feat: handle the receiving of the token

This commit is contained in:
silver 2023-07-30 22:56:02 +01:00
parent a851a81dec
commit 712cd50ff2
4 changed files with 88 additions and 7 deletions

View file

@ -1,6 +1,6 @@
use dotenvy::dotenv; use dotenvy::dotenv;
use ldap3::{LdapConn, Mod}; use ldap3::{LdapConn, Mod};
use skynet_ldap_backend::{db_init, get_config, get_now_iso, read_csv, Accounts, Config}; use skynet_ldap_backend::{db_init, get_config, get_now_iso, read_csv, uid_to_dn, Accounts, Config};
use sqlx::{Pool, Sqlite}; use sqlx::{Pool, Sqlite};
use std::{collections::HashSet, env, error::Error}; use std::{collections::HashSet, env, error::Error};
@ -46,10 +46,6 @@ async fn update_users(config: &Config) -> tide::Result<()> {
Ok(()) Ok(())
} }
fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}
async fn update_admin(config: &Config) -> tide::Result<()> { async fn update_admin(config: &Config) -> tide::Result<()> {
dotenv().ok(); dotenv().ok();

View file

@ -310,3 +310,7 @@ pub fn read_csv(config: &Config) -> Result<Vec<Record>, Box<dyn std::error::Erro
pub fn random_string(len: usize) -> String { pub fn random_string(len: usize) -> String {
thread_rng().sample_iter(&Alphanumeric).take(len).map(char::from).collect() thread_rng().sample_iter(&Alphanumeric).take(len).map(char::from).collect()
} }
pub fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}

View file

@ -1,6 +1,10 @@
use skynet_ldap_backend::{ use skynet_ldap_backend::{
db_init, get_config, db_init, get_config,
methods::{account_new::post_new_account, account_update::post_update_ldap}, methods::{
account_new::post_new_account,
account_update::post_update_ldap,
password_reset::{post_password_auth, post_password_reset},
},
State, State,
}; };
@ -22,6 +26,8 @@ async fn main() -> tide::Result<()> {
app.at("/ldap/update").post(post_update_ldap); app.at("/ldap/update").post(post_update_ldap);
app.at("/ldap/new").post(post_new_account); app.at("/ldap/new").post(post_new_account);
app.at("/ldap/reset").post(post_password_reset);
app.at("/ldap/reset/auth").post(post_password_auth);
app.listen(host_port).await?; app.listen(host_port).await?;
Ok(()) Ok(())

View file

@ -1,5 +1,6 @@
use crate::{get_now_iso, random_string, Accounts, AccountsReset, Config, State}; use crate::{get_now_iso, random_string, uid_to_dn, Accounts, AccountsReset, Config, State};
use chrono::{Duration, SecondsFormat, Utc}; use chrono::{Duration, SecondsFormat, Utc};
use ldap3::{exop::PasswordModify, LdapConn};
use lettre::{ use lettre::{
message::{header, MultiPart, SinglePart}, message::{header, MultiPart, SinglePart},
transport::smtp::{authentication::Credentials, response::Response, Error}, transport::smtp::{authentication::Credentials, response::Response, Error},
@ -70,6 +71,40 @@ pub async fn post_password_reset(mut req: Request<State>) -> tide::Result {
Ok(json!({"result": "success"}).into()) Ok(json!({"result": "success"}).into())
} }
#[derive(Debug, Deserialize)]
pub struct PassResetAuth {
auth: String,
pass: String,
}
pub async fn post_password_auth(mut req: Request<State>) -> tide::Result {
let PassResetAuth {
auth,
pass,
} = req.body_json().await?;
let config = &req.state().config;
let db = &req.state().db;
if db_pending_clear_expired(db).await.is_err() {
return Ok(json!({"result": "success"}).into());
}
// check if auth exists
let details = match db_get_user_reset_auth(db, &auth).await {
None => {
return Ok(json!({"result": "success"}).into());
}
Some(x) => x,
};
if ldap_reset_pw(config, &details, &pass).await.is_err() {
return Ok(json!({"result": "error", "error": "ldap error"}).into());
};
Ok(json!({"result": "success", "success": "Password set"}).into())
}
async fn db_get_user(pool: &Pool<Sqlite>, user_in: &Option<String>, mail_in: &Option<String>) -> Option<Accounts> { async fn db_get_user(pool: &Pool<Sqlite>, user_in: &Option<String>, mail_in: &Option<String>) -> Option<Accounts> {
let user = match user_in { let user = match user_in {
None => "", None => "",
@ -133,6 +168,46 @@ async fn db_get_user_reset(pool: &Pool<Sqlite>, user: &str) -> Option<AccountsRe
None None
} }
async fn db_get_user_reset_auth(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsReset> {
if let Ok(res) = sqlx::query_as::<_, AccountsReset>(
r#"
SELECT *
FROM accounts_reset
WHERE auth == ?
"#,
)
.bind(auth)
.fetch_all(pool)
.await
{
if !res.is_empty() {
return Some(res[0].to_owned());
}
}
None
}
async fn ldap_reset_pw(config: &Config, details: &AccountsReset, pass: &str) -> Result<(), ldap3::LdapError> {
let mut ldap = LdapConn::new(&config.ldap_host)?;
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
let dn = uid_to_dn(&details.user);
// if so then set password
let tmp = PasswordModify {
// none as we are staying on the same connection
user_id: Some(&dn),
old_pass: None,
new_pass: Some(pass),
};
ldap.extended(tmp)?.success()?;
ldap.unbind()?;
Ok(())
}
fn send_mail(config: &Config, record: &Accounts, auth: &str) -> Result<Response, Error> { fn send_mail(config: &Config, record: &Accounts, auth: &str) -> Result<Response, Error> {
let recipient = &record.user; let recipient = &record.user;
let mail = &record.mail; let mail = &record.mail;