feat : added get_ssh_keys
needs testing
This commit is contained in:
parent
303885ef0d
commit
a28e58db76
3 changed files with 68 additions and 1 deletions
|
@ -1,6 +1,6 @@
|
||||||
use skynet_ldap_backend::{
|
use skynet_ldap_backend::{
|
||||||
db_init, get_config,
|
db_init, get_config,
|
||||||
methods::{account_new, account_recover, account_update},
|
methods::{account_new, account_recover, account_update, account_ssh},
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -34,6 +34,11 @@ async fn main() -> tide::Result<()> {
|
||||||
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
|
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
|
||||||
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
|
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
|
||||||
|
|
||||||
|
//for getting current ssh keys associated with the account
|
||||||
|
app.at("/ldap/ssh").post(account_ssh::get_ssh_keys);
|
||||||
|
//app.at("/ldap/ssh").delete(account_ssh::remove_key);
|
||||||
|
//app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key);
|
||||||
|
|
||||||
app.listen(host_port).await?;
|
app.listen(host_port).await?;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
61
src/methods/account_ssh.rs
Normal file
61
src/methods/account_ssh.rs
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
use crate::{methods::account_new::email::get_wolves_mail, update_group, Accounts, Config, State};
|
||||||
|
use ldap3::{exop::PasswordModify, LdapConn, LdapResult, Mod, ResultEntry, Scope, SearchEntry};
|
||||||
|
use tide::{
|
||||||
|
prelude::{json, Deserialize, Serialize},
|
||||||
|
Request,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize)]
|
||||||
|
pub struct User {
|
||||||
|
user: String,
|
||||||
|
pass: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_ssh_keys(mut req: Request<State>) -> tide::Result {
|
||||||
|
let User {
|
||||||
|
user,
|
||||||
|
pass
|
||||||
|
} = req.body_json().await?;
|
||||||
|
let config = &req.state().config;
|
||||||
|
|
||||||
|
// easier to give each request its own connection
|
||||||
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
|
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user);
|
||||||
|
ldap.simple_bind(&dn, &pass)?.success()?;
|
||||||
|
|
||||||
|
// always assume insecure
|
||||||
|
let mut is_skynet_user = false;
|
||||||
|
|
||||||
|
// get the users current password hash
|
||||||
|
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
|
||||||
|
if !rs.is_empty() {
|
||||||
|
let tmp = SearchEntry::construct(rs[0].clone());
|
||||||
|
if tmp.attrs.contains_key("memberOf") {
|
||||||
|
for group in tmp.attrs["memberOf"].clone() {
|
||||||
|
if group.contains("skynet-users") {
|
||||||
|
is_skynet_user = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !is_skynet_user {
|
||||||
|
return Ok(json!({"result": "error", "error": "Invalid username or password"}).into())
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut keys: Vec<String> = vec![];
|
||||||
|
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?;
|
||||||
|
for entry in rs {
|
||||||
|
let tmp = SearchEntry::construct(entry);
|
||||||
|
if tmp.attrs.contains_key("sshPublicKey") {
|
||||||
|
for key in tmp.attrs["sshPublicKey"].clone() {
|
||||||
|
keys.push(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
Ok(json!({"result": "success", "success": keys}).into())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
pub mod account_new;
|
pub mod account_new;
|
||||||
pub mod account_recover;
|
pub mod account_recover;
|
||||||
pub mod account_update;
|
pub mod account_update;
|
||||||
|
pub mod account_ssh;
|
Loading…
Reference in a new issue