From a28e58db76cc4d2489b5a920d17b7816db5f6db3 Mon Sep 17 00:00:00 2001
From: daragh <daraghdownes12@gmail.com>
Date: Sun, 24 Dec 2023 22:02:12 +0000
Subject: [PATCH] feat : added get_ssh_keys needs testing

---
 src/main.rs                |  7 ++++-
 src/methods/account_ssh.rs | 61 ++++++++++++++++++++++++++++++++++++++
 src/methods/mod.rs         |  1 +
 3 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 src/methods/account_ssh.rs

diff --git a/src/main.rs b/src/main.rs
index 262d918..bac9aaa 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,6 +1,6 @@
 use skynet_ldap_backend::{
   db_init, get_config,
-  methods::{account_new, account_recover, account_update},
+  methods::{account_new, account_recover, account_update, account_ssh},
   State,
 };
 
@@ -34,6 +34,11 @@ async fn main() -> tide::Result<()> {
   app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
   app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
 
+  //for getting current ssh keys associated with the account
+  app.at("/ldap/ssh").post(account_ssh::get_ssh_keys);
+  //app.at("/ldap/ssh").delete(account_ssh::remove_key);
+  //app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key);
+
   app.listen(host_port).await?;
   Ok(())
 }
diff --git a/src/methods/account_ssh.rs b/src/methods/account_ssh.rs
new file mode 100644
index 0000000..c115c2f
--- /dev/null
+++ b/src/methods/account_ssh.rs
@@ -0,0 +1,61 @@
+use crate::{methods::account_new::email::get_wolves_mail, update_group, Accounts, Config, State};
+use ldap3::{exop::PasswordModify, LdapConn, LdapResult, Mod, ResultEntry, Scope, SearchEntry};
+use tide::{
+    prelude::{json, Deserialize, Serialize},
+    Request,
+};
+
+#[derive(Debug, Deserialize)]
+pub struct User {
+    user: String,
+    pass: String,
+}
+
+pub async fn get_ssh_keys(mut req: Request<State>) -> tide::Result {
+    let User {
+        user,
+        pass
+    } = req.body_json().await?;
+    let config = &req.state().config;
+
+    // easier to give each request its own connection
+    let mut ldap = LdapConn::new(&config.ldap_host)?;
+
+    let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user);
+    ldap.simple_bind(&dn, &pass)?.success()?;
+
+    // always assume insecure
+    let mut is_skynet_user = false;
+
+    // get the users current password hash
+    let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
+    if !rs.is_empty() {
+        let tmp = SearchEntry::construct(rs[0].clone());
+        if tmp.attrs.contains_key("memberOf") {
+            for group in tmp.attrs["memberOf"].clone() {
+                if group.contains("skynet-users") {
+                    is_skynet_user = true;
+                }
+            }
+        }
+    }
+    if !is_skynet_user {
+        return Ok(json!({"result": "error", "error": "Invalid username or password"}).into())
+    }
+
+    let mut keys: Vec<String> = vec![];
+    let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?;
+    for entry in rs {
+        let tmp = SearchEntry::construct(entry);
+        if tmp.attrs.contains_key("sshPublicKey") {
+            for key in tmp.attrs["sshPublicKey"].clone() {
+                keys.push(key);
+            }
+        }
+    }
+    ldap.unbind()?;
+
+    Ok(json!({"result": "success", "success": keys}).into())
+}
+
+
diff --git a/src/methods/mod.rs b/src/methods/mod.rs
index 8273b7b..1662270 100644
--- a/src/methods/mod.rs
+++ b/src/methods/mod.rs
@@ -1,3 +1,4 @@
 pub mod account_new;
 pub mod account_recover;
 pub mod account_update;
+pub mod account_ssh;
\ No newline at end of file