fleet/server/kolide/users.go

package kolide

import (
	"fmt"
	"time"

	"golang.org/x/crypto/bcrypt"
	"golang.org/x/net/context"
)

// UserStore contains methods for managing users in a datastore
type UserStore interface {
	NewUser(user *User) (*User, error)
	User(username string) (*User, error)
	Users() ([]*User, error)
	UserByEmail(email string) (*User, error)
	UserByID(id uint) (*User, error)
	SaveUser(user *User) error
}

// UserService contains methods for managing a Kolide User
type UserService interface {
	// NewUser creates a new User from a request Payload
	NewUser(ctx context.Context, p UserPayload) (user *User, err error)

	// User returns a valid User given a User ID
	User(ctx context.Context, id uint) (user *User, err error)

	// AuthenticatedUser returns the current user
	// from the viewer context
	AuthenticatedUser(ctx context.Context) (user *User, err error)

	// Users returns all users
	Users(ctx context.Context) (users []*User, err error)

	// RequestPasswordReset generates a password reset request for
	// a user. The request results in a token emailed to the user.
	// If the person making the request is an admin the AdminForcedPasswordReset
	// parameter is enabled instead of sending an email with a password reset token
	RequestPasswordReset(ctx context.Context, email string) (err error)

	// ResetPassword validate a password reset token and updates
	// a user's password
	ResetPassword(ctx context.Context, token, password string) (err error)

	// ModifyUser updates a user's parameters given a UserPayload
	ModifyUser(ctx context.Context, userID uint, p UserPayload) (user *User, err error)
}

// User is the model struct which represents a kolide user
type User struct {
	ID                       uint `gorm:"primary_key"`
	CreatedAt                time.Time
	UpdatedAt                time.Time
	Username                 string `gorm:"not null;unique_index:idx_user_unique_username"`
	Password                 []byte `gorm:"not null"`
	Salt                     string `gorm:"not null"`
	Name                     string
	Email                    string `gorm:"not null;unique_index:idx_user_unique_email"`
	Admin                    bool   `gorm:"not null"`
	Enabled                  bool   `gorm:"not null"`
	AdminForcedPasswordReset bool
	GravatarURL              string
	Position                 string // job role
}

// UserPayload is used to modify an existing user
type UserPayload struct {
	Username                 *string `json:"username"`
	Name                     *string `json:"name"`
	Email                    *string `json:"email"`
	Admin                    *bool   `json:"admin"`
	Enabled                  *bool   `json:"enabled"`
	AdminForcedPasswordReset *bool   `json:"force_password_reset"`
	Password                 *string `json:"password"`
	GravatarURL              *string `json:"gravatar_url"`
	Position                 *string `json:"position"`
}

// ValidatePassword accepts a potential password for a given user and attempts
// to validate it against the hash stored in the database after joining the
// supplied password with the stored password salt
func (u *User) ValidatePassword(password string) error {
	saltAndPass := []byte(fmt.Sprintf("%s%s", password, u.Salt))
	return bcrypt.CompareHashAndPassword(u.Password, saltAndPass)
}
Domain Types (#83) * create datastore package with New func to create a db connection * separate creating a user object from saving to db temporarily pass db around through gin context to compile app main should create the datastore and pass it in to http handler explicitly instead * create datastore from config params * move gorm specific code to gorm.go * re-export app.NewUser * test new user * add User() method for getting a user temporary, the API will improve once I add filters refactor test func to use sqlite by default and mysql if available * add save user * move some users tests to datastore, temporarily remove user tests from app * add EnrollHost and test * move enrollhost to datastore * all enrollment tests now in datastore * add datastore_test for re-enroll * it compiles now... * move other interfaces to models * start wrapping errors in database error * add tests for campaign * move users to package kolide * move hosts and passwordrequests * package kolide * moving all types to package kolide * making new osquery endpoints use groob's new pattern 2016-08-18 21:16:44 +00:00			`package kolide`

			`import (`
			`"fmt"`
			`"time"`

			`"golang.org/x/crypto/bcrypt"`
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml 2016-09-04 05:13:42 +00:00			`"golang.org/x/net/context"`
Domain Types (#83) * create datastore package with New func to create a db connection * separate creating a user object from saving to db temporarily pass db around through gin context to compile app main should create the datastore and pass it in to http handler explicitly instead * create datastore from config params * move gorm specific code to gorm.go * re-export app.NewUser * test new user * add User() method for getting a user temporary, the API will improve once I add filters refactor test func to use sqlite by default and mysql if available * add save user * move some users tests to datastore, temporarily remove user tests from app * add EnrollHost and test * move enrollhost to datastore * all enrollment tests now in datastore * add datastore_test for re-enroll * it compiles now... * move other interfaces to models * start wrapping errors in database error * add tests for campaign * move users to package kolide * move hosts and passwordrequests * package kolide * moving all types to package kolide * making new osquery endpoints use groob's new pattern 2016-08-18 21:16:44 +00:00			`)`

			`// UserStore contains methods for managing users in a datastore`
			`type UserStore interface {`
			`NewUser(user User) (User, error)`
			`User(username string) (*User, error)`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00			`Users() ([]*User, error)`
			`UserByEmail(email string) (*User, error)`
Domain Types (#83) * create datastore package with New func to create a db connection * separate creating a user object from saving to db temporarily pass db around through gin context to compile app main should create the datastore and pass it in to http handler explicitly instead * create datastore from config params * move gorm specific code to gorm.go * re-export app.NewUser * test new user * add User() method for getting a user temporary, the API will improve once I add filters refactor test func to use sqlite by default and mysql if available * add save user * move some users tests to datastore, temporarily remove user tests from app * add EnrollHost and test * move enrollhost to datastore * all enrollment tests now in datastore * add datastore_test for re-enroll * it compiles now... * move other interfaces to models * start wrapping errors in database error * add tests for campaign * move users to package kolide * move hosts and passwordrequests * package kolide * moving all types to package kolide * making new osquery endpoints use groob's new pattern 2016-08-18 21:16:44 +00:00			`UserByID(id uint) (*User, error)`
			`SaveUser(user *User) error`
			`}`

Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00			`// UserService contains methods for managing a Kolide User`
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml 2016-09-04 05:13:42 +00:00			`type UserService interface {`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00			`// NewUser creates a new User from a request Payload`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`NewUser(ctx context.Context, p UserPayload) (user *User, err error)`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00
			`// User returns a valid User given a User ID`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`User(ctx context.Context, id uint) (user *User, err error)`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00
Add /me route (#177) * i like how I wrote this to never call svc direcly * rename func * apparently not everywhere * add service method for authenticated user * oops forgot to check this in 2016-09-16 04:35:52 +00:00			`// AuthenticatedUser returns the current user`
			`// from the viewer context`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`AuthenticatedUser(ctx context.Context) (user *User, err error)`
Add /me route (#177) * i like how I wrote this to never call svc direcly * rename func * apparently not everywhere * add service method for authenticated user * oops forgot to check this in 2016-09-16 04:35:52 +00:00
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00			`// Users returns all users`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`Users(ctx context.Context) (users []*User, err error)`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00
			`// RequestPasswordReset generates a password reset request for`
			`// a user. The request results in a token emailed to the user.`
			`// If the person making the request is an admin the AdminForcedPasswordReset`
			`// parameter is enabled instead of sending an email with a password reset token`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`RequestPasswordReset(ctx context.Context, email string) (err error)`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00
			`// ResetPassword validate a password reset token and updates`
			`// a user's password`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`ResetPassword(ctx context.Context, token, password string) (err error)`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00
			`// ModifyUser updates a user's parameters given a UserPayload`
add prometheus endpoint (#236) generate metrics for Users, Appconfig and Session services 2016-09-28 11:35:15 +00:00			`ModifyUser(ctx context.Context, userID uint, p UserPayload) (user *User, err error)`
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml 2016-09-04 05:13:42 +00:00			`}`

Domain Types (#83) * create datastore package with New func to create a db connection * separate creating a user object from saving to db temporarily pass db around through gin context to compile app main should create the datastore and pass it in to http handler explicitly instead * create datastore from config params * move gorm specific code to gorm.go * re-export app.NewUser * test new user * add User() method for getting a user temporary, the API will improve once I add filters refactor test func to use sqlite by default and mysql if available * add save user * move some users tests to datastore, temporarily remove user tests from app * add EnrollHost and test * move enrollhost to datastore * all enrollment tests now in datastore * add datastore_test for re-enroll * it compiles now... * move other interfaces to models * start wrapping errors in database error * add tests for campaign * move users to package kolide * move hosts and passwordrequests * package kolide * moving all types to package kolide * making new osquery endpoints use groob's new pattern 2016-08-18 21:16:44 +00:00			`// User is the model struct which represents a kolide user`
			`type User struct {`
Update user properties (#143) * renamed NeedsPasswordReset field for clarity This field was not obvious when it should be set or checked. This makes it a bit more obious. The property should only be set if the password request was requested by an admin. Having this property checked should - invalidate current user auth token - force user to reset password on their next login - NOT send a password reset email * add GravatarURL property we considered uploading and storing an image url in the future as well * Add a user property to save the user's job role/position 2016-09-08 22:57:05 +00:00			ID uint `gorm:"primary_key"`
			`CreatedAt time.Time`
			`UpdatedAt time.Time`
			Username string `gorm:"not null;unique_index:idx_user_unique_username"`
			Password []byte `gorm:"not null"`
			Salt string `gorm:"not null"`
			`Name string`
			Email string `gorm:"not null;unique_index:idx_user_unique_email"`
			Admin bool `gorm:"not null"`
			Enabled bool `gorm:"not null"`
			`AdminForcedPasswordReset bool`
			`GravatarURL string`
			`Position string // job role`
Domain Types (#83) * create datastore package with New func to create a db connection * separate creating a user object from saving to db temporarily pass db around through gin context to compile app main should create the datastore and pass it in to http handler explicitly instead * create datastore from config params * move gorm specific code to gorm.go * re-export app.NewUser * test new user * add User() method for getting a user temporary, the API will improve once I add filters refactor test func to use sqlite by default and mysql if available * add save user * move some users tests to datastore, temporarily remove user tests from app * add EnrollHost and test * move enrollhost to datastore * all enrollment tests now in datastore * add datastore_test for re-enroll * it compiles now... * move other interfaces to models * start wrapping errors in database error * add tests for campaign * move users to package kolide * move hosts and passwordrequests * package kolide * moving all types to package kolide * making new osquery endpoints use groob's new pattern 2016-08-18 21:16:44 +00:00			`}`

go-kit server layout 2016-08-28 03:59:17 +00:00			`// UserPayload is used to modify an existing user`
			`type UserPayload struct {`
Update user properties (#143) * renamed NeedsPasswordReset field for clarity This field was not obvious when it should be set or checked. This makes it a bit more obious. The property should only be set if the password request was requested by an admin. Having this property checked should - invalidate current user auth token - force user to reset password on their next login - NOT send a password reset email * add GravatarURL property we considered uploading and storing an image url in the future as well * Add a user property to save the user's job role/position 2016-09-08 22:57:05 +00:00			Username *string `json:"username"`
			Name *string `json:"name"`
			Email *string `json:"email"`
			Admin *bool `json:"admin"`
			Enabled *bool `json:"enabled"`
			AdminForcedPasswordReset *bool `json:"force_password_reset"`
			Password *string `json:"password"`
Update users service (#156) Closes #144 #145 #160 Implements PATCH method on user and endpoint middleware for authnz Implements `reset_password` (with token) and `forgot_password` endpoints Added godoc comments for UserService interface Shift to using testify/assert in test code Multiple fixes/changes to the UserService API 2016-09-15 14:52:17 +00:00			GravatarURL *string `json:"gravatar_url"`
			Position *string `json:"position"`
Domain Types (#83) * create datastore package with New func to create a db connection * separate creating a user object from saving to db temporarily pass db around through gin context to compile app main should create the datastore and pass it in to http handler explicitly instead * create datastore from config params * move gorm specific code to gorm.go * re-export app.NewUser * test new user * add User() method for getting a user temporary, the API will improve once I add filters refactor test func to use sqlite by default and mysql if available * add save user * move some users tests to datastore, temporarily remove user tests from app * add EnrollHost and test * move enrollhost to datastore * all enrollment tests now in datastore * add datastore_test for re-enroll * it compiles now... * move other interfaces to models * start wrapping errors in database error * add tests for campaign * move users to package kolide * move hosts and passwordrequests * package kolide * moving all types to package kolide * making new osquery endpoints use groob's new pattern 2016-08-18 21:16:44 +00:00			`}`

			`// ValidatePassword accepts a potential password for a given user and attempts`
			`// to validate it against the hash stored in the database after joining the`
			`// supplied password with the stored password salt`
			`func (u *User) ValidatePassword(password string) error {`
			`saltAndPass := []byte(fmt.Sprintf("%s%s", password, u.Salt))`
			`return bcrypt.CompareHashAndPassword(u.Password, saltAndPass)`
			`}`