feat: final step in creating a new user

2023-06-04 19:39:01 +01:00 · 2023-06-04 19:39:01 +01:00 · beab2cb97b
commit beab2cb97b
parent dcb4969b27
5 changed files with 135 additions and 14 deletions
--- a/src/methods/account_new.rs
+++ b/src/methods/account_new.rs
@ -158,4 +158,114 @@ fn create_random_string(length: usize) -> String {
        .take(length)
        .map(char::from)
        .collect()
+}
+
+#[derive(Debug, Deserialize)]
+pub struct LdapNewUserVerify {
+    auth_code: String,
+    password: String
+}
+pub async fn post_new_account_confirmation(mut req: Request<State>) -> tide::Result {
+    let LdapNewUserVerify {
+        auth_code,
+        password
+    } = req.body_json().await?;
+    
+    let State {
+        db, 
+        config, 
+        .. 
+    } = &req.state();
+
+    // make sure to clear out the expired ones first
+    db_pending_clear_expired(db).await;
+
+    // search db for auth_code
+    let results = sqlx::query_as::<_, AccountsPending>(
+    r#"
+        SELECT *
+        FROM accounts_pending
+        WHERE auth_code == ?
+        "#,
+    ).bind(auth_code).fetch_all(db).await.unwrap_or(vec![]);
+
+    if results.is_empty() {
+        return Ok(json!({"result": "error"}).into());
+    }
+
+    let mut ldap = LdapConn::new(&config.ldap_host)?;
+
+    // need to bind as admin
+    ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
+    
+    let AccountsPending{ user, mail, name_first, name_second, auth_code, discord, expiry } = &results[0];
+    let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user);
+    // TODO: find highrest uid number
+    let uid_number = "9990";
+    let home_directory = format!("/home/{}", user);
+    let password_tmp = create_random_string(50);
+    let cn = format!("{} {}", name_first, name_second);
+    let labeled_uri = format!("ldap:///ou=groups,dc=skynet,dc=ie??sub?(&(objectclass=posixgroup)(memberuid={}))", user);
+    let sk_mail = format!("{}@skynet.ie", user);
+    let sk_created = get_sk_created();
+    
+    // create user
+    ldap.add(&dn, vec![
+        ("objectClass", HashSet::from(["top", "person", "posixaccount", "ldapPublicKey", "inetOrgPerson", "skPerson"])),
+
+        // top    
+        ("ou", HashSet::from(["users"])),
+
+        // person    
+        ("uid", HashSet::from([user.as_str()])),
+        ("cn", HashSet::from([cn.as_str()])),
+
+        // posixaccount   
+        ("uidNumber", HashSet::from([uid_number])),
+        ("gidNumber", HashSet::from(["1001"])),
+        ("homedirectory", HashSet::from([home_directory.as_str()])),
+        ("userpassword", HashSet::from([password_tmp.as_str()])),
+
+        // inetOrgPerson
+        ("mail", HashSet::from([mail.as_str()])),
+        ("sn", HashSet::from([name_second.as_str()])),
+            
+        // skPerson
+        ("labeledURI", HashSet::from([labeled_uri.as_str()])),
+        ("skMail", HashSet::from([sk_mail.as_str()])),
+            // need to get this from wolves
+        //("skID", HashSet::from(["12345678"])),
+        ("skCreated", HashSet::from([sk_created.as_str()])),
+    ])?.success()?;
+
+    // now to properly set teh password
+    let tmp = PasswordModify {
+        user_id: Some(&dn),
+        old_pass: Some(&password_tmp),
+        new_pass: Some(&password),
+    };
+    ldap.extended(tmp)?.success()?;
+
+    // done with ldap
+    ldap.unbind()?;
+    
+    // delete from tmp db
+    if let Ok(results) = sqlx::query_as::<_, AccountsPending>(
+        r#"
+        DELETE FROM accounts_pending
+        WHERE auth_code == ?
+        "#,
+    ).bind(&auth_code).fetch_all(pool).await {
+        println!("{:?}", results)
+    }
+
+    // frontend tells user that initial password ahs been sent to tehm
+    Ok(json!({"result": "success"}).into())
+}
+
+fn get_sk_created() -> String {
+    use chrono::{Utc};
+    let now = Utc::now();
+
+    format!("{}", now.format("%Y%m%d%H%M%SZ"))
 }