authelia/internal/handlers/handler_user_info.go

package handlers

import (
	"database/sql"
	"errors"
	"fmt"
	"strings"

	"github.com/authelia/authelia/v4/internal/middlewares"
	"github.com/authelia/authelia/v4/internal/model"
	"github.com/authelia/authelia/v4/internal/utils"
)

// UserInfoPOST handles setting up info for users if necessary when they login.
func UserInfoPOST(ctx *middlewares.AutheliaCtx) {
	userSession := ctx.GetSession()

	var (
		userInfo model.UserInfo
		err      error
	)

	if _, err = ctx.Providers.StorageProvider.LoadPreferred2FAMethod(ctx, userSession.Username); err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			if err = ctx.Providers.StorageProvider.SavePreferred2FAMethod(ctx, userSession.Username, ""); err != nil {
				ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)
			}
		} else {
			ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)
		}
	}

	if userInfo, err = ctx.Providers.StorageProvider.LoadUserInfo(ctx, userSession.Username); err != nil {
		ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)
		return
	}

	var (
		changed bool
	)

	if changed = userInfo.SetDefaultPreferred2FAMethod(ctx.AvailableSecondFactorMethods(), ctx.Configuration.Default2FAMethod); changed {
		if err = ctx.Providers.StorageProvider.SavePreferred2FAMethod(ctx, userSession.Username, userInfo.Method); err != nil {
			ctx.Error(fmt.Errorf("unable to save user two factor method: %v", err), messageOperationFailed)
			return
		}
	}

	userInfo.DisplayName = userSession.DisplayName

	err = ctx.SetJSONBody(userInfo)
	if err != nil {
		ctx.Logger.Errorf("Unable to set user info response in body: %s", err)
	}
}

// UserInfoGET get the info related to the user identified by the session.
func UserInfoGET(ctx *middlewares.AutheliaCtx) {
	userSession := ctx.GetSession()

	userInfo, err := ctx.Providers.StorageProvider.LoadUserInfo(ctx, userSession.Username)
	if err != nil {
		ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)
		return
	}

	userInfo.DisplayName = userSession.DisplayName

	err = ctx.SetJSONBody(userInfo)
	if err != nil {
		ctx.Logger.Errorf("Unable to set user info response in body: %s", err)
	}
}

// MethodPreferencePOST update the user preferences regarding 2FA method.
func MethodPreferencePOST(ctx *middlewares.AutheliaCtx) {
	bodyJSON := preferred2FAMethodBody{}

	err := ctx.ParseBody(&bodyJSON)
	if err != nil {
		ctx.Error(err, messageOperationFailed)
		return
	}

	if !utils.IsStringInSlice(bodyJSON.Method, ctx.AvailableSecondFactorMethods()) {
		ctx.Error(fmt.Errorf("unknown or unavailable method '%s', it should be one of %s", bodyJSON.Method, strings.Join(ctx.AvailableSecondFactorMethods(), ", ")), messageOperationFailed)
		return
	}

	userSession := ctx.GetSession()
	ctx.Logger.Debugf("Save new preferred 2FA method of user %s to %s", userSession.Username, bodyJSON.Method)
	err = ctx.Providers.StorageProvider.SavePreferred2FAMethod(ctx, userSession.Username, bodyJSON.Method)

	if err != nil {
		ctx.Error(fmt.Errorf("unable to save new preferred 2FA method: %s", err), messageOperationFailed)
		return
	}

	ctx.ReplyOK()
}
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`package handlers`

			`import (`
fix(web): show appropriate default and available methods (#2999) This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available. 2022-03-28 08:26:30 +07:00			`"database/sql"`
			`"errors"`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`"fmt"`
			`"strings"`
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go 2020-04-05 19:37:21 +07:00
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 08:04:35 +07:00			`"github.com/authelia/authelia/v4/internal/middlewares"`
fix(web): show appropriate default and available methods (#2999) This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available. 2022-03-28 08:26:30 +07:00			`"github.com/authelia/authelia/v4/internal/model"`
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 08:04:35 +07:00			`"github.com/authelia/authelia/v4/internal/utils"`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`)`

fix(web): show appropriate default and available methods (#2999) This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available. 2022-03-28 08:26:30 +07:00			`// UserInfoPOST handles setting up info for users if necessary when they login.`
			`func UserInfoPOST(ctx *middlewares.AutheliaCtx) {`
			`userSession := ctx.GetSession()`

			`var (`
			`userInfo model.UserInfo`
			`err error`
			`)`

			`if _, err = ctx.Providers.StorageProvider.LoadPreferred2FAMethod(ctx, userSession.Username); err != nil {`
			`if errors.Is(err, sql.ErrNoRows) {`
			`if err = ctx.Providers.StorageProvider.SavePreferred2FAMethod(ctx, userSession.Username, ""); err != nil {`
			`ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)`
			`}`
			`} else {`
			`ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)`
			`}`
			`}`

			`if userInfo, err = ctx.Providers.StorageProvider.LoadUserInfo(ctx, userSession.Username); err != nil {`
			`ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)`
			`return`
			`}`

			`var (`
			`changed bool`
			`)`

feat(configuration): configurable default second factor method (#3081) This allows configuring the default second factor method. 2022-04-18 06:58:24 +07:00			`if changed = userInfo.SetDefaultPreferred2FAMethod(ctx.AvailableSecondFactorMethods(), ctx.Configuration.Default2FAMethod); changed {`
fix(web): show appropriate default and available methods (#2999) This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available. 2022-03-28 08:26:30 +07:00			`if err = ctx.Providers.StorageProvider.SavePreferred2FAMethod(ctx, userSession.Username, userInfo.Method); err != nil {`
			`ctx.Error(fmt.Errorf("unable to save user two factor method: %v", err), messageOperationFailed)`
			`return`
			`}`
			`}`

			`userInfo.DisplayName = userSession.DisplayName`

			`err = ctx.SetJSONBody(userInfo)`
			`if err != nil {`
			`ctx.Logger.Errorf("Unable to set user info response in body: %s", err)`
			`}`
			`}`

			`// UserInfoGET get the info related to the user identified by the session.`
			`func UserInfoGET(ctx *middlewares.AutheliaCtx) {`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`userSession := ctx.GetSession()`

feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 16:45:38 +07:00			`userInfo, err := ctx.Providers.StorageProvider.LoadUserInfo(ctx, userSession.Username)`
			`if err != nil {`
			`ctx.Error(fmt.Errorf("unable to load user information: %v", err), messageOperationFailed)`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`return`
			`}`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-06 02:35:32 +07:00
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com> 2020-06-21 20:40:37 +07:00			`userInfo.DisplayName = userSession.DisplayName`

feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 16:45:38 +07:00			`err = ctx.SetJSONBody(userInfo)`
[MISC] Refactor and address most errcheck linter ignores (#1511) * [MISC] Refactor and address most errcheck linter ignores This is mostly a quality of life change. When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track. * Handle errors for regulation marks and remove unnecessary logging 2020-12-16 08:47:31 +07:00			`if err != nil {`
			`ctx.Logger.Errorf("Unable to set user info response in body: %s", err)`
			`}`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`}`

fix(server): incorrect remote ip logged in error handler (#3139) This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important. 2022-04-08 11:13:47 +07:00			`// MethodPreferencePOST update the user preferences regarding 2FA method.`
			`func MethodPreferencePOST(ctx *middlewares.AutheliaCtx) {`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 19:11:29 +07:00			`bodyJSON := preferred2FAMethodBody{}`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-06 02:35:32 +07:00
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`err := ctx.ParseBody(&bodyJSON)`
			`if err != nil {`
fix(handlers): handle xhr requests to /api/verify with 401 (#2189) This changes the way XML HTTP requests are handled on the verify endpoint so that they are redirected using a 401 instead of a 302/303. 2021-07-22 10:52:37 +07:00			`ctx.Error(err, messageOperationFailed)`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`return`
			`}`

fix(web): show appropriate default and available methods (#2999) This ensures that; the method set when a user does not have a preference is a method that is available, that if a user has a preferred method that is not available it is changed to an enabled method with preference put on methods the user has configured, that the frontend does not show the method selection option when only one method is available. 2022-03-28 08:26:30 +07:00			`if !utils.IsStringInSlice(bodyJSON.Method, ctx.AvailableSecondFactorMethods()) {`
			`ctx.Error(fmt.Errorf("unknown or unavailable method '%s', it should be one of %s", bodyJSON.Method, strings.Join(ctx.AvailableSecondFactorMethods(), ", ")), messageOperationFailed)`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`return`
			`}`

			`userSession := ctx.GetSession()`
Fix spelling errors 2020-01-06 06:03:16 +07:00			`ctx.Logger.Debugf("Save new preferred 2FA method of user %s to %s", userSession.Username, bodyJSON.Method)`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 16:45:38 +07:00			`err = ctx.Providers.StorageProvider.SavePreferred2FAMethod(ctx, userSession.Username, bodyJSON.Method)`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00
			`if err != nil {`
refactor(handlers): lower case error messages (#2289) * refactor(handlers): lower case error messages also refactor verifyAuth function to detect malicious activity both with session cookie and authorization header. * refacto(handlers): simplify error construction * fix(handlers): check prefix in authorization header to determine auth method * fix(handlers): determining the method should be done with headers instead of query arg * refacto(handlers): rollback changes of verifyAuth * don't lowercase log messages * Apply suggestions from code review Make sure logger errors are not lowercased. * fix: uppercase logger errors and remove unused param * Do not lowercase logger errors * Remove unused param targetURL * Rename url variable to not conflict with imported package Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-09-17 12:53:40 +07:00			`ctx.Error(fmt.Errorf("unable to save new preferred 2FA method: %s", err), messageOperationFailed)`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 18:18:22 +07:00			`return`
			`}`

			`ctx.ReplyOK()`
			`}`