func RegisterUser()

in traffic_ops/traffic_ops_golang/login/register.go [156:301]

• 133 lines of code
• 25 McCabe index (conditional complexity)

func RegisterUser(w http.ResponseWriter, r *http.Request) {
	var tenantID uint
	var req tc.UserRegistrationRequest
	var reqV4 tc.UserRegistrationRequestV4
	var email rfc.EmailAddress

	inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
	var tx = inf.Tx.Tx
	if userErr != nil || sysErr != nil {
		api.HandleErr(w, r, tx, errCode, userErr, sysErr)
		return
	}
	defer inf.Close()
	defer r.Body.Close()

	// ToDo: uncomment this once the perm based roles and config options are implemented
	if inf.Version.Major >= 4 {
		if err := json.NewDecoder(r.Body).Decode(&reqV4); err != nil {
			api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil)
			return
		}
		if err := reqV4.Validate(tx); err != nil {
			api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil)
			return
		}
		tenantID = reqV4.TenantID
		email = reqV4.Email
	} else {
		if userErr = api.Parse(r.Body, tx, &req); userErr != nil {
			api.HandleErr(w, r, tx, http.StatusBadRequest, userErr, nil)
			return
		}
		tenantID = req.TenantID
		email = req.Email
	}

	if ok, err := inf.IsResourceAuthorizedToCurrentUser(int(tenantID)); err != nil {
		sysErr = fmt.Errorf("Checking tenancy permissions of current user (%+v) on tenant #%d", inf.User, tenantID)
		errCode = http.StatusInternalServerError
		api.HandleErr(w, r, tx, errCode, nil, sysErr)
		return
	} else if !ok {
		sysErr = fmt.Errorf("User %s requested unauthorized access to tenant #%d to register new user", inf.User.UserName, tenantID)
		userErr = errors.New("not authorized on this tenant")
		errCode = http.StatusForbidden
		api.HandleErr(w, r, tx, errCode, userErr, sysErr)
		return
	}

	// ToDo: Add checks for permission based role checking here, if the version is >=5 and the config option is turned on.
	if inf.Version.Major < 4 {
		privLevel, ok, err := dbhelpers.GetPrivLevelFromRoleID(tx, int(req.Role))
		if err != nil {
			sysErr = fmt.Errorf("checking role #%d privilege level: %w", req.Role, err)
			errCode = http.StatusInternalServerError
			api.HandleErr(w, r, tx, errCode, nil, sysErr)
			return
		}
		if !ok {
			userErr = fmt.Errorf("No such role: %d", req.Role)
			errCode = http.StatusNotFound
			api.HandleErr(w, r, tx, errCode, userErr, nil)
			return
		}
		if privLevel > inf.User.PrivLevel {
			userErr = errors.New("Cannot register a user with a role with higher privileges than yourself")
			errCode = http.StatusForbidden
			api.HandleErr(w, r, tx, errCode, userErr, nil)
			return
		}
	} else {
		req.Email = reqV4.Email
		req.TenantID = reqV4.TenantID
		roleID, ok, err := dbhelpers.GetRoleIDFromName(tx, reqV4.Role)
		if err != nil {
			api.HandleErr(w, r, tx, http.StatusInternalServerError, nil, fmt.Errorf("error fetching ID from role name: %w", err))
			return
		} else if !ok {
			api.HandleErr(w, r, tx, http.StatusNotFound, errors.New("no such role"), nil)
			return
		}
		req.Role = uint(roleID)
	}

	t, err := generateToken()
	if err != nil {
		errCode = http.StatusInternalServerError
		sysErr = fmt.Errorf("Failed to generate token: %v", err)
		api.HandleErr(w, r, tx, errCode, nil, sysErr)
		return
	}

	var role string
	var tenant string
	var username string
	user, exists, err := dbhelpers.GetUserByEmail(email.Address.Address, inf.Tx.Tx)
	if err != nil {
		errCode = http.StatusInternalServerError
		sysErr = fmt.Errorf("Checking for existing user with email %s: %v", email, err)
		api.HandleErr(w, r, tx, errCode, nil, sysErr)
		return
	}
	if exists {
		if user.NewUser == nil || !*user.NewUser {
			userErr = errors.New("User already exists and has completed registration.")
			errCode = http.StatusConflict
			api.HandleErr(w, r, tx, errCode, userErr, nil)
			return
		}
		role, tenant, err = renewRegistration(tx, req, t, user)
	} else {
		role, tenant, username, err = newRegistration(tx, req, t)
	}

	if err != nil {
		log.Errorf("Bare error: %v", err)
		userErr, sysErr, errCode = api.ParseDBError(err)
		api.HandleErr(w, r, tx, errCode, userErr, sysErr)
		return
	}
	if user.Username != nil {
		username = *user.Username
	}

	msg, err := createRegistrationMsg(email, t, tx, inf.Config.ConfigPortal)
	if err != nil {
		sysErr = fmt.Errorf("failed to create email message: %v", err)
		errCode = http.StatusInternalServerError
		api.HandleErr(w, r, tx, errCode, nil, sysErr)
		return
	}

	log.Debugf("Sending registration email to %s", email)

	if errCode, userErr, sysErr = inf.SendMail(email, msg); userErr != nil || sysErr != nil {
		api.HandleErr(w, r, tx, errCode, userErr, sysErr)
		return
	}
	var alert = "Sent user registration to %s with the following permissions [ role: %s | tenant: %s ]"
	alert = fmt.Sprintf(alert, email, role, tenant)
	api.WriteRespAlert(w, r, tc.SuccessLevel, alert)

	var changeLog = "USER: %s, EMAIL: %s, ACTION: registration sent with role %s and tenant %s"
	changeLog = fmt.Sprintf(changeLog, username, email, role, tenant)
	api.CreateChangeLogRawTx(api.ApiChange, changeLog, inf.User, tx)
}