Merge branch '#16-set-group-after-emails-et' into 'main'

feat: when a user adds a mail and is not already a member of skynet-users it...

Closes #16

See merge request compsoc1/skynet/ldap/backend!12
This commit is contained in:
Brendan Golden 2023-08-13 14:42:11 +00:00
commit 5479afa5a5
2 changed files with 29 additions and 5 deletions

View file

@ -59,7 +59,7 @@ pub mod email {
Ok(json!({"result": "success"}).into()) Ok(json!({"result": "success"}).into())
} }
async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> { pub async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
sqlx::query_as::<_, AccountWolves>( sqlx::query_as::<_, AccountWolves>(
r#" r#"
SELECT * SELECT *
@ -410,7 +410,7 @@ pub mod account {
ldap.extended(tmp).unwrap(); ldap.extended(tmp).unwrap();
// user is already verified by being an active member on wolves // user is already verified by being an active member on wolves
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await { if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], false).await {
println!("Couldnt add {} to skynet-users: {:?}", username, e) println!("Couldnt add {} to skynet-users: {:?}", username, e)
} }

View file

@ -1,5 +1,6 @@
use crate::State; use crate::{methods::account_new::email::get_wolves_mail, update_group, Config, State};
use ldap3::{exop::PasswordModify, LdapConn, Mod, Scope, SearchEntry}; use ldap3::{exop::PasswordModify, LdapConn, Mod, Scope, SearchEntry};
use sqlx::{Pool, Sqlite};
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
use tide::{ use tide::{
prelude::{json, Deserialize, Serialize}, prelude::{json, Deserialize, Serialize},
@ -39,6 +40,7 @@ pub async fn submit(mut req: Request<State>) -> tide::Result {
} }
let config = &req.state().config; let config = &req.state().config;
let db = &req.state().db;
// easier to give each request its own connection // easier to give each request its own connection
let mut ldap = LdapConn::new(&config.ldap_host)?; let mut ldap = LdapConn::new(&config.ldap_host)?;
@ -48,18 +50,30 @@ pub async fn submit(mut req: Request<State>) -> tide::Result {
// always assume insecure // always assume insecure
let mut pw_keep_same = false; let mut pw_keep_same = false;
let mut is_skynet_user = false;
// get the users current password hash // get the users current password hash
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword"])?.success()?; let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
if !rs.is_empty() { if !rs.is_empty() {
let tmp = SearchEntry::construct(rs[0].clone()); let tmp = SearchEntry::construct(rs[0].clone());
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") { if tmp.attrs.contains_key("userPassword") && !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
pw_keep_same = true; pw_keep_same = true;
} }
if tmp.attrs.contains_key("memberOf") {
for group in tmp.attrs["memberOf"].clone() {
if group.contains("skynet-users") {
is_skynet_user = true;
}
}
}
} }
// check if the password field itself is being updated // check if the password field itself is being updated
let pass_new = if &field != "userPassword" { let pass_new = if &field != "userPassword" {
if !is_skynet_user && &field == "mail" {
activate_group(db, config, &user, &value).await;
}
// if password is not being updated then just update the required field // if password is not being updated then just update the required field
let mods = vec![ let mods = vec![
// the value we are updating // the value we are updating
@ -128,3 +142,13 @@ fn get_result_values(attrs: &HashMap<String, Vec<String>>, field: &str) -> Optio
} }
None None
} }
async fn activate_group(db: &Pool<Sqlite>, config: &Config, user: &str, mail: &str) {
// check if user has this mail in teh wolves db
if !get_wolves_mail(db, mail).await.is_empty() {
// if so then activate
if let Err(e) = update_group(config, "skynet-users", &vec![user.to_string()], false).await {
println!("Couldnt add {} to skynet-users: {:?}", user, e)
}
}
}