admin: Allow impersonation and deactivation
This commit is contained in:
Tom Wiesing
parent
2384ee0841
commit
7d0fb60d67
6 changed files with 74 additions and 5 deletions
|
|
@ -30,6 +30,7 @@ type UserPanel struct {
|
|||
|
||||
var (
|
||||
_ component.Routeable = (*UserPanel)(nil)
|
||||
_ component.Menuable = (*UserPanel)(nil)
|
||||
)
|
||||
|
||||
func (panel *UserPanel) Routes() component.Routes {
|
||||
|
|
@ -37,9 +38,18 @@ func (panel *UserPanel) Routes() component.Routes {
|
|||
Prefix: "/user/",
|
||||
CSRF: true,
|
||||
Decorator: panel.Dependencies.Auth.Require(nil),
|
||||
}
|
||||
}
|
||||
|
||||
MenuPriority: component.MenuUser,
|
||||
MenuTitle: "User",
|
||||
func (panel *UserPanel) Menu(r *http.Request) []component.MenuItem {
|
||||
title := "Login"
|
||||
|
||||
user, err := panel.Dependencies.Auth.UserOf(r)
|
||||
if user != nil && err == nil {
|
||||
title = user.User.User
|
||||
}
|
||||
return []component.MenuItem{
|
||||
{Title: title, Priority: component.MenuUser, Path: "/user/"},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,11 @@
|
|||
{{ template "_base.html" . }}
|
||||
{{ define "title" }}User{{ end }}
|
||||
{{ define "title" }}{{ .User.User }}{{ end }}
|
||||
|
||||
{{ define "content" }}
|
||||
<div class="pure-u-1">
|
||||
<p>
|
||||
<ul>
|
||||
<li>Username: <code>{{ .User.User }}</code></li>
|
||||
{{ if .User.IsAdmin }}
|
||||
<li>Role: <b>Administrator</b></li>
|
||||
{{ else }}
|
||||
|
|
|
|||
|
|
@ -109,6 +109,8 @@ func (admin *Admin) HandleRoute(ctx context.Context, route string) (handler http
|
|||
router.Handler(http.MethodPost, route+"users/disabletotp", admin.usersDisableTOTPHandler(ctx))
|
||||
router.Handler(http.MethodPost, route+"users/password", admin.usersPasswordHandler(ctx))
|
||||
router.Handler(http.MethodPost, route+"users/toggleadmin", admin.usersToggleAdmin(ctx))
|
||||
router.Handler(http.MethodPost, route+"users/impersonate", admin.usersImpersonateHandler(ctx))
|
||||
router.Handler(http.MethodPost, route+"users/unsetpassword", admin.usersUnsetPasswordHandler(ctx))
|
||||
|
||||
// add a handler for the component page
|
||||
router.Handler(http.MethodGet, route+"components", httpx.HTMLHandler[componentContext]{
|
||||
|
|
|
|||
|
|
@ -25,6 +25,9 @@
|
|||
<th>
|
||||
Enabled
|
||||
</th>
|
||||
<th>
|
||||
Has Password
|
||||
</th>
|
||||
<th>
|
||||
Admin
|
||||
</th>
|
||||
|
|
@ -44,8 +47,10 @@
|
|||
{{ .User.User }}
|
||||
</td>
|
||||
<td>
|
||||
{{ .User.IsEnabled }}
|
||||
|
||||
{{ .User.IsEnabled }}
|
||||
</td>
|
||||
<td>
|
||||
{{ .User.HasPassword }}
|
||||
</td>
|
||||
<td>
|
||||
{{ .User.IsAdmin }}
|
||||
|
|
@ -66,6 +71,11 @@
|
|||
<input type="submit" class="pure-button" value="Update Password">
|
||||
{{ $csrf }}
|
||||
</form>
|
||||
<form action="/admin/users/unsetpassword" method="POST" class="pure-form-group">
|
||||
<input type="hidden" name="user" value="{{ .User.User }}">
|
||||
<input type="submit" class="pure-button" value="Unset Password">
|
||||
{{ $csrf }}
|
||||
</form>
|
||||
<form action="/admin/users/disable" method="POST" class="pure-form-group">
|
||||
<input type="hidden" name="user" value="{{ .User.User }}">
|
||||
<input type="submit" class="pure-button" {{ if (not .User.IsEnabled) }}disabled{{ end }} value="Disable">
|
||||
|
|
@ -81,6 +91,11 @@
|
|||
<input type="submit" class="pure-button pure-button-danger" value="Delete">
|
||||
{{ $csrf }}
|
||||
</form>
|
||||
<form action="/admin/users/impersonate" method="POST" class="pure-form-group">
|
||||
<input type="hidden" name="user" value="{{ .User.User }}">
|
||||
<input type="submit" class="pure-button" {{ if (not .User.IsEnabled) }}disabled{{ end }} value="Impersonate">
|
||||
{{ $csrf }}
|
||||
</form>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -219,3 +219,40 @@ func (admin *Admin) usersPasswordHandler(ctx context.Context) http.Handler {
|
|||
return user.SetPassword(r.Context(), []byte(password))
|
||||
})
|
||||
}
|
||||
|
||||
func (admin *Admin) usersUnsetPasswordHandler(ctx context.Context) http.Handler {
|
||||
return admin.useraction(ctx, "unset password", func(r *http.Request, user *auth.AuthUser) error {
|
||||
user.PasswordHash = nil
|
||||
return user.Save(r.Context())
|
||||
})
|
||||
}
|
||||
|
||||
func (admin *Admin) usersImpersonateHandler(ctx context.Context) http.Handler {
|
||||
logger := zerolog.Ctx(ctx)
|
||||
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if err := r.ParseForm(); err != nil {
|
||||
logger.Err(err).Str("action", "impersonate").Msg("failed to parse form")
|
||||
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
username := r.PostFormValue("user")
|
||||
user, err := admin.Dependencies.Auth.User(r.Context(), username)
|
||||
if err != nil {
|
||||
logger.Err(err).Str("action", "impersonate").Msg("failed to get user")
|
||||
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// login the user into the session of the provided user
|
||||
if err := admin.Dependencies.Auth.Login(w, r, user); err != nil {
|
||||
logger.Err(err).Str("action", "impersonate").Msg("failed to login user")
|
||||
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// and go there
|
||||
http.Redirect(w, r, "/user/", http.StatusSeeOther)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,10 @@ type User struct {
|
|||
Admin *bool `gorm:"column:admin;not null"`
|
||||
}
|
||||
|
||||
func (user *User) HasPassword() bool {
|
||||
return len(user.PasswordHash) != 0
|
||||
}
|
||||
|
||||
func (user *User) IsAdmin() bool {
|
||||
return user.Admin != nil && *user.Admin
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue