feat: new users will immediately gain access to most services

Closes #13
This commit is contained in:
silver 2023-08-06 14:25:42 +01:00
parent 56b2da1ae6
commit 38cbb440af
3 changed files with 51 additions and 45 deletions

View file

@ -1,5 +1,4 @@
use ldap3::{LdapConn, Mod}; use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, update_group, Accounts, Config};
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, Accounts, Config};
use sqlx::{Pool, Sqlite}; use sqlx::{Pool, Sqlite};
use std::{collections::HashSet, env, error::Error}; use std::{collections::HashSet, env, error::Error};
@ -68,49 +67,6 @@ async fn update(config: &Config) -> tide::Result<()> {
Ok(()) Ok(())
} }
fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}
async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
if users.is_empty() {
return Ok(());
}
let mut ldap = LdapConn::new(&config.ldap_host)?;
// use the admin account
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
let mods = if replace {
vec![Mod::Replace("member".to_string(), members)]
} else {
vec![Mod::Add("member".to_string(), members)]
};
if let Err(x) = ldap.modify(&dn, mods) {
println!("{:?}", x);
}
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
let mods = if replace {
vec![Mod::Replace("memberUid".to_string(), members_linux)]
} else {
vec![Mod::Add("memberUid".to_string(), members_linux)]
};
if let Err(x) = ldap.modify(&dn_linux, mods) {
println!("{:?}", x);
};
// tidy up
ldap.unbind()?;
Ok(())
}
async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> { async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {
let db = db_init(config).await.unwrap(); let db = db_init(config).await.unwrap();

View file

@ -1,6 +1,7 @@
pub mod methods; pub mod methods;
use chrono::{Datelike, SecondsFormat, Utc}; use chrono::{Datelike, SecondsFormat, Utc};
use dotenvy::dotenv; use dotenvy::dotenv;
use ldap3::{LdapConn, Mod};
use rand::{distributions::Alphanumeric, thread_rng, Rng}; use rand::{distributions::Alphanumeric, thread_rng, Rng};
use sqlx::{ use sqlx::{
sqlite::{SqliteConnectOptions, SqlitePoolOptions}, sqlite::{SqliteConnectOptions, SqlitePoolOptions},
@ -212,3 +213,46 @@ pub async fn get_wolves(db: &Pool<Sqlite>) -> Vec<AccountWolves> {
.await .await
.unwrap_or(vec![]) .unwrap_or(vec![])
} }
pub async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
if users.is_empty() {
return Ok(());
}
let mut ldap = LdapConn::new(&config.ldap_host)?;
// use the admin account
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
let mods = if replace {
vec![Mod::Replace("member".to_string(), members)]
} else {
vec![Mod::Add("member".to_string(), members)]
};
if let Err(x) = ldap.modify(&dn, mods) {
println!("{:?}", x);
}
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
let mods = if replace {
vec![Mod::Replace("memberUid".to_string(), members_linux)]
} else {
vec![Mod::Add("memberUid".to_string(), members_linux)]
};
if let Err(x) = ldap.modify(&dn_linux, mods) {
println!("{:?}", x);
};
// tidy up
ldap.unbind()?;
Ok(())
}
pub fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}

View file

@ -235,6 +235,7 @@ pub mod post {
pub mod account { pub mod account {
use super::*; use super::*;
use crate::update_group;
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
struct LdapNewUser { struct LdapNewUser {
@ -411,6 +412,11 @@ pub mod post {
ldap.extended(tmp).unwrap(); ldap.extended(tmp).unwrap();
// user is already verified by being an active member on wolves
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await {
println!("Couldnt add {} to skynet-users: {:?}", username, e)
}
ldap.unbind()?; ldap.unbind()?;
Ok(()) Ok(())