1 files changed, 171 insertions, 0 deletions

diff --git a/views.go b/views.go
new file mode 100644
index 0000000..7a15739
--- /dev/null
+++ b/views.go
@@ -0,0 +1,171 @@
+package main
+
+import (
+	"fmt"
+	"github.com/gorilla/csrf"
+	"html/template"
+	"log"
+	"net/http"
+	"strings"
+)
+
+type views struct {
+	templates map[string]*template.Template
+}
+
+func Views() *views {
+	templates := map[string]*template.Template{
+		"index":           template.Must(template.ParseFiles("templates/layout/base.html", "templates/index.html")),
+		"change_password": template.Must(template.ParseFiles("templates/layout/base.html", "templates/changepw.html")),
+		"change_ssh":      template.Must(template.ParseFiles("templates/layout/base.html", "templates/change_ssh.html")),
+	}
+
+	return &views{templates}
+}
+
+func (v *views) Index() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		if _, ok := req.Context().Value("user").(*User); ok {
+			err := v.templates["index"].ExecuteTemplate(w, "base", NewPageCtx(req))
+			if err != nil {
+				log.Println("ERROR", err)
+			}
+		} else {
+			// no user
+			fmt.Fprintf(w, "No user found :/")
+		}
+	})
+}
+
+func (v *views) ChangePassword(what string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		pageCtx := NewPageCtx(req)
+		if req.Method == "GET" {
+			pageCtx["Pwtype"] = what
+			err := v.templates["change_password"].ExecuteTemplate(w, "base", pageCtx)
+			if err != nil {
+				log.Println("ERROR", err)
+			}
+		} else if req.Method == "POST" {
+			// Parse Post
+			err := req.ParseForm()
+			if err != nil {
+				log.Println("ERROR", err)
+				redirectSameFlash(w, req, err.Error(), "error")
+				return
+			}
+			new_password := req.PostFormValue("new_password")
+			new_password_again := req.PostFormValue("new_password_again")
+			if new_password != new_password_again {
+				redirectSameFlash(w, req, "Passwords did not match", "error")
+				return
+			}
+			err = validatePassword(new_password)
+			if err != nil {
+				redirectSameFlash(w, req, err.Error(), "error")
+				return
+			}
+			// check if password is on the bad list
+			if IsPasswordCompromised(new_password) {
+				redirectSameFlash(w, req, "The password specified is considered compromised", "error")
+				return
+			}
+			// check that password is not already in use for other suffix
+			username := pageCtx["User"].(*User).UserName
+			err = CheckDuplicatePw(username, new_password)
+			if err != nil {
+				redirectSameFlash(w, req, err.Error(), "error")
+				return
+			}
+
+			// save that password
+			err = ChangeKerberosPw(strings.ToUpper(what), username, new_password)
+			if err != nil {
+				redirectSameFlash(w, req, err.Error(), "error")
+				return
+			}
+
+			redirectSameFlash(w, req, fmt.Sprintf("Password %s successfully updated", what), "success")
+		}
+	})
+}
+
+type PageCtx map[string]interface{}
+
+func NewPageCtx(req *http.Request) PageCtx {
+	flash_msg := req.Context().Value("flash")
+	flash_class := req.Context().Value("flash_class")
+	user, _ := req.Context().Value("user").(*User)
+	return PageCtx{
+		"Flash":      flash_msg,
+		"FlashClass": flash_class,
+		"User":       user,
+		"CsrfField":  csrf.TemplateField(req),
+	}
+}
+
+func (v *views) ChangeSSHKeys() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		if user, ok := req.Context().Value("user").(*User); ok {
+			if req.Method == "GET" {
+				ssh_keys, err := pwman.LdapInfo.GetSSHKeys(user.UserName)
+				if err != nil {
+					log.Println("ERROR", err)
+					ssh_keys = []SSHPubKey{}
+				}
+
+				pageCtx := NewPageCtx(req)
+				pageCtx["SSHKeys"] = ssh_keys
+				err = v.templates["change_ssh"].ExecuteTemplate(w, "base", pageCtx)
+				if err != nil {
+					log.Println("ERROR", err)
+				}
+			} else if req.Method == "POST" {
+				err := req.ParseForm()
+				if err != nil {
+					log.Println("ERROR", err)
+					redirectSame(w, req)
+					return
+				}
+				delete_sshkey := req.PostFormValue("sshkey")
+				if req.PostFormValue("delete") != "" && delete_sshkey != "" {
+					log.Println("INFO", "Delete request for", delete_sshkey)
+					err = pwman.LdapInfo.DeleteSSHKey(user.UserName, delete_sshkey)
+					if err != nil {
+						log.Println("ERROR", err)
+						SetFlashMessage(w, err.Error(), "error")
+					} else {
+						SetFlashMessage(w, "Deleted ssh key", "warning")
+					}
+					redirectSame(w, req)
+					return
+				}
+
+				if req.PostFormValue("add_key") != "" {
+					keys := strings.Split(req.PostFormValue("ssh_keys"), "\n")
+					err = pwman.LdapInfo.AddSSHKey(user.UserName, keys)
+					if err != nil {
+						log.Println("ERROR", err)
+						SetFlashMessage(w, err.Error(), "error")
+					} else {
+						SetFlashMessage(w, "Successfully added ssh key", "success")
+					}
+
+					redirectSame(w, req)
+					return
+				}
+
+				log.Println("ERROR", "Bad post view state")
+				redirectSame(w, req)
+			}
+		}
+	})
+}
+
+func redirectSameFlash(w http.ResponseWriter, req *http.Request, message, flash_class string) {
+	SetFlashMessage(w, message, flash_class)
+	http.Redirect(w, req, req.URL.Path, 302)
+}
+func redirectSame(w http.ResponseWriter, req *http.Request) {
+	http.Redirect(w, req, req.URL.Path, 302)
+}