// Copyright 2019 Sorint.lab // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied // See the License for the specific language governing permissions and // limitations under the License. package action import ( "context" "encoding/json" "time" "agola.io/agola/internal/datamanager" "agola.io/agola/internal/db" "agola.io/agola/internal/errors" "agola.io/agola/internal/services/configstore/readdb" "agola.io/agola/internal/util" "agola.io/agola/services/configstore/types" "github.com/gofrs/uuid" ) type CreateUserRequest struct { UserName string CreateUserLARequest *CreateUserLARequest } func (h *ActionHandler) CreateUser(ctx context.Context, req *CreateUserRequest) (*types.User, error) { if req.UserName == "" { return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user name required")) } if !util.ValidateName(req.UserName) { return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("invalid user name %q", req.UserName)) } var cgt *datamanager.ChangeGroupsUpdateToken // changegroup is the username (and in future the email) to ensure no // concurrent user creation/modification using the same name cgNames := []string{util.EncodeSha256Hex("username-" + req.UserName)} var rs *types.RemoteSource // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } // check duplicate user name u, err := h.readDB.GetUserByName(tx, req.UserName) if err != nil { return errors.WithStack(err) } if u != nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user with name %q already exists", u.Name)) } if req.CreateUserLARequest != nil { rs, err = h.readDB.GetRemoteSourceByName(tx, req.CreateUserLARequest.RemoteSourceName) if err != nil { return errors.WithStack(err) } if rs == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("remote source %q doesn't exist", req.CreateUserLARequest.RemoteSourceName)) } user, err := h.readDB.GetUserByLinkedAccountRemoteUserIDandSource(tx, req.CreateUserLARequest.RemoteUserID, rs.ID) if err != nil { return errors.Wrapf(err, "failed to get user for remote user id %q and remote source %q", req.CreateUserLARequest.RemoteUserID, rs.ID) } if user != nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user for remote user id %q for remote source %q already exists", req.CreateUserLARequest.RemoteUserID, req.CreateUserLARequest.RemoteSourceName)) } } return nil }) if err != nil { return nil, errors.WithStack(err) } user := &types.User{ ID: uuid.Must(uuid.NewV4()).String(), Name: req.UserName, Secret: util.EncodeSha1Hex(uuid.Must(uuid.NewV4()).String()), } if req.CreateUserLARequest != nil { if user.LinkedAccounts == nil { user.LinkedAccounts = make(map[string]*types.LinkedAccount) } la := &types.LinkedAccount{ ID: uuid.Must(uuid.NewV4()).String(), RemoteSourceID: rs.ID, RemoteUserID: req.CreateUserLARequest.RemoteUserID, RemoteUserName: req.CreateUserLARequest.RemoteUserName, UserAccessToken: req.CreateUserLARequest.UserAccessToken, Oauth2AccessToken: req.CreateUserLARequest.Oauth2AccessToken, Oauth2RefreshToken: req.CreateUserLARequest.Oauth2RefreshToken, Oauth2AccessTokenExpiresAt: req.CreateUserLARequest.Oauth2AccessTokenExpiresAt, } user.LinkedAccounts[la.ID] = la } userj, err := json.Marshal(user) if err != nil { return nil, errors.Wrapf(err, "failed to marshal user") } // create root user project group pg := &types.ProjectGroup{ ID: uuid.Must(uuid.NewV4()).String(), // use public visibility Visibility: types.VisibilityPublic, Parent: types.Parent{ Type: types.ConfigTypeUser, ID: user.ID, }, } pgj, err := json.Marshal(pg) if err != nil { return nil, errors.Wrapf(err, "failed to marshal project group") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeProjectGroup), ID: pg.ID, Data: pgj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return user, errors.WithStack(err) } func (h *ActionHandler) DeleteUser(ctx context.Context, userRef string) error { var user *types.User var cgt *datamanager.ChangeGroupsUpdateToken // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error // check user existance user, err = h.readDB.GetUser(tx, userRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", userRef)) } // changegroup is the userid cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)} cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } return nil }) if err != nil { return errors.WithStack(err) } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypeDelete, DataType: string(types.ConfigTypeUser), ID: user.ID, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return errors.WithStack(err) } type UpdateUserRequest struct { UserRef string UserName string } func (h *ActionHandler) UpdateUser(ctx context.Context, req *UpdateUserRequest) (*types.User, error) { var cgt *datamanager.ChangeGroupsUpdateToken cgNames := []string{} var user *types.User // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err = h.readDB.GetUser(tx, req.UserRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", req.UserRef)) } cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } if req.UserName != "" { // check duplicate user name u, err := h.readDB.GetUserByName(tx, req.UserName) if err != nil { return errors.WithStack(err) } if u != nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user with name %q already exists", u.Name)) } // changegroup is the username (and in future the email) to ensure no // concurrent user creation/modification using the same name cgNames = append(cgNames, util.EncodeSha256Hex("username-"+req.UserName)) } return nil }) if err != nil { return nil, errors.WithStack(err) } if req.UserName != "" { user.Name = req.UserName } userj, err := json.Marshal(user) if err != nil { return nil, errors.Wrapf(err, "failed to marshal user") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return user, errors.WithStack(err) } type CreateUserLARequest struct { UserRef string RemoteSourceName string RemoteUserID string RemoteUserName string UserAccessToken string Oauth2AccessToken string Oauth2RefreshToken string Oauth2AccessTokenExpiresAt time.Time } func (h *ActionHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequest) (*types.LinkedAccount, error) { if req.UserRef == "" { return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user ref required")) } if req.RemoteSourceName == "" { return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("remote source name required")) } var user *types.User var rs *types.RemoteSource var cgt *datamanager.ChangeGroupsUpdateToken // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err = h.readDB.GetUser(tx, req.UserRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", req.UserRef)) } // changegroup is the userid cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)} cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } rs, err = h.readDB.GetRemoteSourceByName(tx, req.RemoteSourceName) if err != nil { return errors.WithStack(err) } if rs == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("remote source %q doesn't exist", req.RemoteSourceName)) } user, err := h.readDB.GetUserByLinkedAccountRemoteUserIDandSource(tx, req.RemoteUserID, rs.ID) if err != nil { return errors.Wrapf(err, "failed to get user for remote user id %q and remote source %q", req.RemoteUserID, rs.ID) } if user != nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user for remote user id %q for remote source %q already exists", req.RemoteUserID, req.RemoteSourceName)) } return nil }) if err != nil { return nil, errors.WithStack(err) } if user.LinkedAccounts == nil { user.LinkedAccounts = make(map[string]*types.LinkedAccount) } la := &types.LinkedAccount{ ID: uuid.Must(uuid.NewV4()).String(), RemoteSourceID: rs.ID, RemoteUserID: req.RemoteUserID, RemoteUserName: req.RemoteUserName, UserAccessToken: req.UserAccessToken, Oauth2AccessToken: req.Oauth2AccessToken, Oauth2RefreshToken: req.Oauth2RefreshToken, Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt, } user.LinkedAccounts[la.ID] = la userj, err := json.Marshal(user) if err != nil { return nil, errors.Wrapf(err, "failed to marshal user") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return la, errors.WithStack(err) } func (h *ActionHandler) DeleteUserLA(ctx context.Context, userRef, laID string) error { if userRef == "" { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user ref required")) } if laID == "" { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user linked account id required")) } var user *types.User var cgt *datamanager.ChangeGroupsUpdateToken // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err = h.readDB.GetUser(tx, userRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", userRef)) } // changegroup is the userid cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)} cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } return nil }) if err != nil { return errors.WithStack(err) } _, ok := user.LinkedAccounts[laID] if !ok { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("linked account id %q for user %q doesn't exist", laID, userRef)) } delete(user.LinkedAccounts, laID) userj, err := json.Marshal(user) if err != nil { return errors.Wrapf(err, "failed to marshal user") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return errors.WithStack(err) } type UpdateUserLARequest struct { UserRef string LinkedAccountID string RemoteUserID string RemoteUserName string UserAccessToken string Oauth2AccessToken string Oauth2RefreshToken string Oauth2AccessTokenExpiresAt time.Time } func (h *ActionHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequest) (*types.LinkedAccount, error) { if req.UserRef == "" { return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("user ref required")) } var user *types.User var rs *types.RemoteSource var cgt *datamanager.ChangeGroupsUpdateToken // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err = h.readDB.GetUser(tx, req.UserRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", req.UserRef)) } // changegroup is the userid cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)} cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } la, ok := user.LinkedAccounts[req.LinkedAccountID] if !ok { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("linked account id %q for user %q doesn't exist", req.LinkedAccountID, user.Name)) } rs, err = h.readDB.GetRemoteSource(tx, la.RemoteSourceID) if err != nil { return errors.WithStack(err) } if rs == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("remote source with id %q doesn't exist", la.RemoteSourceID)) } return nil }) if err != nil { return nil, errors.WithStack(err) } la := user.LinkedAccounts[req.LinkedAccountID] la.RemoteUserID = req.RemoteUserID la.RemoteUserName = req.RemoteUserName la.UserAccessToken = req.UserAccessToken la.Oauth2AccessToken = req.Oauth2AccessToken la.Oauth2RefreshToken = req.Oauth2RefreshToken la.Oauth2AccessTokenExpiresAt = req.Oauth2AccessTokenExpiresAt userj, err := json.Marshal(user) if err != nil { return nil, errors.Wrapf(err, "failed to marshal user") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return la, errors.WithStack(err) } func (h *ActionHandler) CreateUserToken(ctx context.Context, userRef, tokenName string) (string, error) { if userRef == "" { return "", util.NewAPIError(util.ErrBadRequest, errors.Errorf("user ref required")) } if tokenName == "" { return "", util.NewAPIError(util.ErrBadRequest, errors.Errorf("token name required")) } var user *types.User var cgt *datamanager.ChangeGroupsUpdateToken // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err = h.readDB.GetUser(tx, userRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", userRef)) } // changegroup is the userid cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)} cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } return nil }) if err != nil { return "", errors.WithStack(err) } if user.Tokens != nil { if _, ok := user.Tokens[tokenName]; ok { return "", util.NewAPIError(util.ErrBadRequest, errors.Errorf("token %q for user %q already exists", tokenName, userRef)) } } if user.Tokens == nil { user.Tokens = make(map[string]string) } token := util.EncodeSha1Hex(uuid.Must(uuid.NewV4()).String()) user.Tokens[tokenName] = token userj, err := json.Marshal(user) if err != nil { return "", errors.Wrapf(err, "failed to marshal user") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return token, errors.WithStack(err) } func (h *ActionHandler) DeleteUserToken(ctx context.Context, userRef, tokenName string) error { if userRef == "" { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user ref required")) } if tokenName == "" { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("token name required")) } var user *types.User var cgt *datamanager.ChangeGroupsUpdateToken // must do all the checks in a single transaction to avoid concurrent changes err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err = h.readDB.GetUser(tx, userRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("user %q doesn't exist", userRef)) } // changegroup is the userid cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)} cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames) if err != nil { return errors.WithStack(err) } return nil }) if err != nil { return errors.WithStack(err) } _, ok := user.Tokens[tokenName] if !ok { return util.NewAPIError(util.ErrBadRequest, errors.Errorf("token %q for user %q doesn't exist", tokenName, userRef)) } delete(user.Tokens, tokenName) userj, err := json.Marshal(user) if err != nil { return errors.Wrapf(err, "failed to marshal user") } actions := []*datamanager.Action{ { ActionType: datamanager.ActionTypePut, DataType: string(types.ConfigTypeUser), ID: user.ID, Data: userj, }, } _, err = h.dm.WriteWal(ctx, actions, cgt) return errors.WithStack(err) } type UserOrgsResponse struct { Organization *types.Organization Role types.MemberRole } func userOrgsResponse(userOrg *readdb.UserOrg) *UserOrgsResponse { return &UserOrgsResponse{ Organization: userOrg.Organization, Role: userOrg.Role, } } func (h *ActionHandler) GetUserOrgs(ctx context.Context, userRef string) ([]*UserOrgsResponse, error) { var userOrgs []*readdb.UserOrg err := h.readDB.Do(ctx, func(tx *db.Tx) error { var err error user, err := h.readDB.GetUser(tx, userRef) if err != nil { return errors.WithStack(err) } if user == nil { return util.NewAPIError(util.ErrNotExist, errors.Errorf("user %q doesn't exist", userRef)) } userOrgs, err = h.readDB.GetUserOrgs(tx, user.ID) return errors.WithStack(err) }) if err != nil { return nil, errors.WithStack(err) } res := make([]*UserOrgsResponse, len(userOrgs)) for i, userOrg := range userOrgs { res[i] = userOrgsResponse(userOrg) } return res, nil }