feat: new route to reminder users of their username via email.

Closes #14
2023-08-13 17:47:51 +01:00 · 2023-08-13 17:47:51 +01:00 · be4fadd84d
commit be4fadd84d
parent d722de1493
3 changed files with 127 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -81,6 +81,14 @@ Invalid Auth:

 Generic responses which is used unless otherwise specified above.

+### POST /ldap/recover/username
+Sends an email to the user of the address reminding them of their username (if there is an account associated with said username).
+```json
+{
+  "email" : "email looking for remidner"
+}
+```
+
 ### POST /ldap/recover/password

 ```json
--- a/src/main.rs
+++ b/src/main.rs
@ -30,6 +30,7 @@ async fn main() -> tide::Result<()> {
    // for folks who forget password/username
    app.at("/ldap/recover/password").post(account_recover::password::reset);
    app.at("/ldap/recover/password/auth").post(account_recover::password::auth);
+    app.at("/ldap/recover/username").post(account_recover::username::submit);

    app.listen(host_port).await?;
    Ok(())
--- a/src/methods/account_recover.rs
+++ b/src/methods/account_recover.rs
@ -109,7 +109,7 @@ pub mod password {
        Ok(json!({"result": "success", "success": "Password set"}).into())
    }

-    async fn db_get_user(pool: &Pool<Sqlite>, user_in: &Option<String>, mail_in: &Option<String>) -> Option<Accounts> {
+    pub async fn db_get_user(pool: &Pool<Sqlite>, user_in: &Option<String>, mail_in: &Option<String>) -> Option<Accounts> {
        let user = match user_in {
            None => "",
            Some(x) => x,
@ -305,3 +305,120 @@ pub mod password {
        .await
    }
 }
+
+pub mod username {
+    use super::password::db_get_user;
+    use super::*;
+
+    // far simpler, accept email, send notification via email
+
+    #[derive(Debug, Deserialize)]
+    struct UsernameReminder {
+        email: String,
+    }
+
+    pub async fn submit(mut req: Request<State>) -> tide::Result {
+        let UsernameReminder {
+            email,
+        } = req.body_json().await?;
+
+        // check that any mail is not using @skynet.ie
+
+        if email.trim().ends_with("@skynet.ie") {
+            // all responses from this are a success
+            return Ok(json!({"result": "error", "error": "Skynet email not permitted."}).into());
+        }
+
+        let config = &req.state().config;
+        let db = &req.state().db;
+
+        // considering the local db is updated hourly (or less) use that instead of teh ldap for lookups
+        let user_details = match db_get_user(db, &None, &Some(email)).await {
+            None => {
+                return Ok(json!({"result": "success"}).into());
+            }
+            Some(x) => x,
+        };
+
+        // user does not have a different email address set
+        if user_details.mail.trim().ends_with("@skynet.ie") {
+            // not returning an error here as there is no need to let the person requesting what email the user has
+            return Ok(json!({"result": "success"}).into());
+        }
+
+        send_mail(config, &user_details).ok();
+
+        Ok(json!({"result": "success"}).into())
+    }
+
+    fn send_mail(config: &Config, record: &Accounts) -> Result<Response, Error> {
+        let recipient = &record.user;
+        let mail = &record.mail;
+        let discord = "https://discord.skynet.ie";
+        let sender = format!("UL Computer Society <{}>", &config.mail_user);
+
+        // Create the html we want to send.
+        let html = html! {
+            head {
+                title { "Hello from Skynet!" }
+                style type="text/css" {
+                    "h2, h4 { font-family: Arial, Helvetica, sans-serif; }"
+                }
+            }
+            div style="display: flex; flex-direction: column; align-items: center;" {
+                h2 { "Hello from Skynet!" }
+                // Substitute in the name of our recipient.
+                p { "Hi there," }
+                p {
+                    "You requested a username reminder: " (recipient)
+                }
+                p {
+                    "If did not request this please ignore."
+                }
+                p {
+                    "UL Computer Society"
+                    br;
+                    "Skynet Team"
+                    br;
+                    a href=(discord) { (discord) }
+                }
+            }
+        };
+
+        let body_text = format!(
+            r#"
+            Hi there,
+            
+            You requested a username reminder: {recipient}
+            
+            If did not request this please ignore.
+            
+            UL Computer Society
+            Skynet Team
+            {discord}
+            "#
+        );
+
+        // Build the message.
+        let email = Message::builder()
+            .from(sender.parse().unwrap())
+            .to(mail.parse().unwrap())
+            .subject("Skynet: Username Reminder")
+            .multipart(
+                // This is composed of two parts.
+                // also helps not trip spam settings (uneven number of url's
+                MultiPart::alternative()
+                    .singlepart(SinglePart::builder().header(header::ContentType::TEXT_PLAIN).body(body_text))
+                    .singlepart(SinglePart::builder().header(header::ContentType::TEXT_HTML).body(html.into_string())),
+            )
+            .expect("failed to build email");
+
+        let creds = Credentials::new(config.mail_user.clone(), config.mail_pass.clone());
+
+        // Open a remote connection to gmail using STARTTLS
+        let mailer = SmtpTransport::starttls_relay(&config.mail_smtp).unwrap().credentials(creds).build();
+
+        // Send the email
+        mailer.send(&email)
+    }
+}