2022-07-29 20:37:09 +02:00
|
|
|
package http
|
2022-05-05 08:58:34 +02:00
|
|
|
|
|
|
|
|
import (
|
2022-09-22 09:06:32 +02:00
|
|
|
"encoding/json"
|
2023-02-03 21:47:20 +01:00
|
|
|
"net/http"
|
2023-04-22 12:57:51 +02:00
|
|
|
"strconv"
|
2023-02-03 21:47:20 +01:00
|
|
|
|
2022-09-22 09:06:32 +02:00
|
|
|
"github.com/gorilla/mux"
|
2023-04-22 12:57:51 +02:00
|
|
|
log "github.com/sirupsen/logrus"
|
2023-02-28 15:01:24 +01:00
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
"github.com/netbirdio/netbird/management/server/http/api"
|
2022-11-11 20:36:45 +01:00
|
|
|
"github.com/netbirdio/netbird/management/server/http/util"
|
|
|
|
|
"github.com/netbirdio/netbird/management/server/status"
|
2022-05-05 08:58:34 +02:00
|
|
|
|
|
|
|
|
"github.com/netbirdio/netbird/management/server"
|
|
|
|
|
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-28 16:51:30 +01:00
|
|
|
// UsersHandler is a handler that returns users of the account
|
2023-02-28 15:46:08 +01:00
|
|
|
type UsersHandler struct {
|
2023-02-03 21:47:20 +01:00
|
|
|
accountManager server.AccountManager
|
|
|
|
|
claimsExtractor *jwtclaims.ClaimsExtractor
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-28 15:46:08 +01:00
|
|
|
// NewUsersHandler creates a new UsersHandler HTTP handler
|
|
|
|
|
func NewUsersHandler(accountManager server.AccountManager, authCfg AuthCfg) *UsersHandler {
|
|
|
|
|
return &UsersHandler{
|
2022-05-05 08:58:34 +02:00
|
|
|
accountManager: accountManager,
|
2023-02-03 21:47:20 +01:00
|
|
|
claimsExtractor: jwtclaims.NewClaimsExtractor(
|
|
|
|
|
jwtclaims.WithAudience(authCfg.Audience),
|
|
|
|
|
jwtclaims.WithUserIDClaim(authCfg.UserIDClaim),
|
|
|
|
|
),
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-22 09:06:32 +02:00
|
|
|
// UpdateUser is a PUT requests to update User data
|
2023-02-28 15:46:08 +01:00
|
|
|
func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
|
2022-09-22 09:06:32 +02:00
|
|
|
if r.Method != http.MethodPut {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
|
|
|
|
|
return
|
2022-09-22 09:06:32 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-03 21:47:20 +01:00
|
|
|
claims := h.claimsExtractor.FromRequestContext(r)
|
2023-01-02 15:11:32 +01:00
|
|
|
account, user, err := h.accountManager.GetAccountFromToken(claims)
|
2022-09-22 09:06:32 +02:00
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(err, w)
|
2022-09-22 09:06:32 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
2023-05-03 00:15:25 +02:00
|
|
|
userID := vars["userId"]
|
2022-09-22 09:06:32 +02:00
|
|
|
if len(userID) == 0 {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(status.Errorf(status.InvalidArgument, "invalid user ID"), w)
|
2022-09-22 09:06:32 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-01 11:04:17 +01:00
|
|
|
existingUser, ok := account.Users[userID]
|
|
|
|
|
if !ok {
|
|
|
|
|
util.WriteError(status.Errorf(status.NotFound, "couldn't find user with ID %s", userID), w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-03 00:15:25 +02:00
|
|
|
req := &api.PutApiUsersUserIdJSONRequestBody{}
|
2022-09-22 09:06:32 +02:00
|
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
|
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
|
2022-09-22 09:06:32 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-11 18:09:36 +02:00
|
|
|
if req.AutoGroups == nil {
|
|
|
|
|
util.WriteErrorResponse("auto_groups field can't be absent", http.StatusBadRequest, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-23 14:18:42 +02:00
|
|
|
userRole := server.StrRoleToUserRole(req.Role)
|
|
|
|
|
if userRole == server.UserRoleUnknown {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(status.Errorf(status.InvalidArgument, "invalid user role"), w)
|
2022-09-23 14:18:42 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-02 15:11:32 +01:00
|
|
|
newUser, err := h.accountManager.SaveUser(account.Id, user.Id, &server.User{
|
2023-11-01 11:04:17 +01:00
|
|
|
Id: userID,
|
|
|
|
|
Role: userRole,
|
|
|
|
|
AutoGroups: req.AutoGroups,
|
|
|
|
|
Blocked: req.IsBlocked,
|
|
|
|
|
Issued: existingUser.Issued,
|
|
|
|
|
IntegrationReference: existingUser.IntegrationReference,
|
2022-09-22 09:06:32 +02:00
|
|
|
})
|
2023-05-11 18:09:36 +02:00
|
|
|
|
2022-09-22 09:06:32 +02:00
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(err, w)
|
2022-09-22 09:06:32 +02:00
|
|
|
return
|
|
|
|
|
}
|
2023-02-03 21:47:20 +01:00
|
|
|
util.WriteJSONObject(w, toUserResponse(newUser, claims.UserId))
|
2022-09-22 09:06:32 +02:00
|
|
|
}
|
|
|
|
|
|
2023-11-28 14:23:38 +01:00
|
|
|
// DeleteUser is a DELETE request to delete a user
|
2023-04-22 12:57:51 +02:00
|
|
|
func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if r.Method != http.MethodDelete {
|
|
|
|
|
util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
claims := h.claimsExtractor.FromRequestContext(r)
|
|
|
|
|
account, user, err := h.accountManager.GetAccountFromToken(claims)
|
|
|
|
|
if err != nil {
|
|
|
|
|
util.WriteError(err, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
2023-05-03 00:15:25 +02:00
|
|
|
targetUserID := vars["userId"]
|
2023-04-22 12:57:51 +02:00
|
|
|
if len(targetUserID) == 0 {
|
|
|
|
|
util.WriteError(status.Errorf(status.InvalidArgument, "invalid user ID"), w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = h.accountManager.DeleteUser(account.Id, user.Id, targetUserID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
util.WriteError(err, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
util.WriteJSONObject(w, emptyObject{})
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-28 15:01:24 +01:00
|
|
|
// CreateUser creates a User in the system with a status "invited" (effectively this is a user invite).
|
2023-02-28 15:46:08 +01:00
|
|
|
func (h *UsersHandler) CreateUser(w http.ResponseWriter, r *http.Request) {
|
2022-10-13 18:26:31 +02:00
|
|
|
if r.Method != http.MethodPost {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
|
|
|
|
|
return
|
2022-10-13 18:26:31 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-03 21:47:20 +01:00
|
|
|
claims := h.claimsExtractor.FromRequestContext(r)
|
2023-01-02 15:11:32 +01:00
|
|
|
account, user, err := h.accountManager.GetAccountFromToken(claims)
|
2022-10-13 18:26:31 +02:00
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(err, w)
|
|
|
|
|
return
|
2022-10-13 18:26:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
req := &api.PostApiUsersJSONRequestBody{}
|
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&req)
|
|
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
|
2022-10-13 18:26:31 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if server.StrRoleToUserRole(req.Role) == server.UserRoleUnknown {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(status.Errorf(status.InvalidArgument, "unknown user role %s", req.Role), w)
|
2022-10-13 18:26:31 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-22 12:57:51 +02:00
|
|
|
email := ""
|
|
|
|
|
if req.Email != nil {
|
|
|
|
|
email = *req.Email
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-28 13:09:33 +01:00
|
|
|
name := ""
|
|
|
|
|
if req.Name != nil {
|
|
|
|
|
name = *req.Name
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-02 15:11:32 +01:00
|
|
|
newUser, err := h.accountManager.CreateUser(account.Id, user.Id, &server.UserInfo{
|
2023-04-22 12:57:51 +02:00
|
|
|
Email: email,
|
2023-11-28 13:09:33 +01:00
|
|
|
Name: name,
|
2023-04-22 12:57:51 +02:00
|
|
|
Role: req.Role,
|
|
|
|
|
AutoGroups: req.AutoGroups,
|
|
|
|
|
IsServiceUser: req.IsServiceUser,
|
2023-11-01 11:04:17 +01:00
|
|
|
Issued: server.UserIssuedAPI,
|
2022-10-13 18:26:31 +02:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(err, w)
|
2022-10-13 18:26:31 +02:00
|
|
|
return
|
|
|
|
|
}
|
2023-02-03 21:47:20 +01:00
|
|
|
util.WriteJSONObject(w, toUserResponse(newUser, claims.UserId))
|
2022-10-13 18:26:31 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-28 15:01:24 +01:00
|
|
|
// GetAllUsers returns a list of users of the account this user belongs to.
|
2022-05-05 08:58:34 +02:00
|
|
|
// It also gathers additional user data (like email and name) from the IDP manager.
|
2023-02-28 15:46:08 +01:00
|
|
|
func (h *UsersHandler) GetAllUsers(w http.ResponseWriter, r *http.Request) {
|
2022-05-05 08:58:34 +02:00
|
|
|
if r.Method != http.MethodGet {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
|
|
|
|
|
return
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-03 21:47:20 +01:00
|
|
|
claims := h.claimsExtractor.FromRequestContext(r)
|
2022-11-11 20:36:45 +01:00
|
|
|
account, user, err := h.accountManager.GetAccountFromToken(claims)
|
2022-05-05 08:58:34 +02:00
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(err, w)
|
2022-11-05 10:24:50 +01:00
|
|
|
return
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|
|
|
|
|
|
2022-11-05 10:24:50 +01:00
|
|
|
data, err := h.accountManager.GetUsersFromAccount(account.Id, user.Id)
|
2022-05-05 08:58:34 +02:00
|
|
|
if err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteError(err, w)
|
2022-05-05 08:58:34 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-22 12:57:51 +02:00
|
|
|
serviceUser := r.URL.Query().Get("service_user")
|
|
|
|
|
|
|
|
|
|
log.Debugf("UserCount: %v", len(data))
|
|
|
|
|
|
2022-10-13 18:26:31 +02:00
|
|
|
users := make([]*api.User, 0)
|
2022-05-21 17:27:04 +02:00
|
|
|
for _, r := range data {
|
2023-11-15 16:22:00 +01:00
|
|
|
if r.NonDeletable {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-04-22 12:57:51 +02:00
|
|
|
if serviceUser == "" {
|
|
|
|
|
users = append(users, toUserResponse(r, claims.UserId))
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-11-15 16:22:00 +01:00
|
|
|
|
2023-04-22 12:57:51 +02:00
|
|
|
includeServiceUser, err := strconv.ParseBool(serviceUser)
|
|
|
|
|
log.Debugf("Should include service user: %v", includeServiceUser)
|
|
|
|
|
if err != nil {
|
|
|
|
|
util.WriteError(status.Errorf(status.InvalidArgument, "invalid service_user query parameter"), w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if includeServiceUser == r.IsServiceUser {
|
|
|
|
|
users = append(users, toUserResponse(r, claims.UserId))
|
|
|
|
|
}
|
2022-05-21 17:27:04 +02:00
|
|
|
}
|
|
|
|
|
|
2022-11-11 20:36:45 +01:00
|
|
|
util.WriteJSONObject(w, users)
|
2022-05-21 17:27:04 +02:00
|
|
|
}
|
|
|
|
|
|
2023-07-03 12:20:19 +02:00
|
|
|
// InviteUser resend invitations to users who haven't activated their accounts,
|
|
|
|
|
// prior to the expiration period.
|
|
|
|
|
func (h *UsersHandler) InviteUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if r.Method != http.MethodPost {
|
|
|
|
|
util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
claims := h.claimsExtractor.FromRequestContext(r)
|
|
|
|
|
account, user, err := h.accountManager.GetAccountFromToken(claims)
|
|
|
|
|
if err != nil {
|
|
|
|
|
util.WriteError(err, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
|
targetUserID := vars["userId"]
|
|
|
|
|
if len(targetUserID) == 0 {
|
|
|
|
|
util.WriteError(status.Errorf(status.InvalidArgument, "invalid user ID"), w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = h.accountManager.InviteUser(account.Id, user.Id, targetUserID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
util.WriteError(err, w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
util.WriteJSONObject(w, emptyObject{})
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-03 21:47:20 +01:00
|
|
|
func toUserResponse(user *server.UserInfo, currenUserID string) *api.User {
|
2022-09-22 09:06:32 +02:00
|
|
|
autoGroups := user.AutoGroups
|
|
|
|
|
if autoGroups == nil {
|
|
|
|
|
autoGroups = []string{}
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-13 18:26:31 +02:00
|
|
|
var userStatus api.UserStatus
|
|
|
|
|
switch user.Status {
|
|
|
|
|
case "active":
|
|
|
|
|
userStatus = api.UserStatusActive
|
|
|
|
|
case "invited":
|
|
|
|
|
userStatus = api.UserStatusInvited
|
|
|
|
|
default:
|
2023-05-11 18:09:36 +02:00
|
|
|
userStatus = api.UserStatusBlocked
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user.IsBlocked {
|
|
|
|
|
userStatus = api.UserStatusBlocked
|
2022-10-13 18:26:31 +02:00
|
|
|
}
|
|
|
|
|
|
2023-02-03 21:47:20 +01:00
|
|
|
isCurrent := user.ID == currenUserID
|
2022-06-14 10:32:54 +02:00
|
|
|
return &api.User{
|
2023-04-22 12:57:51 +02:00
|
|
|
Id: user.ID,
|
|
|
|
|
Name: user.Name,
|
|
|
|
|
Email: user.Email,
|
|
|
|
|
Role: user.Role,
|
|
|
|
|
AutoGroups: autoGroups,
|
|
|
|
|
Status: userStatus,
|
|
|
|
|
IsCurrent: &isCurrent,
|
|
|
|
|
IsServiceUser: &user.IsServiceUser,
|
2023-05-11 18:09:36 +02:00
|
|
|
IsBlocked: user.IsBlocked,
|
2023-08-18 19:23:11 +02:00
|
|
|
LastLogin: &user.LastLogin,
|
2023-11-01 11:04:17 +01:00
|
|
|
Issued: &user.Issued,
|
2022-05-21 17:27:04 +02:00
|
|
|
}
|
2022-05-05 08:58:34 +02:00
|
|
|
}
|
