wg-portal/internal/app/users/ldap_helper.go

package users

import (
	"fmt"
	"strings"
	"time"

	"github.com/go-ldap/ldap/v3"
	"github.com/h44z/wg-portal/internal"
	"github.com/h44z/wg-portal/internal/config"
	"github.com/h44z/wg-portal/internal/domain"
)

func convertRawLdapUser(
	providerName string,
	rawUser map[string]any,
	fields *config.LdapFields,
	adminGroupDN *ldap.DN,
) (*domain.User, error) {
	now := time.Now()

	isAdmin, err := internal.LdapIsMemberOf(rawUser[fields.GroupMembership].([][]byte), adminGroupDN)
	if err != nil {
		return nil, fmt.Errorf("failed to check admin group: %w", err)
	}

	return &domain.User{
		BaseModel: domain.BaseModel{
			CreatedBy: domain.CtxSystemLdapSyncer,
			UpdatedBy: domain.CtxSystemLdapSyncer,
			CreatedAt: now,
			UpdatedAt: now,
		},
		Identifier:   domain.UserIdentifier(internal.MapDefaultString(rawUser, fields.UserIdentifier, "")),
		Email:        strings.ToLower(internal.MapDefaultString(rawUser, fields.Email, "")),
		Source:       domain.UserSourceLdap,
		ProviderName: providerName,
		IsAdmin:      isAdmin,
		Firstname:    internal.MapDefaultString(rawUser, fields.Firstname, ""),
		Lastname:     internal.MapDefaultString(rawUser, fields.Lastname, ""),
		Phone:        internal.MapDefaultString(rawUser, fields.Phone, ""),
		Department:   internal.MapDefaultString(rawUser, fields.Department, ""),
		Notes:        "",
		Password:     "",
		Disabled:     nil,
	}, nil
}

func userChangedInLdap(dbUser, ldapUser *domain.User) bool {
	if dbUser.Firstname != ldapUser.Firstname {
		return true
	}
	if dbUser.Lastname != ldapUser.Lastname {
		return true
	}
	if dbUser.Email != ldapUser.Email {
		return true
	}
	if dbUser.Phone != ldapUser.Phone {
		return true
	}
	if dbUser.Department != ldapUser.Department {
		return true
	}

	if dbUser.IsDisabled() != ldapUser.IsDisabled() {
		return true
	}

	if dbUser.IsAdmin != ldapUser.IsAdmin {
		return true
	}

	if dbUser.ProviderName != ldapUser.ProviderName {
		return true
	}

	return false
}
V2 alpha - initial version (#172) Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com> 2023-08-04 11:34:18 +00:00			`package users`

			`import (`
			`"fmt"`
code cleanup 2025-01-11 21:56:25 +00:00			`"strings"`
			`"time"`

V2 alpha - initial version (#172) Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com> 2023-08-04 11:34:18 +00:00			`"github.com/go-ldap/ldap/v3"`
			`"github.com/h44z/wg-portal/internal"`
			`"github.com/h44z/wg-portal/internal/config"`
			`"github.com/h44z/wg-portal/internal/domain"`
			`)`

code cleanup 2025-01-11 21:56:25 +00:00			`func convertRawLdapUser(`
			`providerName string,`
			`rawUser map[string]any,`
			`fields *config.LdapFields,`
			`adminGroupDN *ldap.DN,`
			`) (*domain.User, error) {`
V2 alpha - initial version (#172) Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com> 2023-08-04 11:34:18 +00:00			`now := time.Now()`

			`isAdmin, err := internal.LdapIsMemberOf(rawUser[fields.GroupMembership].([][]byte), adminGroupDN)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to check admin group: %w", err)`
			`}`

			`return &domain.User{`
			`BaseModel: domain.BaseModel{`
code cleanup 2025-01-11 21:56:25 +00:00			`CreatedBy: domain.CtxSystemLdapSyncer,`
			`UpdatedBy: domain.CtxSystemLdapSyncer,`
V2 alpha - initial version (#172) Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com> 2023-08-04 11:34:18 +00:00			`CreatedAt: now,`
			`UpdatedAt: now,`
			`},`
			`Identifier: domain.UserIdentifier(internal.MapDefaultString(rawUser, fields.UserIdentifier, "")),`
			`Email: strings.ToLower(internal.MapDefaultString(rawUser, fields.Email, "")),`
			`Source: domain.UserSourceLdap,`
			`ProviderName: providerName,`
			`IsAdmin: isAdmin,`
			`Firstname: internal.MapDefaultString(rawUser, fields.Firstname, ""),`
			`Lastname: internal.MapDefaultString(rawUser, fields.Lastname, ""),`
			`Phone: internal.MapDefaultString(rawUser, fields.Phone, ""),`
			`Department: internal.MapDefaultString(rawUser, fields.Department, ""),`
			`Notes: "",`
			`Password: "",`
			`Disabled: nil,`
			`}, nil`
			`}`

			`func userChangedInLdap(dbUser, ldapUser *domain.User) bool {`
			`if dbUser.Firstname != ldapUser.Firstname {`
			`return true`
			`}`
			`if dbUser.Lastname != ldapUser.Lastname {`
			`return true`
			`}`
			`if dbUser.Email != ldapUser.Email {`
			`return true`
			`}`
			`if dbUser.Phone != ldapUser.Phone {`
			`return true`
			`}`
			`if dbUser.Department != ldapUser.Department {`
			`return true`
			`}`

			`if dbUser.IsDisabled() != ldapUser.IsDisabled() {`
			`return true`
			`}`

			`if dbUser.IsAdmin != ldapUser.IsAdmin {`
			`return true`
			`}`

allow LDAP users (and linked peers) to be automatically re-enabled (#345) 2025-01-21 17:03:30 +00:00			`if dbUser.ProviderName != ldapUser.ProviderName {`
			`return true`
			`}`

V2 alpha - initial version (#172) Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com> 2023-08-04 11:34:18 +00:00			`return false`
			`}`