feat: (rbac) update user password

2022-04-26 20:04:11 +08:00 · 2022-04-26 20:04:11 +08:00 · 8bcda063fb
parent 236d340b3b
commit 8bcda063fb
5 changed files with 80 additions and 13 deletions
--- a/internal/biz/role.go
+++ b/internal/biz/role.go
@ -72,10 +72,12 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
 	if err != nil {
 		return
 	}
-	RoleMap[role.Name] = Role{
+
+	RoleMap[model.Name] = Role{
 		Name:     model.Name,
 		Platform: model.Platform,
 	}
+
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@ -107,7 +109,7 @@ func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err erro
 	if err != nil {
 		return
 	}
-	RoleMap[role.Name] = Role{
+	RoleMap[model.Name] = Role{
 		Name:             model.Name,
 		Cluster:          model.Cluster,
 		ClusterPrivilege: model.ClusterPrivilege,
@ -227,7 +229,7 @@ func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
 		return
 	}
 	id = newRole.ID
-	RoleMap[role.Name] = Role{
+	RoleMap[newRole.Name] = Role{
 		Name:             newRole.Name,
 		Cluster:          newRole.Cluster,
 		ClusterPrivilege: newRole.ClusterPrivilege,
--- a/internal/biz/user.go
+++ b/internal/biz/user.go
@ -21,7 +21,6 @@ func DeleteUser(localUser *User, id string) (err error) {
 	user.ID = id
 	_, err = orm.Get(&user)
 	if err != nil {
-		err = ErrNotFound
 		return
 	}
 	err = orm.Delete(user)
@ -55,7 +54,7 @@ func DeleteUser(localUser *User, id string) (err error) {
 	}, nil))
 	return
 }
-func CreateUser(localUser *User, req dto.CreateUser) (id string, err error) {
+func CreateUser(localUser *User, req dto.CreateUser) (id string, password string, err error) {
 	q := orm.Query{Size: 1000}
 	q.Conds = orm.And(orm.Eq("username", req.Username))

@ -75,10 +74,9 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, err error) {
 			Name: v.Name,
 		})
 	}
-
-	hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
+	randStr := util.GenerateRandomString(8)
+	hash, err := bcrypt.GenerateFromPassword([]byte(randStr), bcrypt.DefaultCost)
 	if err != nil {
-
 		return
 	}
 	user := rbac.User{
@ -99,6 +97,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, err error) {
 		return
 	}
 	id = user.ID
+	password = randStr
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@ -128,7 +127,6 @@ func UpdateUser(localUser *User, id string, req dto.UpdateUser) (err error) {
 	user.ID = id
 	_, err = orm.Get(&user)
 	if err != nil {
-		err = ErrNotFound
 		return
 	}
 	roles := make([]rbac.UserRole, 0)
@ -175,7 +173,7 @@ func UpdateUserRole(localUser *User, id string, req dto.UpdateUserRole) (err err
 	user.ID = id
 	_, err = orm.Get(&user)
 	if err != nil {
-		err = ErrNotFound
+
 		return
 	}
 	changeLog, _ := util.DiffTwoObject(user, req)
@ -239,5 +237,38 @@ func SearchUser(keyword string, from, size int) (users orm.Result, err error) {

 }
 func UpdateUserPassword(localUser *User, id string, password string) (err error) {
+	user := rbac.User{}
+	user.ID = id
+	_, err = orm.Get(&user)
+	if err != nil {
+
+		return
+	}
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return
+	}
+	user.Password = string(hash)
+	user.Updated = time.Now()
+	err = orm.Save(&user)
+	if err != nil {
+		return
+	}
+
+	err = orm.Save(GenerateEvent(event.ActivityMetadata{
+		Category: "platform",
+		Group:    "rbac",
+		Name:     "user",
+		Type:     "update",
+		Labels: util.MapStr{
+			"id":       id,
+			"password": password,
+			"updated":  user.Updated,
+		},
+		User: util.MapStr{
+			"userid":   localUser.UserId,
+			"username": localUser.Username,
+		},
+	}, nil, nil))
 	return
 }
--- a/internal/dto/role.go
+++ b/internal/dto/role.go
@ -38,3 +38,6 @@ type UpdateUser struct {
 type UpdateUserRole struct {
 	Roles []Role `json:"roles"`
 }
+type UpdateUserPassword struct {
+	Password string `json:"password"`
+}
--- a/plugin/api/rbac/api.go
+++ b/plugin/api/rbac/api.go
@ -34,7 +34,7 @@ func init() {
 	api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll...))
 	api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll...))
 	api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead...))
-
+	api.HandleAPIMethod(api.PUT, "/user/:id/password", m.PermissionRequired(r.UpdateUserPassword, enum.UserAll...))
 }

 func loadJsonConfig() {
--- a/plugin/api/rbac/user.go
+++ b/plugin/api/rbac/user.go
@ -6,6 +6,7 @@ import (
 	"infini.sh/console/internal/core"
 	"infini.sh/console/internal/dto"
 	httprouter "infini.sh/framework/core/api/router"
+	"infini.sh/framework/core/util"
 	"infini.sh/framework/modules/elastic"
 	"net/http"
 	log "src/github.com/cihub/seelog"
@ -39,13 +40,17 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.Error(w, err)
 		return
 	}
-	id, err := biz.CreateUser(localUser, req)
+	id, pass, err := biz.CreateUser(localUser, req)
 	if err != nil {
 		_ = log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteOKJSON(w, core.CreateResponse(id))
+	_ = h.WriteOKJSON(w, util.MapStr{
+		"_id":      id,
+		"password": pass,
+		"result":   "created",
+	})
 	return

 }
@ -159,3 +164,29 @@ func (h Rbac) SearchUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	return

 }
+func (h Rbac) UpdateUserPassword(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	id := ps.MustGetParameter("id")
+	var req dto.UpdateUserPassword
+	err := h.DecodeJSON(r, &req)
+	if err != nil {
+		_ = log.Error(err.Error())
+		h.Error400(w, err.Error())
+		return
+	}
+	localUser, err := biz.FromUserContext(r.Context())
+	if err != nil {
+		log.Error(err.Error())
+		h.Error(w, err)
+		return
+	}
+	err = biz.UpdateUserPassword(localUser, id, req.Password)
+	if err != nil {
+		_ = log.Error(err.Error())
+		h.Error(w, err)
+		return
+	}
+
+	_ = h.WriteOKJSON(w, core.UpdateResponse(id))
+	return
+
+}