github.com/noname1007/gophish@v0.9.0/models/user.go (about)

     1  package models
     2  
     3  import (
     4  	"errors"
     5  
     6  	log "github.com/gophish/gophish/logger"
     7  )
     8  
     9  // ErrModifyingOnlyAdmin occurs when there is an attempt to modify the only
    10  // user account with the Admin role in such a way that there will be no user
    11  // accounts left in Gophish with that role.
    12  var ErrModifyingOnlyAdmin = errors.New("Cannot remove the only administrator")
    13  
    14  // User represents the user model for gophish.
    15  type User struct {
    16  	Id       int64  `json:"id"`
    17  	Username string `json:"username" sql:"not null;unique"`
    18  	Hash     string `json:"-"`
    19  	ApiKey   string `json:"api_key" sql:"not null;unique"`
    20  	Role     Role   `json:"role" gorm:"association_autoupdate:false;association_autocreate:false"`
    21  	RoleID   int64  `json:"-"`
    22  }
    23  
    24  // GetUser returns the user that the given id corresponds to. If no user is found, an
    25  // error is thrown.
    26  func GetUser(id int64) (User, error) {
    27  	u := User{}
    28  	err := db.Preload("Role").Where("id=?", id).First(&u).Error
    29  	return u, err
    30  }
    31  
    32  // GetUsers returns the users registered in Gophish
    33  func GetUsers() ([]User, error) {
    34  	us := []User{}
    35  	err := db.Preload("Role").Find(&us).Error
    36  	return us, err
    37  }
    38  
    39  // GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an
    40  // error is thrown.
    41  func GetUserByAPIKey(key string) (User, error) {
    42  	u := User{}
    43  	err := db.Preload("Role").Where("api_key = ?", key).First(&u).Error
    44  	return u, err
    45  }
    46  
    47  // GetUserByUsername returns the user that the given username corresponds to. If no user is found, an
    48  // error is thrown.
    49  func GetUserByUsername(username string) (User, error) {
    50  	u := User{}
    51  	err := db.Preload("Role").Where("username = ?", username).First(&u).Error
    52  	return u, err
    53  }
    54  
    55  // PutUser updates the given user
    56  func PutUser(u *User) error {
    57  	err := db.Save(u).Error
    58  	return err
    59  }
    60  
    61  // EnsureEnoughAdmins ensures that there is more than one user account in
    62  // Gophish with the Admin role. This function is meant to be called before
    63  // modifying a user account with the Admin role in a non-revokable way.
    64  func EnsureEnoughAdmins() error {
    65  	role, err := GetRoleBySlug(RoleAdmin)
    66  	if err != nil {
    67  		return err
    68  	}
    69  	var adminCount int
    70  	err = db.Model(&User{}).Where("role_id=?", role.ID).Count(&adminCount).Error
    71  	if err != nil {
    72  		return err
    73  	}
    74  	if adminCount == 1 {
    75  		return ErrModifyingOnlyAdmin
    76  	}
    77  	return nil
    78  }
    79  
    80  // DeleteUser deletes the given user. To ensure that there is always at least
    81  // one user account with the Admin role, this function will refuse to delete
    82  // the last Admin.
    83  func DeleteUser(id int64) error {
    84  	existing, err := GetUser(id)
    85  	if err != nil {
    86  		return err
    87  	}
    88  	// If the user is an admin, we need to verify that it's not the last one.
    89  	if existing.Role.Slug == RoleAdmin {
    90  		err = EnsureEnoughAdmins()
    91  		if err != nil {
    92  			return err
    93  		}
    94  	}
    95  	campaigns, err := GetCampaigns(id)
    96  	if err != nil {
    97  		return err
    98  	}
    99  	// Delete the campaigns
   100  	log.Infof("Deleting campaigns for user ID %d", id)
   101  	for _, campaign := range campaigns {
   102  		err = DeleteCampaign(campaign.Id)
   103  		if err != nil {
   104  			return err
   105  		}
   106  	}
   107  	log.Infof("Deleting pages for user ID %d", id)
   108  	// Delete the landing pages
   109  	pages, err := GetPages(id)
   110  	if err != nil {
   111  		return err
   112  	}
   113  	for _, page := range pages {
   114  		err = DeletePage(page.Id, id)
   115  		if err != nil {
   116  			return err
   117  		}
   118  	}
   119  	// Delete the templates
   120  	log.Infof("Deleting templates for user ID %d", id)
   121  	templates, err := GetTemplates(id)
   122  	if err != nil {
   123  		return err
   124  	}
   125  	for _, template := range templates {
   126  		err = DeleteTemplate(template.Id, id)
   127  		if err != nil {
   128  			return err
   129  		}
   130  	}
   131  	// Delete the groups
   132  	log.Infof("Deleting groups for user ID %d", id)
   133  	groups, err := GetGroups(id)
   134  	if err != nil {
   135  		return err
   136  	}
   137  	for _, group := range groups {
   138  		err = DeleteGroup(&group)
   139  		if err != nil {
   140  			return err
   141  		}
   142  	}
   143  	// Delete the sending profiles
   144  	log.Infof("Deleting sending profiles for user ID %d", id)
   145  	profiles, err := GetSMTPs(id)
   146  	if err != nil {
   147  		return err
   148  	}
   149  	for _, profile := range profiles {
   150  		err = DeleteSMTP(profile.Id, id)
   151  		if err != nil {
   152  			return err
   153  		}
   154  	}
   155  	// Finally, delete the user
   156  	err = db.Where("id=?", id).Delete(&User{}).Error
   157  	return err
   158  }