1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
// Copyright 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package state
import (
"fmt"
"regexp"
"labix.org/v2/mgo"
"labix.org/v2/mgo/txn"
"launchpad.net/juju-core/errors"
"launchpad.net/juju-core/utils"
)
var validUser = regexp.MustCompile("^[a-zA-Z][a-zA-Z0-9]*$")
// AddUser adds a user to the state.
func (st *State) AddUser(name, password string) (*User, error) {
if !validUser.MatchString(name) {
return nil, fmt.Errorf("invalid user name %q", name)
}
u := &User{
st: st,
doc: userDoc{
Name: name,
PasswordHash: utils.PasswordHash(password),
},
}
ops := []txn.Op{{
C: st.users.Name,
Id: name,
Assert: txn.DocMissing,
Insert: &u.doc,
}}
err := st.runTransaction(ops)
if err == txn.ErrAborted {
err = fmt.Errorf("user already exists")
}
if err != nil {
return nil, err
}
return u, nil
}
// getUser fetches information about the user with the
// given name into the provided userDoc.
func (st *State) getUser(name string, udoc *userDoc) error {
err := st.users.Find(D{{"_id", name}}).One(udoc)
if err == mgo.ErrNotFound {
err = errors.NotFoundf("user %q", name)
}
return err
}
// User returns the state user for the given name,
func (st *State) User(name string) (*User, error) {
u := &User{st: st}
if err := st.getUser(name, &u.doc); err != nil {
return nil, err
}
return u, nil
}
// User represents a juju client user.
type User struct {
st *State
doc userDoc
}
type userDoc struct {
Name string `bson:"_id_"`
PasswordHash string
}
// Name returns the user name,
func (u *User) Name() string {
return u.doc.Name
}
// Tag returns the Tag for
// the user ("user-$username")
func (u *User) Tag() string {
return "user-" + u.doc.Name
}
// SetPassword sets the password associated with the user.
func (u *User) SetPassword(password string) error {
return u.SetPasswordHash(utils.PasswordHash(password))
}
// SetPasswordHash sets the password to the
// inverse of utils.PasswordHash(pwHash).
// It can be used when we know only the hash
// of the password, but not the clear text.
func (u *User) SetPasswordHash(pwHash string) error {
ops := []txn.Op{{
C: u.st.users.Name,
Id: u.Name(),
Update: D{{"$set", D{{"passwordhash", pwHash}}}},
}}
if err := u.st.runTransaction(ops); err != nil {
return fmt.Errorf("cannot set password of user %q: %v", u.Name(), err)
}
u.doc.PasswordHash = pwHash
return nil
}
// PasswordValid returns whether the given password
// is valid for the user.
func (u *User) PasswordValid(password string) bool {
return utils.PasswordHash(password) == u.doc.PasswordHash
}
// Refresh refreshes information about the user
// from the state.
func (u *User) Refresh() error {
var udoc userDoc
if err := u.st.getUser(u.Name(), &udoc); err != nil {
return err
}
u.doc = udoc
return nil
}
|