2016-09-26 18:48:55 +00:00
|
|
|
package service
|
2016-08-28 03:59:17 +00:00
|
|
|
|
|
|
|
|
import (
|
2017-03-15 15:55:30 +00:00
|
|
|
"context"
|
2016-08-28 03:59:17 +00:00
|
|
|
|
2022-12-21 17:30:19 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/authz"
|
2021-11-22 14:13:26 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
|
2023-04-05 18:23:49 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/contexts/license"
|
2021-06-26 04:46:51 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/ptr"
|
2016-08-28 03:59:17 +00:00
|
|
|
)
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) CreateInitialUser(ctx context.Context, p fleet.UserPayload) (*fleet.User, error) {
|
2021-06-03 23:24:15 +00:00
|
|
|
// skipauth: Only the initial user creation should be allowed to skip
|
|
|
|
|
// authorization (because there is not yet a user context to check against).
|
|
|
|
|
svc.authz.SkipAuthorization(ctx)
|
|
|
|
|
|
|
|
|
|
setupRequired, err := svc.SetupRequired(ctx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !setupRequired {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, ctxerr.New(ctx, "a user already exists")
|
2021-06-03 23:24:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Initial user should be global admin with no explicit teams
|
2021-06-06 22:07:29 +00:00
|
|
|
p.GlobalRole = ptr.String(fleet.RoleAdmin)
|
2021-06-03 23:24:15 +00:00
|
|
|
p.Teams = nil
|
|
|
|
|
|
2022-08-15 17:42:33 +00:00
|
|
|
return svc.NewUser(ctx, p)
|
2016-11-09 17:19:07 +00:00
|
|
|
}
|
|
|
|
|
|
2022-08-15 17:42:33 +00:00
|
|
|
func (svc *Service) NewUser(ctx context.Context, p fleet.UserPayload) (*fleet.User, error) {
|
2023-04-05 18:23:49 +00:00
|
|
|
license, _ := license.FromContext(ctx)
|
|
|
|
|
if license == nil {
|
|
|
|
|
return nil, ctxerr.New(ctx, "license not found")
|
|
|
|
|
}
|
2023-04-12 19:11:04 +00:00
|
|
|
if err := fleet.ValidateUserRoles(true, p, *license); err != nil {
|
2023-04-05 18:23:49 +00:00
|
|
|
return nil, ctxerr.Wrap(ctx, err, "validate role")
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-09 17:19:07 +00:00
|
|
|
user, err := p.User(svc.config.Auth.SaltKeySize, svc.config.Auth.BcryptCost)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-05-18 17:03:00 +00:00
|
|
|
|
2021-09-14 12:11:07 +00:00
|
|
|
user, err = svc.ds.NewUser(ctx, user)
|
2016-09-29 02:44:05 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-12-21 17:30:19 +00:00
|
|
|
|
|
|
|
|
adminUser := authz.UserFromContext(ctx)
|
|
|
|
|
if adminUser == nil {
|
|
|
|
|
// In case of invites the user created herself.
|
|
|
|
|
adminUser = user
|
|
|
|
|
}
|
|
|
|
|
if err := svc.ds.NewActivity(
|
|
|
|
|
ctx,
|
|
|
|
|
adminUser,
|
2022-12-23 16:05:16 +00:00
|
|
|
fleet.ActivityTypeCreatedUser{
|
|
|
|
|
UserID: user.ID,
|
|
|
|
|
UserName: user.Name,
|
|
|
|
|
UserEmail: user.Email,
|
|
|
|
|
},
|
2022-12-21 17:30:19 +00:00
|
|
|
); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-03-01 23:18:40 +00:00
|
|
|
if err := fleet.LogRoleChangeActivities(ctx, svc.ds, adminUser, nil, nil, user); err != nil {
|
2022-12-21 17:30:19 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-28 03:59:17 +00:00
|
|
|
return user, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func (svc *Service) UserUnauthorized(ctx context.Context, id uint) (*fleet.User, error) {
|
2021-06-03 23:24:15 +00:00
|
|
|
// Explicitly no authorization check. Should only be used by middleware.
|
2021-09-14 12:11:07 +00:00
|
|
|
return svc.ds.UserByID(ctx, id)
|
2016-08-29 00:29:56 +00:00
|
|
|
}
|
