feat: handle the receiving of the token
This commit is contained in:
parent
3a5b96c4d9
commit
4bdfa09ee3
3 changed files with 83 additions and 1 deletions
|
@ -239,3 +239,7 @@ pub async fn get_wolves(db: &Pool<Sqlite>) -> Vec<AccountWolves> {
|
||||||
.await
|
.await
|
||||||
.unwrap_or(vec![])
|
.unwrap_or(vec![])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn uid_to_dn(uid: &str) -> String {
|
||||||
|
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
|
||||||
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@ use skynet_ldap_backend::{
|
||||||
methods::{
|
methods::{
|
||||||
account_new::post::{account, email},
|
account_new::post::{account, email},
|
||||||
account_update::post_update_ldap,
|
account_update::post_update_ldap,
|
||||||
|
password_reset::{post_password_auth, post_password_reset},
|
||||||
},
|
},
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
|
@ -26,6 +27,8 @@ async fn main() -> tide::Result<()> {
|
||||||
app.at("/ldap/update").post(post_update_ldap);
|
app.at("/ldap/update").post(post_update_ldap);
|
||||||
app.at("/ldap/new/email").post(email::submit);
|
app.at("/ldap/new/email").post(email::submit);
|
||||||
app.at("/ldap/new/account").post(account::submit);
|
app.at("/ldap/new/account").post(account::submit);
|
||||||
|
app.at("/ldap/reset").post(post_password_reset);
|
||||||
|
app.at("/ldap/reset/auth").post(post_password_auth);
|
||||||
|
|
||||||
app.listen(host_port).await?;
|
app.listen(host_port).await?;
|
||||||
Ok(())
|
Ok(())
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
use crate::{get_now_iso, random_string, Accounts, AccountsReset, Config, State};
|
use crate::{get_now_iso, random_string, uid_to_dn, Accounts, AccountsReset, Config, State};
|
||||||
use chrono::{Duration, SecondsFormat, Utc};
|
use chrono::{Duration, SecondsFormat, Utc};
|
||||||
|
use ldap3::{exop::PasswordModify, LdapConn};
|
||||||
use lettre::{
|
use lettre::{
|
||||||
message::{header, MultiPart, SinglePart},
|
message::{header, MultiPart, SinglePart},
|
||||||
transport::smtp::{authentication::Credentials, response::Response, Error},
|
transport::smtp::{authentication::Credentials, response::Response, Error},
|
||||||
|
@ -70,6 +71,40 @@ pub async fn post_password_reset(mut req: Request<State>) -> tide::Result {
|
||||||
Ok(json!({"result": "success"}).into())
|
Ok(json!({"result": "success"}).into())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize)]
|
||||||
|
pub struct PassResetAuth {
|
||||||
|
auth: String,
|
||||||
|
pass: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn post_password_auth(mut req: Request<State>) -> tide::Result {
|
||||||
|
let PassResetAuth {
|
||||||
|
auth,
|
||||||
|
pass,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
|
||||||
|
let config = &req.state().config;
|
||||||
|
let db = &req.state().db;
|
||||||
|
|
||||||
|
if db_pending_clear_expired(db).await.is_err() {
|
||||||
|
return Ok(json!({"result": "success"}).into());
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if auth exists
|
||||||
|
let details = match db_get_user_reset_auth(db, &auth).await {
|
||||||
|
None => {
|
||||||
|
return Ok(json!({"result": "success"}).into());
|
||||||
|
}
|
||||||
|
Some(x) => x,
|
||||||
|
};
|
||||||
|
|
||||||
|
if ldap_reset_pw(config, &details, &pass).await.is_err() {
|
||||||
|
return Ok(json!({"result": "error", "error": "ldap error"}).into());
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(json!({"result": "success", "success": "Password set"}).into())
|
||||||
|
}
|
||||||
|
|
||||||
async fn db_get_user(pool: &Pool<Sqlite>, user_in: &Option<String>, mail_in: &Option<String>) -> Option<Accounts> {
|
async fn db_get_user(pool: &Pool<Sqlite>, user_in: &Option<String>, mail_in: &Option<String>) -> Option<Accounts> {
|
||||||
let user = match user_in {
|
let user = match user_in {
|
||||||
None => "",
|
None => "",
|
||||||
|
@ -133,6 +168,46 @@ async fn db_get_user_reset(pool: &Pool<Sqlite>, user: &str) -> Option<AccountsRe
|
||||||
None
|
None
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn db_get_user_reset_auth(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsReset> {
|
||||||
|
if let Ok(res) = sqlx::query_as::<_, AccountsReset>(
|
||||||
|
r#"
|
||||||
|
SELECT *
|
||||||
|
FROM accounts_reset
|
||||||
|
WHERE auth == ?
|
||||||
|
"#,
|
||||||
|
)
|
||||||
|
.bind(auth)
|
||||||
|
.fetch_all(pool)
|
||||||
|
.await
|
||||||
|
{
|
||||||
|
if !res.is_empty() {
|
||||||
|
return Some(res[0].to_owned());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
None
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn ldap_reset_pw(config: &Config, details: &AccountsReset, pass: &str) -> Result<(), ldap3::LdapError> {
|
||||||
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
||||||
|
|
||||||
|
let dn = uid_to_dn(&details.user);
|
||||||
|
|
||||||
|
// if so then set password
|
||||||
|
let tmp = PasswordModify {
|
||||||
|
// none as we are staying on the same connection
|
||||||
|
user_id: Some(&dn),
|
||||||
|
old_pass: None,
|
||||||
|
new_pass: Some(pass),
|
||||||
|
};
|
||||||
|
|
||||||
|
ldap.extended(tmp)?.success()?;
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
fn send_mail(config: &Config, record: &Accounts, auth: &str) -> Result<Response, Error> {
|
fn send_mail(config: &Config, record: &Accounts, auth: &str) -> Result<Response, Error> {
|
||||||
let recipient = &record.user;
|
let recipient = &record.user;
|
||||||
let mail = &record.mail;
|
let mail = &record.mail;
|
||||||
|
|
Loading…
Reference in a new issue