135 add stack account self service features

.github/workflows/checks.yaml

@@ -13,14 +13,16 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.23.0'
           cache: false
+      - name: download dependencies
+        run: go mod tidy
       - name: Compile
         run: go build main.go
       - name: Unit Tests
         run: go test -v ./...
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.54
+          version: v1.62
           args: --timeout=10m

commands/enabled.go

@@ -35,6 +35,8 @@ func populateSlashCommands(ctx ddtrace.SpanContext) {
 	SlashCommands["dquery"] = slash.DQuery
 	SlashCommands["attendance"] = slash.Attendance
 	SlashCommands["attendanceof"] = slash.Attendanceof
+	SlashCommands["openstack"] = slash.Openstack
+	SlashCommands["verify"] = slash.Verify
 }
 
 // populateHandlers populates the Handlers map with all of the handlers

commands/slash/member.go

@@ -487,7 +487,7 @@ func recievedEmail(s *discordgo.Session, i *discordgo.InteractionCreate, userEma
 	err := s.InteractionRespond(i.Interaction, &discordgo.InteractionResponse{
 		Type: discordgo.InteractionResponseUpdateMessage,
 		Data: &discordgo.InteractionResponseData{
-			Content: "A verification code has been sent to \"" + userEmail + "\". This could take up to 10 minutes and could be in your spam. Please check your spam! **Do not close discord or this window will be closed**.",
+			Content: "A verification code has been sent to \"" + userEmail + "\". This email will take at least **12 minutes** to arrive and show up in the **spam** due to RIT's email filitering system. Please be patient and watch your spam box! **Do not close discord or this window will be closed**.",
 			Components: []discordgo.MessageComponent{
 				discordgo.ActionsRow{
 					Components: []discordgo.MessageComponent{

commands/slash/openstack.go

@@ -0,0 +1,221 @@
+package slash
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/bwmarrin/discordgo"
+	"github.com/ritsec/ops-bot-iii/commands/slash/permission"
+	"github.com/ritsec/ops-bot-iii/config"
+	"github.com/ritsec/ops-bot-iii/data"
+	"github.com/ritsec/ops-bot-iii/helpers"
+	"github.com/ritsec/ops-bot-iii/logging"
+	"github.com/ritsec/ops-bot-iii/osclient"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
+)
+
+func Openstack() (*discordgo.ApplicationCommand, func(s *discordgo.Session, i *discordgo.InteractionCreate)) {
+	return &discordgo.ApplicationCommand{
+			Name:                     "openstack",
+			Description:              "Create or reset your openstack account",
+			DefaultMemberPermissions: &permission.Member,
+			Options: []*discordgo.ApplicationCommandOption{
+				{
+					Type:        discordgo.ApplicationCommandOptionString,
+					Name:        "option",
+					Description: "Option of create or reset",
+					Required:    true,
+					Choices: []*discordgo.ApplicationCommandOptionChoice{
+						{
+							Name:  "Create",
+							Value: "Create",
+						},
+						{
+							Name:  "Reset",
+							Value: "Reset",
+						},
+					},
+				},
+			},
+		},
+		func(s *discordgo.Session, i *discordgo.InteractionCreate) {
+			if config.Openstack.Enabled {
+				span := tracer.StartSpan(
+					"commands.slash.openstack:Openstack",
+					tracer.ResourceName("/openstack"),
+				)
+				defer span.Finish()
+
+				ssOption := i.ApplicationCommandData().Options[0].StringValue()
+				err := helpers.InitialMessage(s, i, fmt.Sprintf("You ran the /openstack command to %s your account!", strings.ToLower(ssOption)))
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span)
+				}
+
+				err = helpers.UpdateMessage(s, i, "Checking your email...")
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span)
+				}
+				// Get email and check if it is an actual email
+				email, err := data.User.GetEmail(i.Member.User.ID, span.Context())
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span)
+				}
+				if email == "" {
+					logging.Debug(s, "User has no email", i.Member.User, span)
+					err = helpers.UpdateMessage(s, i, "You have no verified email. Run /verify to add your email and run this command again.")
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+					}
+					return
+				}
+
+				// Check if user exists on Openstack already
+				exists, err := osclient.CheckUserExists(email)
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span)
+					return
+				}
+
+				if ssOption == "Create" {
+					// Stop here if user trying to create an account when it already has one
+					if exists {
+						logging.Debug(s, "User already has an openstack account and is trying to create one", i.Member.User, span)
+						err = helpers.UpdateMessage(s, i, "Openstack account already exisits. Run the reset option if you forgot your password.")
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+						}
+						return
+					}
+
+					// Checking if the user is DM'able
+					err = helpers.SendDirectMessage(s, i.Member.User.ID, "Checking to see if your DMs are open... your openstack account username and password will be sent here!", span.Context())
+					if err != nil {
+						logging.Debug(s, "User's DMs are not open", i.Member.User, span)
+						err = helpers.UpdateMessage(s, i, "Your DMs are not open! Please open your DMs and run the command again.")
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+						}
+						return
+					}
+
+					// Create the account
+					err = helpers.UpdateMessage(s, i, "Creating your account...")
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+					}
+					username, password, err := osclient.Create(email)
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+						return
+					}
+
+					// Send the username and password to the usuer via DM
+					message := fmt.Sprintf("Thank you for reaching out to us!\nHere are your credentials for RITSEC's Openstack:\n\nUsername: %s\nTemporary Password: %s\n\nPlease change the password\nOpenstack link: stack.ritsec.cloud", username, password)
+					logging.Debug(s, "Sent username and password to member", i.Member.User, span)
+					err = helpers.SendDirectMessage(s, i.Member.User.ID, message, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+						return
+					}
+
+					err = helpers.UpdateMessage(s, i, "Sent the username and password to your DMs, check your DMs!")
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+					}
+				} else if ssOption == "Reset" {
+					// Check if the user is trying to reset password on non-existent account
+					if !exists {
+						logging.Debug(s, "User does not have an openstack account and is trying to reset the password on it", i.Member.User, span)
+						err = helpers.UpdateMessage(s, i, "Openstack account does not exist and you are trying to reset it.")
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+						}
+						return
+					}
+
+					// Check to see if the user's reset timestamp exists
+					ts_exists, err := data.Openstack.Exists(i.Member.User.ID, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+						return
+					}
+					if !ts_exists {
+						// Create the row for user's timestamp and don't check it
+						_, err = data.Openstack.Create(i.Member.User.ID, span.Context())
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+							return
+						}
+					} else {
+						// Check the user's timestamp if has done recently
+
+						// Get the user's openstacks info
+						openstack_ent, err := data.Openstack.Get(i.Member.User.ID, span.Context())
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+							return
+						}
+						tx, err := time.LoadLocation("America/New_York")
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+							return
+						}
+						// Check if the user has done the reset recently
+						if time.Now().In(tx).Sub(openstack_ent.Timestamp) >= -2*time.Hour && time.Now().In(tx).Sub(openstack_ent.Timestamp) <= 2*time.Hour {
+							err = helpers.UpdateMessage(s, i, "You have tried to reset too much in the past 2 hours, please wait before trying again!")
+							if err != nil {
+								logging.Error(s, err.Error(), i.Member.User, span)
+							}
+							return
+						}
+					}
+
+					// Checking if the user is DM'able
+					err = helpers.SendDirectMessage(s, i.Member.User.ID, "Checking to see if your DMs are open... your openstack account username and password will be sent here!", span.Context())
+					if err != nil {
+						logging.Debug(s, "User's DMs are not open", i.Member.User, span)
+						err = helpers.UpdateMessage(s, i, "Your DMs are not open! Please open your DMs and run the command again.")
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span)
+						}
+						return
+					}
+
+					// 	// Reset the password of the account
+					err = helpers.UpdateMessage(s, i, "Resetting your account...")
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+					}
+					username, password, err := osclient.Reset(email)
+					logging.Debug(s, "User has the openstack account password reset", i.Member.User, span)
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+						return
+					}
+
+					message := fmt.Sprintf("Thank you for reaching out to us!\n Here are your credentials for RITSEC's Openstack:\n\nUsername: %s\nTemporary Password: %s\n\nPlease change the password\nOpenstack link: stack.ritsec.cloud", username, password)
+					err = helpers.SendDirectMessage(s, i.Member.User.ID, message, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+						return
+					}
+
+					err = helpers.UpdateMessage(s, i, "Sent the username and password to your DMs, check your DMs!")
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+					}
+
+					// Update the timestamp for the last reset for the user
+					_, err = data.Openstack.Update(i.Member.User.ID, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span)
+						return
+					}
+				} else {
+					return
+				}
+			}
+		}
+}

commands/slash/verify.go

@@ -0,0 +1,138 @@
+package slash
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/bwmarrin/discordgo"
+	"github.com/ritsec/ops-bot-iii/data"
+	"github.com/ritsec/ops-bot-iii/logging"
+	"github.com/ritsec/ops-bot-iii/mail"
+	"github.com/sirupsen/logrus"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
+)
+
+// The purpose of this command is for users who were manually verified through the /member command.
+// The issue is that they then would have no email in the database but they still need to set their email
+// if they want to use the openstack command to create their accounts.
+//
+// This is done by checking if their verification attempts is above 1, arbitrary locking out this command until they did /member command first.
+func Verify() (*discordgo.ApplicationCommand, func(s *discordgo.Session, i *discordgo.InteractionCreate)) {
+	return &discordgo.ApplicationCommand{
+			Name:        "verify",
+			Description: "Verify your email to use services like openstack and count for attendance",
+		},
+		func(s *discordgo.Session, i *discordgo.InteractionCreate) {
+			span := tracer.StartSpan(
+				"commands.slash.verify:Verify",
+				tracer.ResourceName("/Verify"),
+			)
+			defer span.Finish()
+
+			logging.Debug(s, "Verify command received", i.Member.User, span)
+
+			attempts, err := data.User.GetVerificationAttempts(i.Member.User.ID, span.Context())
+			if err != nil {
+				logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+				return
+			}
+
+			if attempts == 0 {
+				logging.Debug(s, "User has not used /member yet", i.Member.User, span)
+				return
+			}
+
+			// check if user has an RIT userEmail
+			ritEmail, i, err := hasRITEmail(s, i, span.Context())
+			if err != nil {
+				logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+				return
+			}
+
+			if ritEmail {
+				// get userEmail
+				userEmail, i, err := getEmail(s, i, span.Context())
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+					return
+				}
+
+				logging.Debug(s, fmt.Sprintf("User provided email: `%v`", userEmail), i.Member.User, span)
+
+				// check if userEmail is valid
+				if !validRITEmail(userEmail, span.Context()) {
+					logging.Debug(s, fmt.Sprintf("User has invalid RIT email: `%v`", userEmail), i.Member.User, span)
+					return
+				}
+
+				// check if email is already in use
+				if data.User.EmailExists(i.Member.User.ID, userEmail, span.Context()) {
+					logging.Debug(s, fmt.Sprintf("User has already used email: `%v`", userEmail), i.Member.User, span)
+					return
+				}
+
+				// send userEmail
+				code, err := mail.SendVerificationEmail(userEmail, span.Context())
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+					return
+				}
+
+				logging.Debug(s, fmt.Sprintf("User send Email with verification code: `%v`", code), i.Member.User, span)
+
+				// check if userEmail was recieved
+				recieved, i, err := recievedEmail(s, i, userEmail, span.Context())
+				if err != nil {
+					logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+					return
+				}
+
+				if recieved {
+
+					logging.Debug(s, fmt.Sprintf("User recieved email: `%v`", userEmail), i.Member.User, span)
+
+					// get verification code
+					verificationCode, i, err := getVerificationCode(s, i, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+						return
+					}
+
+					// check code
+					if strings.TrimSpace(code) != strings.TrimSpace(verificationCode) {
+						logging.Debug(s, "User provided invalid verification code", i.Member.User, span)
+						err := invalidCode(s, i, verificationCode, 0, span.Context())
+						if err != nil {
+							logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+						}
+						return
+					}
+
+					// add email to user
+					_, err = data.User.SetEmail(i.Member.User.ID, userEmail, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+						return
+					}
+
+					// mark user as verified
+					_, err = data.User.MarkVerified(i.Member.User.ID, span.Context())
+					if err != nil {
+						logging.Error(s, err.Error(), i.Member.User, span, logrus.Fields{"error": err})
+						return
+					}
+
+					msg := "You have been verified as a member of RITSEC. Welcome!"
+					_, err = s.InteractionResponseEdit(i.Interaction, &discordgo.WebhookEdit{
+						Content: &msg,
+					})
+					if err != nil {
+						logging.Error(s, err.Error(), i.User, span, logrus.Fields{"error": err})
+						return
+					}
+				} else {
+					return
+				}
+			}
+		}
+}