Gestion des utilisateurs

2025-01-02 21:18:56 +01:00 · 2025-01-02 21:18:56 +01:00 · 9d25ca20df
commit 9d25ca20df
parent 157c33227e
14 changed files with 576 additions and 26 deletions
--- a/controllers/lists.go
+++ b/controllers/lists.go
@ -45,7 +45,7 @@ func ListShow(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -122,7 +122,7 @@ func ListEdit(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -191,7 +191,7 @@ func ListDelete(c *fiber.Ctx) error {

 	result := db.Delete(&models.List{}, id)
 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	return c.Redirect("/admin/lists")
@ -213,7 +213,7 @@ func ListItemAdd(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -285,7 +285,7 @@ func ListItemEdit(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	var listItem models.ListItem
@ -296,7 +296,7 @@ func ListItemEdit(c *fiber.Ctx) error {
 	}

 	if result2.Error != nil {
-		return err
+		return result2.Error
 	}

 	title := fmt.Sprintf(
@ -364,12 +364,12 @@ func ListItemDelete(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	result2 := db.Delete(&models.ListItem{}, itemid)
 	if result2.Error != nil {
-		return err
+		return result2.Error
 	}

 	return c.Redirect(fmt.Sprintf(
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@ -28,10 +28,10 @@ func TotpEnrollPage(c *fiber.Ctx) error {
 	result := db.First(&user, "id = ?", userid)

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

-	if user.TotpSercet.Valid {
+	if user.TotpSecret.Valid {
 		return fiber.NewError(fiber.StatusForbidden, "Forbidden")
 	}

@ -79,7 +79,7 @@ func TotpEnrollPage(c *fiber.Ctx) error {
 	if c.Method() == "POST" {
 		otp := c.FormValue("otp")
 		if totp.Validate(otp, key.Secret()) {
-			err = user.TotpSercet.Scan(key.Secret())
+			err = user.TotpSecret.Scan(key.Secret())
 			if err != nil {
 				return err
 			}
@ -152,17 +152,17 @@ func TotpVerifyPage(c *fiber.Ctx) error {
 	result := db.First(&user, "id = ?", userid)

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

-	if !user.TotpSercet.Valid {
+	if !user.TotpSecret.Valid {
 		return fiber.NewError(fiber.StatusForbidden, "Forbidden")
 	}

 	var mfaError string
 	if c.Method() == "POST" {
 		otp := c.FormValue("otp")
-		if totp.Validate(otp, user.TotpSercet.String) {
+		if totp.Validate(otp, user.TotpSecret.String) {
 			redirectId := c.Query("redirect")
 			redirectUrl := "/"

--- a/controllers/roles.go
+++ b/controllers/roles.go
@ -45,7 +45,7 @@ func RoleShow(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -134,7 +134,7 @@ func RoleEdit(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -203,7 +203,7 @@ func RoleDelete(c *fiber.Ctx) error {

 	result := db.Delete(&models.Role{}, id)
 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	return c.Redirect("/admin/roles")
--- a/controllers/sections.go
+++ b/controllers/sections.go
@ -46,7 +46,7 @@ func SectionShow(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -143,7 +143,7 @@ func SectionEdit(c *fiber.Ctx) error {
 	}

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	title := fmt.Sprintf(
@ -220,7 +220,7 @@ func SectionDelete(c *fiber.Ctx) error {

 	result := db.Delete(&models.Section{}, id)
 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	return c.Redirect("/admin/sections")
--- a/controllers/users.go
+++ b/controllers/users.go
@ -0,0 +1,281 @@
+package controllers
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+
+	"git.readonly.ch/bouzoure/popvaud-people/helpers"
+	"git.readonly.ch/bouzoure/popvaud-people/models"
+	"github.com/go-playground/validator"
+	"github.com/gofiber/fiber/v2"
+	"gorm.io/gorm"
+)
+
+type UserValidation struct {
+	Email    string `validate:"required,min=6,max=100,email"`
+	Name     string `validate:"required,min=2,max=100"`
+	Password string `validate:"required,min=10,max=100"`
+}
+
+func Users(c *fiber.Ctx) error {
+	db, err := helpers.GetDatabase()
+	if err != nil {
+		return err
+	}
+
+	var users []models.User
+	result := db.Order("name collate nocase asc").Find(&users)
+
+	if result.Error != nil && !errors.Is(result.Error, gorm.ErrRecordNotFound) {
+		return err
+	}
+
+	return c.Render("users", fiber.Map{
+		"PageTitle": "Utilisateurs",
+		"Users":     users,
+	})
+}
+
+func UserShow(c *fiber.Ctx) error {
+	id := c.Params("id")
+
+	db, err := helpers.GetDatabase()
+	if err != nil {
+		return err
+	}
+
+	var user models.User
+	result := db.Find(&user, "id = ?", id)
+
+	if errors.Is(result.Error, gorm.ErrRecordNotFound) {
+		return fiber.NewError(fiber.StatusNotFound, "Not found")
+	}
+
+	if result.Error != nil {
+		return result.Error
+	}
+
+	title := fmt.Sprintf(
+		"%s | Utilisateurs",
+		user.Name,
+	)
+
+	return c.Render("user", fiber.Map{
+		"PageTitle": title,
+		"User":      user,
+	})
+}
+
+func UserAdd(c *fiber.Ctx) error {
+	var user models.User
+	var errors []string
+
+	db, err := helpers.GetDatabase()
+	if err != nil {
+		return err
+	}
+
+	if c.Method() == "POST" {
+		data := UserValidation{
+			Email:    c.FormValue("email"),
+			Name:     c.FormValue("name"),
+			Password: c.FormValue("password"),
+		}
+
+		validate := validator.New()
+		validErrs := validate.Struct(data)
+
+		if validErrs != nil {
+			for _, validErr := range validErrs.(validator.ValidationErrors) {
+				switch validErr.Field() {
+				case "Email":
+					errors = append(errors, "L'adresse email doit être valide")
+				case "Name":
+					errors = append(errors, "Le nom doit contenir entre 2 et 100 caractères")
+				case "Password":
+					errors = append(errors, "Le mot de passe doit contenir entre 10 et 100 caractères")
+				}
+			}
+		}
+
+		user.Name = data.Name
+		user.Email = data.Email
+
+		passwordHash, err := helpers.HashPassword(data.Password)
+		if err != nil {
+			return err
+		}
+
+		user.Password = passwordHash
+		user.SkipWelcome = false
+
+		user.IsAdmin = (c.FormValue("is_admin") == "on")
+
+		if len(errors) == 0 {
+			result := db.Create(&user)
+			if result.Error != nil {
+				return result.Error
+			} else {
+				c.Redirect(fmt.Sprintf(
+					"/admin/users/%d",
+					user.ID,
+				))
+			}
+		}
+	}
+
+	return c.Render("user_form", fiber.Map{
+		"PageTitle": "Ajouter un utilisateur",
+		"User":      user,
+		"Errors":    errors,
+	})
+}
+
+func UserEdit(c *fiber.Ctx) error {
+	id := c.Params("id")
+
+	db, err := helpers.GetDatabase()
+	if err != nil {
+		return err
+	}
+
+	var user models.User
+	result := db.Find(&user, "id = ?", id)
+
+	if errors.Is(result.Error, gorm.ErrRecordNotFound) {
+		return fiber.NewError(fiber.StatusNotFound, "Not found")
+	}
+
+	if result.Error != nil {
+		return result.Error
+	}
+
+	title := fmt.Sprintf(
+		"%s | Modifier utilisateur",
+		user.Name,
+	)
+
+	var errors []string
+	if c.Method() == "POST" {
+		data := UserValidation{
+			Email:    c.FormValue("email"),
+			Name:     c.FormValue("name"),
+			Password: c.FormValue("password"),
+		}
+
+		validate := validator.New()
+		validErrs := validate.Struct(data)
+
+		if validErrs != nil {
+			for _, validErr := range validErrs.(validator.ValidationErrors) {
+				switch validErr.Field() {
+				case "Email":
+					errors = append(errors, "L'adresse email doit être valide")
+				case "Name":
+					errors = append(errors, "Le nom doit contenir entre 2 et 100 caractères")
+				case "Password":
+					if len(data.Password) > 0 {
+						errors = append(errors, "Le mot de passe doit contenir entre 10 et 100 caractères")
+					}
+				}
+			}
+		}
+
+		user.Name = data.Name
+		user.Email = data.Email
+
+		if len(data.Password) > 0 {
+			passwordHash, err := helpers.HashPassword(data.Password)
+			if err != nil {
+				return err
+			}
+
+			user.Password = passwordHash
+			user.SkipWelcome = false
+		}
+
+		if c.FormValue("reset_totp") == "on" {
+			user.TotpSecret.Valid = false
+		}
+
+		user.IsAdmin = (c.FormValue("is_admin") == "on")
+
+		var users []models.User
+		result := db.Find(&users, "is_admin = ?", true)
+		if result.Error != nil {
+			return result.Error
+		}
+
+		if !user.IsAdmin && result.RowsAffected < 2 {
+			errors = append(errors, "Il doit y avoir au moins un administrateur")
+		}
+
+		if len(errors) == 0 {
+			result2 := db.Save(&user)
+			if result2.Error != nil {
+				return result2.Error
+			} else {
+				c.Redirect(fmt.Sprintf(
+					"/admin/users/%d",
+					user.ID,
+				))
+			}
+		}
+	}
+
+	return c.Render("user_form", fiber.Map{
+		"PageTitle": title,
+		"User":      user,
+		"Errors":    errors,
+	})
+}
+
+func UserDelete(c *fiber.Ctx) error {
+	id := c.Params("id")
+
+	sess, err := helpers.GetSessionStore(c)
+	if err != nil {
+		return err
+	}
+
+	deleteUser, err := strconv.ParseUint(id, 10, 0)
+	if err != nil {
+		return err
+	}
+
+	currentUser := sess.Get("userid")
+	if deleteUser == uint64(currentUser.(uint)) {
+		return fiber.NewError(fiber.StatusForbidden, "Forbidden")
+	}
+
+	db, err := helpers.GetDatabase()
+	if err != nil {
+		return err
+	}
+
+	var user models.User
+	result := db.Find(&user, "id = ?", id)
+	if result.Error != nil {
+		return result.Error
+	}
+
+	user.Name = "Disabled Account"
+	user.Email = "disabled-account@invlalid.tld"
+	user.Password = ""
+	user.TotpSecret.Valid = false
+	user.IsAdmin = false
+	user.SkipWelcome = false
+
+	result2 := db.Save(&user)
+	if result2.Error != nil {
+		return result2.Error
+	}
+
+	result3 := db.Delete(&models.User{}, id)
+	if result3.Error != nil {
+		return result3.Error
+	}
+
+	return c.Redirect("/admin/users")
+}
--- a/controllers/welcome.go
+++ b/controllers/welcome.go
@ -31,7 +31,7 @@ func WelcomePage(c *fiber.Ctx) error {
 	result := db.First(&user, "id = ?", userid)

 	if result.Error != nil {
-		return err
+		return result.Error
 	}

 	if user.SkipWelcome {