diff --git a/src/main.rs b/src/main.rs index 262d918..bac9aaa 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,6 @@ use skynet_ldap_backend::{ db_init, get_config, - methods::{account_new, account_recover, account_update}, + methods::{account_new, account_recover, account_update, account_ssh}, State, }; @@ -34,6 +34,11 @@ async fn main() -> tide::Result<()> { app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request); app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify); + //for getting current ssh keys associated with the account + app.at("/ldap/ssh").post(account_ssh::get_ssh_keys); + //app.at("/ldap/ssh").delete(account_ssh::remove_key); + //app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key); + app.listen(host_port).await?; Ok(()) } diff --git a/src/methods/account_ssh.rs b/src/methods/account_ssh.rs new file mode 100644 index 0000000..c115c2f --- /dev/null +++ b/src/methods/account_ssh.rs @@ -0,0 +1,61 @@ +use crate::{methods::account_new::email::get_wolves_mail, update_group, Accounts, Config, State}; +use ldap3::{exop::PasswordModify, LdapConn, LdapResult, Mod, ResultEntry, Scope, SearchEntry}; +use tide::{ + prelude::{json, Deserialize, Serialize}, + Request, +}; + +#[derive(Debug, Deserialize)] +pub struct User { + user: String, + pass: String, +} + +pub async fn get_ssh_keys(mut req: Request) -> tide::Result { + let User { + user, + pass + } = req.body_json().await?; + let config = &req.state().config; + + // easier to give each request its own connection + let mut ldap = LdapConn::new(&config.ldap_host)?; + + let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user); + ldap.simple_bind(&dn, &pass)?.success()?; + + // always assume insecure + let mut is_skynet_user = false; + + // get the users current password hash + let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?; + if !rs.is_empty() { + let tmp = SearchEntry::construct(rs[0].clone()); + if tmp.attrs.contains_key("memberOf") { + for group in tmp.attrs["memberOf"].clone() { + if group.contains("skynet-users") { + is_skynet_user = true; + } + } + } + } + if !is_skynet_user { + return Ok(json!({"result": "error", "error": "Invalid username or password"}).into()) + } + + let mut keys: Vec = vec![]; + let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?; + for entry in rs { + let tmp = SearchEntry::construct(entry); + if tmp.attrs.contains_key("sshPublicKey") { + for key in tmp.attrs["sshPublicKey"].clone() { + keys.push(key); + } + } + } + ldap.unbind()?; + + Ok(json!({"result": "success", "success": keys}).into()) +} + + diff --git a/src/methods/mod.rs b/src/methods/mod.rs index 8273b7b..1662270 100644 --- a/src/methods/mod.rs +++ b/src/methods/mod.rs @@ -1,3 +1,4 @@ pub mod account_new; pub mod account_recover; pub mod account_update; +pub mod account_ssh; \ No newline at end of file