diff --git a/internal/biz/role.go b/internal/biz/role.go index 74e2bb00..d9c7b8e5 100644 --- a/internal/biz/role.go +++ b/internal/biz/role.go @@ -72,10 +72,12 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) { if err != nil { return } - RoleMap[role.Name] = Role{ + + RoleMap[model.Name] = Role{ Name: model.Name, Platform: model.Platform, } + err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", Group: "rbac", @@ -107,7 +109,7 @@ func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err erro if err != nil { return } - RoleMap[role.Name] = Role{ + RoleMap[model.Name] = Role{ Name: model.Name, Cluster: model.Cluster, ClusterPrivilege: model.ClusterPrivilege, @@ -227,7 +229,7 @@ func (role ElasticsearchRole) Create(localUser *User) (id string, err error) { return } id = newRole.ID - RoleMap[role.Name] = Role{ + RoleMap[newRole.Name] = Role{ Name: newRole.Name, Cluster: newRole.Cluster, ClusterPrivilege: newRole.ClusterPrivilege, diff --git a/internal/biz/user.go b/internal/biz/user.go index fef24840..7b92d07e 100644 --- a/internal/biz/user.go +++ b/internal/biz/user.go @@ -21,7 +21,6 @@ func DeleteUser(localUser *User, id string) (err error) { user.ID = id _, err = orm.Get(&user) if err != nil { - err = ErrNotFound return } err = orm.Delete(user) @@ -55,7 +54,7 @@ func DeleteUser(localUser *User, id string) (err error) { }, nil)) return } -func CreateUser(localUser *User, req dto.CreateUser) (id string, err error) { +func CreateUser(localUser *User, req dto.CreateUser) (id string, password string, err error) { q := orm.Query{Size: 1000} q.Conds = orm.And(orm.Eq("username", req.Username)) @@ -75,10 +74,9 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, err error) { Name: v.Name, }) } - - hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost) + randStr := util.GenerateRandomString(8) + hash, err := bcrypt.GenerateFromPassword([]byte(randStr), bcrypt.DefaultCost) if err != nil { - return } user := rbac.User{ @@ -99,6 +97,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, err error) { return } id = user.ID + password = randStr err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", Group: "rbac", @@ -128,7 +127,6 @@ func UpdateUser(localUser *User, id string, req dto.UpdateUser) (err error) { user.ID = id _, err = orm.Get(&user) if err != nil { - err = ErrNotFound return } roles := make([]rbac.UserRole, 0) @@ -175,7 +173,7 @@ func UpdateUserRole(localUser *User, id string, req dto.UpdateUserRole) (err err user.ID = id _, err = orm.Get(&user) if err != nil { - err = ErrNotFound + return } changeLog, _ := util.DiffTwoObject(user, req) @@ -239,5 +237,38 @@ func SearchUser(keyword string, from, size int) (users orm.Result, err error) { } func UpdateUserPassword(localUser *User, id string, password string) (err error) { + user := rbac.User{} + user.ID = id + _, err = orm.Get(&user) + if err != nil { + + return + } + hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return + } + user.Password = string(hash) + user.Updated = time.Now() + err = orm.Save(&user) + if err != nil { + return + } + + err = orm.Save(GenerateEvent(event.ActivityMetadata{ + Category: "platform", + Group: "rbac", + Name: "user", + Type: "update", + Labels: util.MapStr{ + "id": id, + "password": password, + "updated": user.Updated, + }, + User: util.MapStr{ + "userid": localUser.UserId, + "username": localUser.Username, + }, + }, nil, nil)) return } diff --git a/internal/dto/role.go b/internal/dto/role.go index 1fc41450..eeb4484f 100644 --- a/internal/dto/role.go +++ b/internal/dto/role.go @@ -38,3 +38,6 @@ type UpdateUser struct { type UpdateUserRole struct { Roles []Role `json:"roles"` } +type UpdateUserPassword struct { + Password string `json:"password"` +} diff --git a/plugin/api/rbac/api.go b/plugin/api/rbac/api.go index 3997ce28..1eb847c9 100644 --- a/plugin/api/rbac/api.go +++ b/plugin/api/rbac/api.go @@ -34,7 +34,7 @@ func init() { api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll...)) api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll...)) api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead...)) - + api.HandleAPIMethod(api.PUT, "/user/:id/password", m.PermissionRequired(r.UpdateUserPassword, enum.UserAll...)) } func loadJsonConfig() { diff --git a/plugin/api/rbac/user.go b/plugin/api/rbac/user.go index 9bdb7f18..f42c060b 100644 --- a/plugin/api/rbac/user.go +++ b/plugin/api/rbac/user.go @@ -6,6 +6,7 @@ import ( "infini.sh/console/internal/core" "infini.sh/console/internal/dto" httprouter "infini.sh/framework/core/api/router" + "infini.sh/framework/core/util" "infini.sh/framework/modules/elastic" "net/http" log "src/github.com/cihub/seelog" @@ -39,13 +40,17 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P h.Error(w, err) return } - id, err := biz.CreateUser(localUser, req) + id, pass, err := biz.CreateUser(localUser, req) if err != nil { _ = log.Error(err.Error()) h.Error(w, err) return } - _ = h.WriteOKJSON(w, core.CreateResponse(id)) + _ = h.WriteOKJSON(w, util.MapStr{ + "_id": id, + "password": pass, + "result": "created", + }) return } @@ -159,3 +164,29 @@ func (h Rbac) SearchUser(w http.ResponseWriter, r *http.Request, ps httprouter.P return } +func (h Rbac) UpdateUserPassword(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + id := ps.MustGetParameter("id") + var req dto.UpdateUserPassword + err := h.DecodeJSON(r, &req) + if err != nil { + _ = log.Error(err.Error()) + h.Error400(w, err.Error()) + return + } + localUser, err := biz.FromUserContext(r.Context()) + if err != nil { + log.Error(err.Error()) + h.Error(w, err) + return + } + err = biz.UpdateUserPassword(localUser, id, req.Password) + if err != nil { + _ = log.Error(err.Error()) + h.Error(w, err) + return + } + + _ = h.WriteOKJSON(w, core.UpdateResponse(id)) + return + +}