From 675e521a546600d52693f66b4c58334416238f83 Mon Sep 17 00:00:00 2001
From: Steve <stryan@saintnet.tech>
Date: Thu, 24 Sep 2020 17:12:22 -0400
Subject: [PATCH] add janky profile editing

---
 ldap.go                     | 44 +++++++++++++++++++++++++++++++++++++
 main.go                     |  4 +++-
 profile.go                  | 39 ++++++++++++++++++++++++++++++++
 templates/index.html        |  2 +-
 templates/profile.html      |  1 +
 templates/profile_edit.html | 37 +++++++++++++++++++++++++++++++
 web.go                      | 28 +++++++++++++++++++++--
 7 files changed, 151 insertions(+), 4 deletions(-)
 create mode 100644 profile.go
 create mode 100644 templates/profile_edit.html

diff --git a/ldap.go b/ldap.go
index 8c46a4e..cf28bf6 100644
--- a/ldap.go
+++ b/ldap.go
@@ -210,6 +210,50 @@ func findLDAPAccountForDisplay(uname string) (User, error) {
 	}
 	return u, nil
 }
+func updateLDAPAccountByUser(user User) error {
+	url := Conf.Ldap.Url
+	userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, user.Username, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
+	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
+	basedn := fmt.Sprintf("%v,%v", Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
+	l, err := ldap.DialURL(url)
+	if err != nil {
+		return err
+	}
+	defer l.Close()
+	err = l.Bind(binddn, Conf.Ldap.LdapPass)
+	if err != nil {
+		return err
+	}
+	result, err := l.Search(ldap.NewSearchRequest(
+		basedn,
+		ldap.ScopeWholeSubtree,
+		ldap.NeverDerefAliases,
+		0,
+		0,
+		false,
+		fmt.Sprintf("(&(objectClass=organizationalPerson)(%s=%s))", Conf.Ldap.UserAttr, user.Username),
+		[]string{"dn"},
+		nil,
+	))
+	if err != nil {
+		return err
+	}
+	if len(result.Entries) != 1 {
+		err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))
+		return errors.New(err_text)
+	}
+	modify := ldap.NewModifyRequest(userdn, nil)
+	modify.Replace("mail", []string{user.Email})
+	modify.Replace("givenName", []string{user.FirstName})
+	modify.Replace("sn", []string{user.LastName})
+	modify.Replace("displayName", []string{user.DisplayName})
+	err = l.Modify(modify)
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
 func findLDAPMaxID() (int, error) {
 	url := Conf.Ldap.Url
 	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
diff --git a/main.go b/main.go
index b44fa29..68cb8df 100644
--- a/main.go
+++ b/main.go
@@ -26,7 +26,9 @@ func main() {
 	router.HandleFunc("/login", login).Methods("POST")
 	router.HandleFunc("/logout", logoutPage).Methods("GET")
 	router.HandleFunc("/token", tokenPage).Methods("GET")
-	router.HandleFunc("/profile", profilePage).Methods("GET")
+	router.HandleFunc("/profile/view", profilePage).Methods("GET")
+	router.HandleFunc("/profile/edit", profileEditPage).Methods("GET")
+	router.HandleFunc("/profile/edit", profileEdit).Methods("POST")
 	router.HandleFunc("/passwordreset", resetPageFront).Methods("GET")
 	router.HandleFunc("/passwordreset", resetLookup).Methods("POST")
 	router.HandleFunc("/passwordresetform", resetPageBack).Methods("GET")
diff --git a/profile.go b/profile.go
new file mode 100644
index 0000000..3c5f41d
--- /dev/null
+++ b/profile.go
@@ -0,0 +1,39 @@
+package main
+
+import (
+	"log"
+	"net/http"
+)
+
+func profileEdit(res http.ResponseWriter, req *http.Request) {
+	uname := getUserName(req)
+	if uname == "" {
+		http.Redirect(res, req, "/", 302)
+	}
+	user, err := findLDAPAccountForDisplay(uname)
+	if err != nil {
+		log.Printf("Error loading profile: %v\n", err)
+		http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+	}
+	dispname := req.FormValue("displayname")
+	firstname := req.FormValue("firstname")
+	lastname := req.FormValue("lastname")
+	email := req.FormValue("email")
+	if dispname != user.DisplayName || firstname != user.FirstName || lastname != user.LastName || email != user.Email {
+		log.Printf("updating user %v\n", user.Username)
+		user.DisplayName = dispname
+		user.FirstName = firstname
+		user.LastName = lastname
+		user.Email = email
+		err = updateLDAPAccountByUser(user)
+		if err != nil {
+			log.Printf("Error updating user account: %v\n", err)
+			http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			return
+		} else {
+			http.Redirect(res, req, "/profile/view", 303)
+		}
+	}
+	return
+}
diff --git a/templates/index.html b/templates/index.html
index a461339..5d07428 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -2,7 +2,7 @@
 {{ template "header" .}}
 {{if .LoggedIn }}
 <p><a href="/token">Get Token</a></p>
-<p><a href="/profile">Profile</a></p>
+<p><a href="/profile/view">Profile</a></p>
 {{else}}
 <p><a href="/register">Register</a></p>
 <p><a href="/passwordreset">Reset Password</a></p>
diff --git a/templates/profile.html b/templates/profile.html
index fb2d9e0..28c19a9 100644
--- a/templates/profile.html
+++ b/templates/profile.html
@@ -21,6 +21,7 @@
 			<th>User ID: </th><td>{{ .User.ID }}</td>
 		</tr>
 	</table>
+	<p><a href="/profile/edit">Edit Profile</a></p>
 {{ template "footer" .}}
 {{end}}
 			
diff --git a/templates/profile_edit.html b/templates/profile_edit.html
new file mode 100644
index 0000000..21e0b55
--- /dev/null
+++ b/templates/profile_edit.html
@@ -0,0 +1,37 @@
+{{ define "profile_edit" }}
+{{ template "header" .}}
+<body>
+	<div>
+	<form method="POST" action="/profile/edit">
+	<table>
+		<tr>
+			<td>Username:</td>
+			<td>{{ .User.Username }}</td>
+		</tr>
+		<tr>
+			<td>Display Name:</td>
+			<td><input type="string" placeholder='{{ .User.DisplayName }}' name="displayname" value='{{ .User.DisplayName }}'></td>
+		</tr>
+		<tr>
+			<td>First Name:</td>
+			<td><input type="string" placeholder='{{ .User.FirstName }}' name="firstname" value='{{ .User.FirstName }}'></td>
+		</tr> 
+		<tr>
+			<td>Last Name:</td>
+			<td><input type="string" placeholder='{{ .User.LastName }}' name="lastname" value='{{ .User.LastName }}'></td>
+		</tr>
+		<tr>
+			<td>Email Address:</td>
+			<td><input type="mail"  placeholder=' {{ .User.Email }}' name="email" value='{{.User.Email }}'></td>
+		</tr>
+		<tr>
+			<td>User ID:</td>
+			<td>{{ .User.ID }}</td>
+		<tr>
+			<td><input type="submit" value="Submit"></td>
+		</tr>
+	</table>
+</form> 
+</div>
+{{ template "footer" .}}
+{{end}}
diff --git a/web.go b/web.go
index e1ce3f1..eaac6c4 100644
--- a/web.go
+++ b/web.go
@@ -6,7 +6,7 @@ import (
 )
 
 func profilePage(res http.ResponseWriter, req *http.Request) {
-	log.Println("GET /profile")
+	log.Println("GET /profile/view")
 	uname := getUserName(req)
 	if uname == "" {
 		http.Redirect(res, req, "/", 302)
@@ -30,7 +30,31 @@ func profilePage(res http.ResponseWriter, req *http.Request) {
 	}
 	tpl.ExecuteTemplate(res, "profile", data)
 }
-
+func profileEditPage(res http.ResponseWriter, req *http.Request) {
+	log.Println("GET /profile/edit")
+	uname := getUserName(req)
+	if uname == "" {
+		http.Redirect(res, req, "/", 302)
+	}
+	user, err := findLDAPAccountForDisplay(uname)
+	if err != nil {
+		log.Printf("Error loading profile: %v\n", err)
+		http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+	}
+	data := struct {
+		Title    string
+		Username string
+		LoggedIn bool
+		User     User
+	}{
+		"Profile",
+		uname,
+		true,
+		user,
+	}
+	tpl.ExecuteTemplate(res, "profile_edit", data)
+}
 func resetPageFront(res http.ResponseWriter, req *http.Request) {
 	log.Println("GET /passwordreset")
 	u := getUserName(req)