|
||||
|
||||
if application.IsSignupItemVisible("Password") {
|
||||
msg := CheckPasswordComplexityByOrg(organization, form.Password)
|
||||
msg := CheckPasswordComplexityByOrg(organization, authForm.Password)
|
||||
if msg != "" {
|
||||
return msg
|
||||
}
|
||||
}
|
||||
|
||||
if application.IsSignupItemVisible("Email") {
|
||||
if form.Email == "" {
|
||||
if authForm.Email == "" {
|
||||
if application.IsSignupItemRequired("Email") {
|
||||
return i18n.Translate(lang, "check:Email cannot be empty")
|
||||
}
|
||||
} else {
|
||||
if HasUserByField(organization.Name, "email", form.Email) {
|
||||
if HasUserByField(organization.Name, "email", authForm.Email) {
|
||||
return i18n.Translate(lang, "check:Email already exists")
|
||||
} else if !util.IsEmailValid(form.Email) {
|
||||
} else if !util.IsEmailValid(authForm.Email) {
|
||||
return i18n.Translate(lang, "check:Email is invalid")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if application.IsSignupItemVisible("Phone") {
|
||||
if form.Phone == "" {
|
||||
if authForm.Phone == "" {
|
||||
if application.IsSignupItemRequired("Phone") {
|
||||
return i18n.Translate(lang, "check:Phone cannot be empty")
|
||||
}
|
||||
} else {
|
||||
if HasUserByField(organization.Name, "phone", form.Phone) {
|
||||
if HasUserByField(organization.Name, "phone", authForm.Phone) {
|
||||
return i18n.Translate(lang, "check:Phone already exists")
|
||||
} else if !util.IsPhoneAllowInRegin(form.CountryCode, organization.CountryCodes) {
|
||||
} else if !util.IsPhoneAllowInRegin(authForm.CountryCode, organization.CountryCodes) {
|
||||
return i18n.Translate(lang, "check:Your region is not allow to signup by phone")
|
||||
} else if !util.IsPhoneValid(form.Phone, form.CountryCode) {
|
||||
} else if !util.IsPhoneValid(authForm.Phone, authForm.CountryCode) {
|
||||
return i18n.Translate(lang, "check:Phone number is invalid")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if application.IsSignupItemVisible("Display name") {
|
||||
if application.GetSignupItemRule("Display name") == "First, last" && (form.FirstName != "" || form.LastName != "") {
|
||||
if form.FirstName == "" {
|
||||
if application.GetSignupItemRule("Display name") == "First, last" && (authForm.FirstName != "" || authForm.LastName != "") {
|
||||
if authForm.FirstName == "" {
|
||||
return i18n.Translate(lang, "check:FirstName cannot be blank")
|
||||
} else if form.LastName == "" {
|
||||
} else if authForm.LastName == "" {
|
||||
return i18n.Translate(lang, "check:LastName cannot be blank")
|
||||
}
|
||||
} else {
|
||||
if form.Name == "" {
|
||||
if authForm.Name == "" {
|
||||
return i18n.Translate(lang, "check:DisplayName cannot be blank")
|
||||
} else if application.GetSignupItemRule("Display name") == "Real name" {
|
||||
if !isValidRealName(form.Name) {
|
||||
if !isValidRealName(authForm.Name) {
|
||||
return i18n.Translate(lang, "check:DisplayName is not valid real name")
|
||||
}
|
||||
}
|
||||
@@ -122,23 +123,44 @@ func CheckUserSignup(application *Application, organization *Organization, form
|
||||
}
|
||||
|
||||
if application.IsSignupItemVisible("Affiliation") {
|
||||
if form.Affiliation == "" {
|
||||
if authForm.Affiliation == "" {
|
||||
return i18n.Translate(lang, "check:Affiliation cannot be blank")
|
||||
}
|
||||
}
|
||||
|
||||
if len(application.InvitationCodes) > 0 {
|
||||
if form.InvitationCode == "" {
|
||||
if authForm.InvitationCode == "" {
|
||||
if application.IsSignupItemRequired("Invitation code") {
|
||||
return i18n.Translate(lang, "check:Invitation code cannot be blank")
|
||||
}
|
||||
} else {
|
||||
if !util.InSlice(application.InvitationCodes, form.InvitationCode) {
|
||||
if !util.InSlice(application.InvitationCodes, authForm.InvitationCode) {
|
||||
return i18n.Translate(lang, "check:Invitation code is invalid")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, signupItem := range application.SignupItems {
|
||||
if signupItem.Regex == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
isString, value := form.GetAuthFormFieldValue(authForm, signupItem.Name)
|
||||
if !isString {
|
||||
continue
|
||||
}
|
||||
|
||||
regexSignupItem, err := regexp.Compile(signupItem.Regex)
|
||||
if err != nil {
|
||||
return err.Error()
|
||||
}
|
||||
|
||||
matched := regexSignupItem.MatchString(value)
|
||||
if !matched {
|
||||
return fmt.Sprintf(i18n.Translate(lang, "check:The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\""), value, signupItem.Name, application.Name)
|
||||
}
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ var (
|
||||
regexLowerCase = regexp.MustCompile(`[a-z]`)
|
||||
regexUpperCase = regexp.MustCompile(`[A-Z]`)
|
||||
regexDigit = regexp.MustCompile(`\d`)
|
||||
regexSpecial = regexp.MustCompile(`[!@#$%^&*]`)
|
||||
regexSpecial = regexp.MustCompile("[!-/:-@[-`{-~]")
|
||||
)
|
||||
|
||||
func isValidOption_AtLeast6(password string) string {
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -31,6 +31,17 @@ paths:
|
||||
description: ""
|
||||
schema:
|
||||
$ref: '#/definitions/object.OidcDiscovery'
|
||||
/api/Callback:
|
||||
post:
|
||||
tags:
|
||||
- Callback API
|
||||
description: Get Login Error Counts
|
||||
operationId: ApiController.Callback
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/add-adapter:
|
||||
post:
|
||||
tags:
|
||||
@@ -121,6 +132,24 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/add-invitation:
|
||||
post:
|
||||
tags:
|
||||
- Invitation API
|
||||
description: add invitation
|
||||
operationId: ApiController.AddInvitation
|
||||
parameters:
|
||||
- in: body
|
||||
name: body
|
||||
description: The details of the invitation
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/object.Invitation'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/add-ldap:
|
||||
post:
|
||||
tags:
|
||||
@@ -442,162 +471,10 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/api/Callback:
|
||||
post:
|
||||
tags:
|
||||
- Callback API
|
||||
description: Get Login Error Counts
|
||||
operationId: ApiController.Callback
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/api/get-captcha:
|
||||
get:
|
||||
tags:
|
||||
- Login API
|
||||
operationId: ApiController.GetCaptcha
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/api/get-captcha-status:
|
||||
get:
|
||||
tags:
|
||||
- Token API
|
||||
description: Get Login Error Counts
|
||||
operationId: ApiController.GetCaptchaStatus
|
||||
parameters:
|
||||
- in: query
|
||||
name: id
|
||||
description: The id ( owner/name ) of user
|
||||
required: true
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/api/get-webhook-event:
|
||||
get:
|
||||
tags:
|
||||
- GetWebhookEventType API
|
||||
operationId: ApiController.GetWebhookEventType
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/api/reset-email-or-phone:
|
||||
post:
|
||||
tags:
|
||||
- Account API
|
||||
operationId: ApiController.ResetEmailOrPhone
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/api/send-email:
|
||||
post:
|
||||
tags:
|
||||
- Service API
|
||||
description: This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
operationId: ApiController.SendEmail
|
||||
parameters:
|
||||
- in: query
|
||||
name: clientId
|
||||
description: The clientId of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: clientSecret
|
||||
description: The clientSecret of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: body
|
||||
name: from
|
||||
description: Details of the email request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.EmailForm'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/api/send-notification:
|
||||
post:
|
||||
tags:
|
||||
- Service API
|
||||
description: This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
operationId: ApiController.SendNotification
|
||||
parameters:
|
||||
- in: body
|
||||
name: from
|
||||
description: Details of the notification request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.NotificationForm'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/api/send-sms:
|
||||
post:
|
||||
tags:
|
||||
- Service API
|
||||
description: This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
operationId: ApiController.SendSms
|
||||
parameters:
|
||||
- in: query
|
||||
name: clientId
|
||||
description: The clientId of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: clientSecret
|
||||
description: The clientSecret of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: body
|
||||
name: from
|
||||
description: Details of the sms request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.SmsForm'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/api/verify-code:
|
||||
post:
|
||||
tags:
|
||||
- Verification API
|
||||
operationId: ApiController.VerifyCode
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/api/webhook:
|
||||
post:
|
||||
tags:
|
||||
- HandleOfficialAccountEvent API
|
||||
operationId: ApiController.HandleOfficialAccountEvent
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/batch-enforce:
|
||||
post:
|
||||
tags:
|
||||
- Enforce API
|
||||
- Enforcer API
|
||||
description: Call Casbin BatchEnforce API
|
||||
operationId: ApiController.BatchEnforce
|
||||
parameters:
|
||||
@@ -617,6 +494,10 @@ paths:
|
||||
name: modelId
|
||||
description: model id
|
||||
type: string
|
||||
- in: query
|
||||
name: owner
|
||||
description: owner
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
@@ -744,6 +625,24 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/delete-invitation:
|
||||
post:
|
||||
tags:
|
||||
- Invitation API
|
||||
description: delete invitation
|
||||
operationId: ApiController.DeleteInvitation
|
||||
parameters:
|
||||
- in: body
|
||||
name: body
|
||||
description: The details of the invitation
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/object.Invitation'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/delete-ldap:
|
||||
post:
|
||||
tags:
|
||||
@@ -1064,7 +963,7 @@ paths:
|
||||
/api/enforce:
|
||||
post:
|
||||
tags:
|
||||
- Enforce API
|
||||
- Enforcer API
|
||||
description: Call Casbin Enforce API
|
||||
operationId: ApiController.Enforce
|
||||
parameters:
|
||||
@@ -1088,6 +987,10 @@ paths:
|
||||
name: resourceId
|
||||
description: resource id
|
||||
type: string
|
||||
- in: query
|
||||
name: owner
|
||||
description: owner
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
@@ -1213,6 +1116,33 @@ paths:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/definitions/object.Application'
|
||||
/api/get-captcha:
|
||||
get:
|
||||
tags:
|
||||
- Login API
|
||||
operationId: ApiController.GetCaptcha
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/get-captcha-status:
|
||||
get:
|
||||
tags:
|
||||
- Token API
|
||||
description: Get Login Error Counts
|
||||
operationId: ApiController.GetCaptchaStatus
|
||||
parameters:
|
||||
- in: query
|
||||
name: id
|
||||
description: The id ( owner/name ) of user
|
||||
required: true
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/get-cert:
|
||||
get:
|
||||
tags:
|
||||
@@ -1252,7 +1182,7 @@ paths:
|
||||
/api/get-dashboard:
|
||||
get:
|
||||
tags:
|
||||
- GetDashboard API
|
||||
- System API
|
||||
description: get information of dashboard
|
||||
operationId: ApiController.GetDashboard
|
||||
responses:
|
||||
@@ -1410,6 +1340,42 @@ paths:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/definitions/object.Group'
|
||||
/api/get-invitation:
|
||||
get:
|
||||
tags:
|
||||
- Invitation API
|
||||
description: get invitation
|
||||
operationId: ApiController.GetInvitation
|
||||
parameters:
|
||||
- in: query
|
||||
name: id
|
||||
description: The id ( owner/name ) of the invitation
|
||||
required: true
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Invitation'
|
||||
/api/get-invitations:
|
||||
get:
|
||||
tags:
|
||||
- Invitation API
|
||||
description: get invitations
|
||||
operationId: ApiController.GetInvitations
|
||||
parameters:
|
||||
- in: query
|
||||
name: owner
|
||||
description: The owner of invitations
|
||||
required: true
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/definitions/object.Invitation'
|
||||
/api/get-ldap:
|
||||
get:
|
||||
tags:
|
||||
@@ -1785,7 +1751,7 @@ paths:
|
||||
/api/get-prometheus-info:
|
||||
get:
|
||||
tags:
|
||||
- Prometheus API
|
||||
- System API
|
||||
description: get Prometheus Info
|
||||
operationId: ApiController.GetPrometheusInfo
|
||||
responses:
|
||||
@@ -2269,6 +2235,16 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Webhook'
|
||||
/api/get-webhook-event:
|
||||
get:
|
||||
tags:
|
||||
- System API
|
||||
operationId: ApiController.GetWebhookEventType
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/get-webhooks:
|
||||
get:
|
||||
tags:
|
||||
@@ -2396,8 +2372,50 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/login/oauth/access_token:
|
||||
post:
|
||||
tags:
|
||||
- Token API
|
||||
description: get OAuth access token
|
||||
operationId: ApiController.GetOAuthToken
|
||||
parameters:
|
||||
- in: query
|
||||
name: grant_type
|
||||
description: OAuth grant type
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: client_id
|
||||
description: OAuth client id
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: client_secret
|
||||
description: OAuth client secret
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: code
|
||||
description: OAuth code
|
||||
required: true
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.TokenWrapper'
|
||||
"400":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.TokenError'
|
||||
"401":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.TokenError'
|
||||
/api/login/oauth/introspect:
|
||||
post:
|
||||
tags:
|
||||
- Login API
|
||||
description: The introspection endpoint is an OAuth 2.0 endpoint that takes a
|
||||
operationId: ApiController.IntrospectToken
|
||||
parameters:
|
||||
@@ -2543,6 +2561,16 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/reset-email-or-phone:
|
||||
post:
|
||||
tags:
|
||||
- Account API
|
||||
operationId: ApiController.ResetEmailOrPhone
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/run-syncer:
|
||||
get:
|
||||
tags:
|
||||
@@ -2561,6 +2589,80 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/send-email:
|
||||
post:
|
||||
tags:
|
||||
- Service API
|
||||
description: This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
operationId: ApiController.SendEmail
|
||||
parameters:
|
||||
- in: query
|
||||
name: clientId
|
||||
description: The clientId of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: clientSecret
|
||||
description: The clientSecret of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: body
|
||||
name: from
|
||||
description: Details of the email request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.EmailForm'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/send-notification:
|
||||
post:
|
||||
tags:
|
||||
- Service API
|
||||
description: This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
operationId: ApiController.SendNotification
|
||||
parameters:
|
||||
- in: body
|
||||
name: from
|
||||
description: Details of the notification request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.NotificationForm'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/send-sms:
|
||||
post:
|
||||
tags:
|
||||
- Service API
|
||||
description: This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
|
||||
operationId: ApiController.SendSms
|
||||
parameters:
|
||||
- in: query
|
||||
name: clientId
|
||||
description: The clientId of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: clientSecret
|
||||
description: The clientSecret of the application
|
||||
required: true
|
||||
type: string
|
||||
- in: body
|
||||
name: from
|
||||
description: Details of the sms request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.SmsForm'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/send-verification-code:
|
||||
post:
|
||||
tags:
|
||||
@@ -2778,6 +2880,29 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/update-invitation:
|
||||
post:
|
||||
tags:
|
||||
- Invitation API
|
||||
description: update invitation
|
||||
operationId: ApiController.UpdateInvitation
|
||||
parameters:
|
||||
- in: query
|
||||
name: id
|
||||
description: The id ( owner/name ) of the invitation
|
||||
required: true
|
||||
type: string
|
||||
- in: body
|
||||
name: body
|
||||
description: The details of the invitation
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/object.Invitation'
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/update-ldap:
|
||||
post:
|
||||
tags:
|
||||
@@ -3245,6 +3370,33 @@ paths:
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/verify-code:
|
||||
post:
|
||||
tags:
|
||||
- Verification API
|
||||
operationId: ApiController.VerifyCode
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
/api/verify-invitation:
|
||||
get:
|
||||
tags:
|
||||
- Invitation API
|
||||
description: verify invitation
|
||||
operationId: ApiController.VerifyInvitation
|
||||
parameters:
|
||||
- in: query
|
||||
name: id
|
||||
description: The id ( owner/name ) of the invitation
|
||||
required: true
|
||||
type: string
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/api/webauthn/signin/begin:
|
||||
get:
|
||||
tags:
|
||||
@@ -3314,46 +3466,16 @@ paths:
|
||||
description: '"The Response object"'
|
||||
schema:
|
||||
$ref: '#/definitions/controllers.Response'
|
||||
/apiapi/login/oauth/access_token:
|
||||
/api/webhook:
|
||||
post:
|
||||
tags:
|
||||
- Token API
|
||||
description: get OAuth access token
|
||||
operationId: ApiController.GetOAuthToken
|
||||
parameters:
|
||||
- in: query
|
||||
name: grant_type
|
||||
description: OAuth grant type
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: client_id
|
||||
description: OAuth client id
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: client_secret
|
||||
description: OAuth client secret
|
||||
required: true
|
||||
type: string
|
||||
- in: query
|
||||
name: code
|
||||
description: OAuth code
|
||||
required: true
|
||||
type: string
|
||||
- System API
|
||||
operationId: ApiController.HandleOfficialAccountEvent
|
||||
responses:
|
||||
"200":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.TokenWrapper'
|
||||
"400":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.TokenError'
|
||||
"401":
|
||||
description: The Response object
|
||||
schema:
|
||||
$ref: '#/definitions/object.TokenError'
|
||||
$ref: '#/definitions/object.Userinfo'
|
||||
definitions:
|
||||
casbin.Enforcer:
|
||||
title: Enforcer
|
||||
@@ -3546,10 +3668,10 @@ definitions:
|
||||
expireInHours:
|
||||
type: integer
|
||||
format: int64
|
||||
failedSigninLimit:
|
||||
failedSigninFrozenTime:
|
||||
type: integer
|
||||
format: int64
|
||||
failedSigninFrozenTime:
|
||||
failedSigninLimit:
|
||||
type: integer
|
||||
format: int64
|
||||
forgetUrl:
|
||||
@@ -3606,6 +3728,10 @@ definitions:
|
||||
type: string
|
||||
signinHtml:
|
||||
type: string
|
||||
signinMethods:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/definitions/object.SigninMethod'
|
||||
signinUrl:
|
||||
type: string
|
||||
signupHtml:
|
||||
@@ -3624,6 +3750,10 @@ definitions:
|
||||
type: string
|
||||
themeData:
|
||||
$ref: '#/definitions/object.ThemeData'
|
||||
tokenFields:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
tokenFormat:
|
||||
type: string
|
||||
object.Cert:
|
||||
@@ -3780,6 +3910,40 @@ definitions:
|
||||
type: string
|
||||
username:
|
||||
type: string
|
||||
object.Invitation:
|
||||
title: Invitation
|
||||
type: object
|
||||
properties:
|
||||
application:
|
||||
type: string
|
||||
code:
|
||||
type: string
|
||||
createdTime:
|
||||
type: string
|
||||
displayName:
|
||||
type: string
|
||||
email:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
owner:
|
||||
type: string
|
||||
phone:
|
||||
type: string
|
||||
quota:
|
||||
type: integer
|
||||
format: int64
|
||||
signupGroup:
|
||||
type: string
|
||||
state:
|
||||
type: string
|
||||
updatedTime:
|
||||
type: string
|
||||
usedCount:
|
||||
type: integer
|
||||
format: int64
|
||||
username:
|
||||
type: string
|
||||
object.Ldap:
|
||||
title: Ldap
|
||||
type: object
|
||||
@@ -4455,6 +4619,16 @@ definitions:
|
||||
type: string
|
||||
value:
|
||||
type: string
|
||||
object.SigninMethod:
|
||||
title: SigninMethod
|
||||
type: object
|
||||
properties:
|
||||
displayName:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
rule:
|
||||
type: string
|
||||
object.SignupItem:
|
||||
title: SignupItem
|
||||
type: object
|
||||
@@ -4467,6 +4641,8 @@ definitions:
|
||||
type: string
|
||||
prompted:
|
||||
type: boolean
|
||||
regex:
|
||||
type: string
|
||||
required:
|
||||
type: boolean
|
||||
rule:
|
||||
|
||||
@@ -37,7 +37,7 @@ function isValidOption_Aa123(password) {
|
||||
}
|
||||
|
||||
function isValidOption_SpecialChar(password) {
|
||||
const regex = /^(?=.*[!@#$%^&*]).+$/;
|
||||
const regex = /^(?=.*[!-/:-@[-`{-~]).+$/;
|
||||
if (!regex.test(password)) {
|
||||
return i18next.t("user:The password must contain at least one special character");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user