Merge branch '#13_add_users_to_skynet-users_on_signup' into 'main'
feat: new users will immediately gain access to most services Closes #13 See merge request compsoc1/skynet/ldap/backend!10
This commit is contained in:
commit
a97964700a
4 changed files with 55 additions and 47 deletions
|
@ -101,9 +101,11 @@
|
||||||
|
|
||||||
# modify these
|
# modify these
|
||||||
scripts = {
|
scripts = {
|
||||||
|
# every 15 min
|
||||||
"update_data" = "*:0,15,30,45";
|
"update_data" = "*:0,15,30,45";
|
||||||
#"new_users" = "*:5,20,35,50";
|
#"new_users" = "*:5,20,35,50";
|
||||||
"update_groups" = "*:5,20,35,50";
|
# groups are updated every 8 hours
|
||||||
|
"update_groups" = "00,08,16:00:00";
|
||||||
};
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
use ldap3::{LdapConn, Mod};
|
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, update_group, Accounts, Config};
|
||||||
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, Accounts, Config};
|
|
||||||
use sqlx::{Pool, Sqlite};
|
use sqlx::{Pool, Sqlite};
|
||||||
use std::{collections::HashSet, env, error::Error};
|
use std::{collections::HashSet, env, error::Error};
|
||||||
|
|
||||||
|
@ -68,49 +67,6 @@ async fn update(config: &Config) -> tide::Result<()> {
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn uid_to_dn(uid: &str) -> String {
|
|
||||||
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
|
|
||||||
if users.is_empty() {
|
|
||||||
return Ok(());
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
|
||||||
|
|
||||||
// use the admin account
|
|
||||||
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
|
||||||
|
|
||||||
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
|
|
||||||
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
|
|
||||||
let mods = if replace {
|
|
||||||
vec![Mod::Replace("member".to_string(), members)]
|
|
||||||
} else {
|
|
||||||
vec![Mod::Add("member".to_string(), members)]
|
|
||||||
};
|
|
||||||
|
|
||||||
if let Err(x) = ldap.modify(&dn, mods) {
|
|
||||||
println!("{:?}", x);
|
|
||||||
}
|
|
||||||
|
|
||||||
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
|
|
||||||
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
|
|
||||||
let mods = if replace {
|
|
||||||
vec![Mod::Replace("memberUid".to_string(), members_linux)]
|
|
||||||
} else {
|
|
||||||
vec![Mod::Add("memberUid".to_string(), members_linux)]
|
|
||||||
};
|
|
||||||
if let Err(x) = ldap.modify(&dn_linux, mods) {
|
|
||||||
println!("{:?}", x);
|
|
||||||
};
|
|
||||||
|
|
||||||
// tidy up
|
|
||||||
ldap.unbind()?;
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {
|
async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {
|
||||||
let db = db_init(config).await.unwrap();
|
let db = db_init(config).await.unwrap();
|
||||||
|
|
||||||
|
|
44
src/lib.rs
44
src/lib.rs
|
@ -1,6 +1,7 @@
|
||||||
pub mod methods;
|
pub mod methods;
|
||||||
use chrono::{Datelike, SecondsFormat, Utc};
|
use chrono::{Datelike, SecondsFormat, Utc};
|
||||||
use dotenvy::dotenv;
|
use dotenvy::dotenv;
|
||||||
|
use ldap3::{LdapConn, Mod};
|
||||||
use rand::{distributions::Alphanumeric, thread_rng, Rng};
|
use rand::{distributions::Alphanumeric, thread_rng, Rng};
|
||||||
use sqlx::{
|
use sqlx::{
|
||||||
sqlite::{SqliteConnectOptions, SqlitePoolOptions},
|
sqlite::{SqliteConnectOptions, SqlitePoolOptions},
|
||||||
|
@ -212,3 +213,46 @@ pub async fn get_wolves(db: &Pool<Sqlite>) -> Vec<AccountWolves> {
|
||||||
.await
|
.await
|
||||||
.unwrap_or(vec![])
|
.unwrap_or(vec![])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
|
||||||
|
if users.is_empty() {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
|
// use the admin account
|
||||||
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
||||||
|
|
||||||
|
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
|
||||||
|
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
|
||||||
|
let mods = if replace {
|
||||||
|
vec![Mod::Replace("member".to_string(), members)]
|
||||||
|
} else {
|
||||||
|
vec![Mod::Add("member".to_string(), members)]
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Err(x) = ldap.modify(&dn, mods) {
|
||||||
|
println!("{:?}", x);
|
||||||
|
}
|
||||||
|
|
||||||
|
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
|
||||||
|
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
|
||||||
|
let mods = if replace {
|
||||||
|
vec![Mod::Replace("memberUid".to_string(), members_linux)]
|
||||||
|
} else {
|
||||||
|
vec![Mod::Add("memberUid".to_string(), members_linux)]
|
||||||
|
};
|
||||||
|
if let Err(x) = ldap.modify(&dn_linux, mods) {
|
||||||
|
println!("{:?}", x);
|
||||||
|
};
|
||||||
|
|
||||||
|
// tidy up
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn uid_to_dn(uid: &str) -> String {
|
||||||
|
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
|
||||||
|
}
|
||||||
|
|
|
@ -235,6 +235,7 @@ pub mod post {
|
||||||
|
|
||||||
pub mod account {
|
pub mod account {
|
||||||
use super::*;
|
use super::*;
|
||||||
|
use crate::update_group;
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
struct LdapNewUser {
|
struct LdapNewUser {
|
||||||
|
@ -411,6 +412,11 @@ pub mod post {
|
||||||
|
|
||||||
ldap.extended(tmp).unwrap();
|
ldap.extended(tmp).unwrap();
|
||||||
|
|
||||||
|
// user is already verified by being an active member on wolves
|
||||||
|
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await {
|
||||||
|
println!("Couldnt add {} to skynet-users: {:?}", username, e)
|
||||||
|
}
|
||||||
|
|
||||||
ldap.unbind()?;
|
ldap.unbind()?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
|
Loading…
Reference in a new issue