2023-07-16 23:38:02 +00:00
|
|
|
use chrono::{Datelike, Utc};
|
2023-06-18 17:29:49 +00:00
|
|
|
use dotenv::dotenv;
|
2023-07-16 22:29:52 +00:00
|
|
|
use ldap3::{LdapConn, Mod, Scope, SearchEntry};
|
2023-06-18 19:27:04 +00:00
|
|
|
use skynet_ldap_backend::{get_config, Config};
|
2023-07-16 22:29:52 +00:00
|
|
|
use std::collections::{HashMap, HashSet};
|
2023-07-16 23:14:48 +00:00
|
|
|
use std::env;
|
2023-07-16 22:29:52 +00:00
|
|
|
use std::error::Error;
|
2023-06-18 16:19:59 +00:00
|
|
|
|
|
|
|
#[async_std::main]
|
|
|
|
async fn main() -> tide::Result<()> {
|
|
|
|
let config = get_config();
|
|
|
|
|
2023-06-18 18:10:46 +00:00
|
|
|
update_users(&config).await?;
|
2023-06-18 16:19:59 +00:00
|
|
|
update_admin(&config).await?;
|
2023-06-18 17:37:44 +00:00
|
|
|
update_committee(&config).await?;
|
2023-06-18 17:34:27 +00:00
|
|
|
|
2023-06-18 16:19:59 +00:00
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2023-06-18 18:10:46 +00:00
|
|
|
async fn update_users(config: &Config) -> tide::Result<()> {
|
2023-07-16 23:14:48 +00:00
|
|
|
let mut users_tmp = HashSet::new();
|
|
|
|
// default user to ensure group is never empty
|
|
|
|
users_tmp.insert(String::from("compsoc"));
|
2023-06-18 18:10:46 +00:00
|
|
|
|
|
|
|
if let Ok(x) = env::var("USERS_LIFETIME") {
|
|
|
|
for user in x.split(',').collect::<Vec<&str>>() {
|
2023-07-16 23:14:48 +00:00
|
|
|
users_tmp.insert(user.to_string());
|
2023-06-18 18:10:46 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
pull in data from wolves (csv or api (hopefully api)
|
|
|
|
pull entire ldap data
|
|
|
|
|
|
|
|
for every valid user in wolves match to ldap
|
|
|
|
add to users
|
|
|
|
*/
|
2023-07-16 23:38:02 +00:00
|
|
|
println!("{:#?}", users_tmp);
|
2023-07-16 23:14:48 +00:00
|
|
|
// pull from wolves csv
|
|
|
|
for user in from_csv(config).await.unwrap_or_default() {
|
|
|
|
users_tmp.insert(user);
|
|
|
|
}
|
2023-06-18 18:10:46 +00:00
|
|
|
|
|
|
|
// sorting makes it easier/faster
|
|
|
|
if let Ok(x) = env::var("USERS_BANNED") {
|
|
|
|
for user in x.split(',').collect::<Vec<&str>>() {
|
2023-07-16 23:14:48 +00:00
|
|
|
users_tmp.remove(user);
|
2023-06-18 18:10:46 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-07-16 23:38:02 +00:00
|
|
|
println!("{:#?}", users_tmp);
|
|
|
|
|
2023-06-18 18:10:46 +00:00
|
|
|
// easier to work with Strings above but easier to work with &str below
|
|
|
|
let users: Vec<&str> = users_tmp.iter().map(|s| &**s).collect();
|
|
|
|
|
|
|
|
update_group(config, "skynet-users", &users, true).await?;
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
2023-06-18 17:34:27 +00:00
|
|
|
|
|
|
|
fn uid_to_dn(uid: &str) -> String {
|
2023-06-18 16:19:59 +00:00
|
|
|
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
|
|
|
|
}
|
|
|
|
|
2023-06-18 17:34:27 +00:00
|
|
|
async fn update_admin(config: &Config) -> tide::Result<()> {
|
2023-06-18 17:29:49 +00:00
|
|
|
dotenv().ok();
|
2023-06-18 17:34:27 +00:00
|
|
|
|
2023-06-18 17:29:49 +00:00
|
|
|
// read from teh env
|
|
|
|
if let Ok(x) = env::var("USERS_ADMIN") {
|
|
|
|
let users = x.split(',').collect::<Vec<&str>>();
|
2023-06-18 17:34:27 +00:00
|
|
|
|
|
|
|
update_group(config, "skynet-admins", &users, true).await?;
|
2023-06-18 17:29:49 +00:00
|
|
|
// admins automatically get added as users
|
2023-06-18 17:34:27 +00:00
|
|
|
update_group(config, "skynet-users", &users, false).await?;
|
2023-06-18 17:29:49 +00:00
|
|
|
}
|
2023-06-18 16:33:39 +00:00
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2023-06-18 17:37:44 +00:00
|
|
|
async fn update_committee(config: &Config) -> tide::Result<()> {
|
|
|
|
dotenv().ok();
|
|
|
|
|
|
|
|
// read from teh env
|
|
|
|
if let Ok(x) = env::var("USERS_COMMITTEE") {
|
|
|
|
let users = x.split(',').collect::<Vec<&str>>();
|
|
|
|
|
|
|
|
update_group(config, "skynet-committee", &users, true).await?;
|
|
|
|
// admins automatically get added as users
|
|
|
|
update_group(config, "skynet-users", &users, false).await?;
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2023-06-18 17:34:27 +00:00
|
|
|
async fn update_group(config: &Config, group: &str, users: &[&str], replace: bool) -> tide::Result<()> {
|
2023-06-18 19:47:36 +00:00
|
|
|
if users.is_empty() {
|
|
|
|
return Ok(());
|
|
|
|
}
|
|
|
|
|
2023-06-18 16:19:59 +00:00
|
|
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
|
|
|
|
|
|
|
// use the admin account
|
|
|
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
2023-06-18 16:33:39 +00:00
|
|
|
|
2023-06-18 17:32:52 +00:00
|
|
|
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
|
2023-06-18 17:34:27 +00:00
|
|
|
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
|
2023-06-18 16:45:33 +00:00
|
|
|
let mods = if replace {
|
2023-06-18 17:32:52 +00:00
|
|
|
vec![Mod::Replace("member".to_string(), members)]
|
2023-06-18 16:45:33 +00:00
|
|
|
} else {
|
2023-06-18 17:32:52 +00:00
|
|
|
vec![Mod::Add("member".to_string(), members)]
|
2023-06-18 16:45:33 +00:00
|
|
|
};
|
2023-06-18 17:34:27 +00:00
|
|
|
|
2023-06-18 17:32:52 +00:00
|
|
|
if let Err(x) = ldap.modify(&dn, mods) {
|
2023-06-18 16:45:33 +00:00
|
|
|
println!("{:?}", x);
|
|
|
|
}
|
2023-06-18 16:33:39 +00:00
|
|
|
|
2023-06-18 17:32:52 +00:00
|
|
|
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
|
2023-06-18 17:34:27 +00:00
|
|
|
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
|
2023-06-18 16:45:33 +00:00
|
|
|
let mods = if replace {
|
2023-06-18 17:32:52 +00:00
|
|
|
vec![Mod::Replace("memberUid".to_string(), members_linux)]
|
2023-06-18 16:45:33 +00:00
|
|
|
} else {
|
2023-06-18 17:32:52 +00:00
|
|
|
vec![Mod::Add("memberUid".to_string(), members_linux)]
|
2023-06-18 16:45:33 +00:00
|
|
|
};
|
2023-06-18 17:34:27 +00:00
|
|
|
if let Err(x) = ldap.modify(&dn_linux, mods) {
|
2023-06-18 16:45:33 +00:00
|
|
|
println!("{:?}", x);
|
|
|
|
};
|
2023-06-18 16:19:59 +00:00
|
|
|
|
2023-06-18 17:32:52 +00:00
|
|
|
// tidy up
|
2023-06-18 16:19:59 +00:00
|
|
|
ldap.unbind()?;
|
2023-06-18 16:33:39 +00:00
|
|
|
|
2023-06-18 16:19:59 +00:00
|
|
|
Ok(())
|
2023-06-18 17:34:27 +00:00
|
|
|
}
|
2023-07-16 22:29:52 +00:00
|
|
|
|
2023-07-16 23:14:48 +00:00
|
|
|
async fn ldap_get_accounts(config: &Config) -> Result<(HashMap<String, String>, HashMap<String, String>), Box<dyn Error>> {
|
2023-07-16 22:29:52 +00:00
|
|
|
// connect to ldap
|
|
|
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
|
|
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
|
|
|
|
|
|
|
let mut uid_idstudent: HashMap<String, String> = HashMap::new();
|
|
|
|
let mut uid_email: HashMap<String, String> = HashMap::new();
|
|
|
|
|
2023-07-16 23:14:48 +00:00
|
|
|
let (rs, _res) = ldap
|
|
|
|
.search("ou=users,dc=skynet,dc=ie", Scope::OneLevel, "(objectClass=*)", vec!["uid", "mail", "skID", "skSecure"])
|
|
|
|
.unwrap()
|
|
|
|
.success()
|
|
|
|
.unwrap();
|
2023-07-16 22:29:52 +00:00
|
|
|
|
|
|
|
for entry in rs {
|
2023-07-16 23:14:48 +00:00
|
|
|
let tmp = SearchEntry::construct(entry);
|
2023-07-16 22:29:52 +00:00
|
|
|
|
|
|
|
// skSecure is a standin for teh password, only 1 if the password is SSHA512
|
2023-07-16 23:14:48 +00:00
|
|
|
if !tmp.attrs.contains_key("skSecure") {
|
2023-07-16 22:29:52 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if tmp.attrs["skSecure"].is_empty() {
|
|
|
|
continue;
|
|
|
|
}
|
2023-07-16 23:14:48 +00:00
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
// make sure there is an id;
|
|
|
|
let uid = if !tmp.attrs["uid"].is_empty() {
|
|
|
|
tmp.attrs["uid"][0].clone()
|
2023-07-16 23:14:48 +00:00
|
|
|
} else {
|
2023-07-16 22:29:52 +00:00
|
|
|
continue;
|
|
|
|
};
|
|
|
|
|
|
|
|
if !tmp.attrs["skID"].is_empty() {
|
|
|
|
let skid = tmp.attrs["skID"][0].clone();
|
|
|
|
if &skid != "00000000" {
|
|
|
|
uid_idstudent.insert(skid, uid.clone());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if !tmp.attrs["mail"].is_empty() {
|
|
|
|
let mail = tmp.attrs["mail"][0].clone();
|
|
|
|
if &mail != "nomail@skynet.ie" {
|
|
|
|
uid_email.insert(mail, uid.clone());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ldap.unbind()?;
|
2023-07-16 23:14:48 +00:00
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
Ok((uid_idstudent, uid_email))
|
|
|
|
}
|
|
|
|
|
2023-07-16 23:14:48 +00:00
|
|
|
async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {
|
2023-07-16 22:29:52 +00:00
|
|
|
let mut uids = HashSet::new();
|
|
|
|
|
|
|
|
let (uid_idstudent, uid_email) = ldap_get_accounts(config).await?;
|
|
|
|
let records = read_csv()?;
|
2023-07-16 23:14:48 +00:00
|
|
|
|
2023-07-16 23:38:02 +00:00
|
|
|
let now = Utc::now();
|
|
|
|
let today = format!("{}-{:02}-{:02}", now.year(), now.month(), now.day());
|
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
for record in records {
|
2023-07-16 23:38:02 +00:00
|
|
|
// only import users if it is actually active.
|
|
|
|
if record.expiry < today {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
if let Some(uid) = uid_email.get(&record.email) {
|
|
|
|
uids.insert(uid.clone());
|
|
|
|
}
|
|
|
|
if let Some(uid) = uid_idstudent.get(&record.id_student) {
|
|
|
|
uids.insert(uid.clone());
|
|
|
|
}
|
|
|
|
}
|
2023-07-16 23:14:48 +00:00
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
Ok(uids)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug, serde::Deserialize)]
|
|
|
|
struct Record {
|
2023-07-16 23:14:48 +00:00
|
|
|
// #[serde(rename = "MemID")]
|
|
|
|
// id_wolves: String,
|
2023-07-16 22:29:52 +00:00
|
|
|
#[serde(rename = "Student Num")]
|
|
|
|
id_student: String,
|
|
|
|
#[serde(rename = "Contact Email")]
|
|
|
|
email: String,
|
2023-07-16 23:38:02 +00:00
|
|
|
#[serde(rename = "Expiry")]
|
|
|
|
expiry: String,
|
2023-07-16 22:29:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
fn read_csv() -> Result<Vec<Record>, Box<dyn Error>> {
|
|
|
|
let mut records: Vec<Record> = vec![];
|
2023-07-16 23:14:48 +00:00
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
if let Ok(mut rdr) = csv::Reader::from_path("tmp.csv") {
|
|
|
|
for result in rdr.deserialize() {
|
|
|
|
// Notice that we need to provide a type hint for automatic
|
|
|
|
// deserialization.
|
|
|
|
let record: Record = result?;
|
|
|
|
records.push(record);
|
|
|
|
}
|
|
|
|
}
|
2023-07-16 23:14:48 +00:00
|
|
|
|
2023-07-16 22:29:52 +00:00
|
|
|
Ok(records)
|
2023-07-16 23:14:48 +00:00
|
|
|
}
|