Merge branch 'main' into #4-password-reset

# Conflicts:
#	src/lib.rs
#	src/methods/account_new.rs
This commit is contained in:
silver 2023-08-06 17:57:02 +01:00
commit b570ed9073
4 changed files with 61 additions and 63 deletions

View file

@ -101,9 +101,11 @@
# modify these
scripts = {
# every 15 min
"update_data" = "*:0,15,30,45";
#"new_users" = "*:5,20,35,50";
"update_groups" = "*:5,20,35,50";
#"new_users" = "*:5,20,35,50";
# groups are updated every 8 hours
"update_groups" = "00,08,16:00:00";
};
in {

View file

@ -1,5 +1,4 @@
use ldap3::{LdapConn, Mod};
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, Accounts, Config};
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, update_group, Accounts, Config};
use sqlx::{Pool, Sqlite};
use std::{collections::HashSet, env, error::Error};
@ -68,49 +67,6 @@ async fn update(config: &Config) -> tide::Result<()> {
Ok(())
}
fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}
async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
if users.is_empty() {
return Ok(());
}
let mut ldap = LdapConn::new(&config.ldap_host)?;
// use the admin account
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
let mods = if replace {
vec![Mod::Replace("member".to_string(), members)]
} else {
vec![Mod::Add("member".to_string(), members)]
};
if let Err(x) = ldap.modify(&dn, mods) {
println!("{:?}", x);
}
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
let mods = if replace {
vec![Mod::Replace("memberUid".to_string(), members_linux)]
} else {
vec![Mod::Add("memberUid".to_string(), members_linux)]
};
if let Err(x) = ldap.modify(&dn_linux, mods) {
println!("{:?}", x);
};
// tidy up
ldap.unbind()?;
Ok(())
}
async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {
let db = db_init(config).await.unwrap();

View file

@ -1,6 +1,7 @@
pub mod methods;
use chrono::{Datelike, SecondsFormat, Utc};
use dotenvy::dotenv;
use ldap3::{LdapConn, Mod};
use rand::{distributions::Alphanumeric, thread_rng, Rng};
use sqlx::{
sqlite::{SqliteConnectOptions, SqlitePoolOptions},
@ -87,12 +88,8 @@ pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_new (auth_code)")
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_new (date_expiry)")
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_new (auth_code)").execute(&pool).await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_new (date_expiry)").execute(&pool).await?;
sqlx::query(
"CREATE TABLE IF NOT EXISTS accounts_reset (
@ -104,12 +101,8 @@ pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_reset (auth_code)")
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_reset (date_expiry)")
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_reset (auth_code)").execute(&pool).await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_reset (date_expiry)").execute(&pool).await?;
// this is for active use
sqlx::query(
@ -128,9 +121,7 @@ pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
sqlx::query("CREATE INDEX IF NOT EXISTS index_uid_number ON accounts (uid)").execute(&pool).await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_mail ON accounts (mail)").execute(&pool).await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_student_id ON accounts (student_id)")
.execute(&pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS index_student_id ON accounts (student_id)").execute(&pool).await?;
Ok(pool)
}
@ -243,3 +234,46 @@ pub async fn get_wolves(db: &Pool<Sqlite>) -> Vec<AccountWolves> {
pub fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}
pub async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
if users.is_empty() {
return Ok(());
}
let mut ldap = LdapConn::new(&config.ldap_host)?;
// use the admin account
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
let mods = if replace {
vec![Mod::Replace("member".to_string(), members)]
} else {
vec![Mod::Add("member".to_string(), members)]
};
if let Err(x) = ldap.modify(&dn, mods) {
println!("{:?}", x);
}
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
let mods = if replace {
vec![Mod::Replace("memberUid".to_string(), members_linux)]
} else {
vec![Mod::Add("memberUid".to_string(), members_linux)]
};
if let Err(x) = ldap.modify(&dn_linux, mods) {
println!("{:?}", x);
};
// tidy up
ldap.unbind()?;
Ok(())
}
pub fn uid_to_dn(uid: &str) -> String {
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}

View file

@ -232,6 +232,7 @@ pub mod email {
pub mod account {
use super::*;
use crate::update_group;
#[derive(Debug, Deserialize)]
struct LdapNewUser {
@ -408,7 +409,12 @@ pub mod account {
ldap.extended(tmp).unwrap();
ldap.unbind()?;
// user is already verified by being an active member on wolves
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await {
println!("Couldnt add {} to skynet-users: {:?}", username, e)
}
ldap.unbind()?;
Ok(())
}