Merge branch '#18-better-formatting' into 'main'
fmt: updated the formatting See merge request compsoc1/skynet/ldap/backend!16
This commit is contained in:
commit
bfef964084
8 changed files with 1370 additions and 1358 deletions
|
@ -1,6 +1,9 @@
|
||||||
max_width = 1000
|
max_width = 150
|
||||||
single_line_if_else_max_width = 100
|
single_line_if_else_max_width = 100
|
||||||
chain_width = 100
|
chain_width = 100
|
||||||
fn_params_layout = "Compressed"
|
fn_params_layout = "Compressed"
|
||||||
#control_brace_style = "ClosingNextLine"
|
#control_brace_style = "ClosingNextLine"
|
||||||
|
#brace_style = "PreferSameLine"
|
||||||
struct_lit_width = 0
|
struct_lit_width = 0
|
||||||
|
tab_spaces = 2
|
||||||
|
use_small_heuristics = "Max"
|
|
@ -4,161 +4,169 @@ use sqlx::{Pool, Sqlite};
|
||||||
|
|
||||||
#[async_std::main]
|
#[async_std::main]
|
||||||
async fn main() -> tide::Result<()> {
|
async fn main() -> tide::Result<()> {
|
||||||
let config = get_config();
|
let config = get_config();
|
||||||
let db = db_init(&config).await.unwrap();
|
let db = db_init(&config).await.unwrap();
|
||||||
|
|
||||||
update_wolves(&config, &db).await;
|
update_wolves(&config, &db).await;
|
||||||
update_ldap(&config, &db).await;
|
update_ldap(&config, &db).await;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn update_wolves(config: &Config, db: &Pool<Sqlite>) {
|
async fn update_wolves(config: &Config, db: &Pool<Sqlite>) {
|
||||||
let mut records = vec![];
|
let mut records = vec![];
|
||||||
|
|
||||||
if let Ok(accounts) = get_csv(config) {
|
if let Ok(accounts) = get_csv(config) {
|
||||||
for account in accounts {
|
for account in accounts {
|
||||||
records.push(AccountWolves::from(account));
|
records.push(AccountWolves::from(account));
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for account in records {
|
for account in records {
|
||||||
update_account(db, &account).await;
|
update_account(db, &account).await;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn update_ldap(config: &Config, db: &Pool<Sqlite>) {
|
async fn update_ldap(config: &Config, db: &Pool<Sqlite>) {
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host).unwrap();
|
let mut ldap = LdapConn::new(&config.ldap_host).unwrap();
|
||||||
|
|
||||||
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw).unwrap().success().unwrap();
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw).unwrap().success().unwrap();
|
||||||
|
|
||||||
// use this to pre load a large chunk of data
|
// use this to pre load a large chunk of data
|
||||||
if let Ok(x) = ldap.search("ou=users,dc=skynet,dc=ie", Scope::OneLevel, "(objectClass=*)", vec!["uid", "uidNumber", "skDiscord", "skMemberOf", "mail", "skID", "userPassword"]) {
|
if let Ok(x) = ldap.search(
|
||||||
if let Ok((rs, _res)) = x.success() {
|
"ou=users,dc=skynet,dc=ie",
|
||||||
for entry in rs {
|
Scope::OneLevel,
|
||||||
let tmp = SearchEntry::construct(entry);
|
"(objectClass=*)",
|
||||||
|
vec!["uid", "uidNumber", "skDiscord", "skMemberOf", "mail", "skID", "userPassword"],
|
||||||
|
) {
|
||||||
|
if let Ok((rs, _res)) = x.success() {
|
||||||
|
for entry in rs {
|
||||||
|
let tmp = SearchEntry::construct(entry);
|
||||||
|
|
||||||
let mut tmp_account = Accounts {
|
let mut tmp_account = Accounts {
|
||||||
user: "".to_string(),
|
user: "".to_string(),
|
||||||
uid: 0,
|
uid: 0,
|
||||||
discord: None,
|
discord: None,
|
||||||
mail: "".to_string(),
|
mail: "".to_string(),
|
||||||
student_id: "".to_string(),
|
student_id: "".to_string(),
|
||||||
enabled: false,
|
enabled: false,
|
||||||
secure: false,
|
secure: false,
|
||||||
};
|
};
|
||||||
|
|
||||||
// pull out the required info
|
// pull out the required info
|
||||||
if tmp.attrs.contains_key("uid") && !tmp.attrs["uid"].is_empty() {
|
if tmp.attrs.contains_key("uid") && !tmp.attrs["uid"].is_empty() {
|
||||||
tmp_account.user = tmp.attrs["uid"][0].clone();
|
tmp_account.user = tmp.attrs["uid"][0].clone();
|
||||||
}
|
}
|
||||||
if tmp.attrs.contains_key("uidNumber") && !tmp.attrs["uidNumber"].is_empty() {
|
if tmp.attrs.contains_key("uidNumber") && !tmp.attrs["uidNumber"].is_empty() {
|
||||||
tmp_account.uid = tmp.attrs["uidNumber"][0].clone().parse().unwrap_or(0);
|
tmp_account.uid = tmp.attrs["uidNumber"][0].clone().parse().unwrap_or(0);
|
||||||
}
|
}
|
||||||
if tmp.attrs.contains_key("skDiscord") && !tmp.attrs["skDiscord"].is_empty() {
|
if tmp.attrs.contains_key("skDiscord") && !tmp.attrs["skDiscord"].is_empty() {
|
||||||
tmp_account.discord = Option::from(tmp.attrs["skDiscord"][0].clone());
|
tmp_account.discord = Option::from(tmp.attrs["skDiscord"][0].clone());
|
||||||
}
|
}
|
||||||
if tmp.attrs.contains_key("mail") && !tmp.attrs["mail"].is_empty() {
|
if tmp.attrs.contains_key("mail") && !tmp.attrs["mail"].is_empty() {
|
||||||
tmp_account.mail = tmp.attrs["mail"][0].clone();
|
tmp_account.mail = tmp.attrs["mail"][0].clone();
|
||||||
}
|
}
|
||||||
if tmp.attrs.contains_key("skID") && !tmp.attrs["skID"].is_empty() {
|
if tmp.attrs.contains_key("skID") && !tmp.attrs["skID"].is_empty() {
|
||||||
tmp_account.student_id = tmp.attrs["skID"][0].clone();
|
tmp_account.student_id = tmp.attrs["skID"][0].clone();
|
||||||
}
|
}
|
||||||
if tmp.attrs.contains_key("skMemberOf") && !tmp.attrs["skMemberOf"].is_empty() && tmp.attrs["skMemberOf"].contains(&String::from("cn=skynet-users-linux,ou=groups,dc=skynet,dc=ie")) {
|
if tmp.attrs.contains_key("skMemberOf")
|
||||||
tmp_account.enabled = true;
|
&& !tmp.attrs["skMemberOf"].is_empty()
|
||||||
}
|
&& tmp.attrs["skMemberOf"].contains(&String::from("cn=skynet-users-linux,ou=groups,dc=skynet,dc=ie"))
|
||||||
if tmp.attrs.contains_key("userPassword") && !tmp.attrs["userPassword"].is_empty() {
|
{
|
||||||
tmp_account.secure = tmp.attrs["userPassword"][0].starts_with("{SSHA512}")
|
tmp_account.enabled = true;
|
||||||
}
|
}
|
||||||
|
if tmp.attrs.contains_key("userPassword") && !tmp.attrs["userPassword"].is_empty() {
|
||||||
|
tmp_account.secure = tmp.attrs["userPassword"][0].starts_with("{SSHA512}")
|
||||||
|
}
|
||||||
|
|
||||||
if !tmp_account.user.is_empty() {
|
if !tmp_account.user.is_empty() {
|
||||||
sqlx::query_as::<_, Accounts>(
|
sqlx::query_as::<_, Accounts>(
|
||||||
"
|
"
|
||||||
INSERT OR REPLACE INTO accounts (user, uid, discord, mail, student_id, enabled, secure)
|
INSERT OR REPLACE INTO accounts (user, uid, discord, mail, student_id, enabled, secure)
|
||||||
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)
|
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)
|
||||||
",
|
",
|
||||||
)
|
)
|
||||||
.bind(&tmp_account.user)
|
.bind(&tmp_account.user)
|
||||||
.bind(tmp_account.uid)
|
.bind(tmp_account.uid)
|
||||||
.bind(&tmp_account.discord)
|
.bind(&tmp_account.discord)
|
||||||
.bind(&tmp_account.mail)
|
.bind(&tmp_account.mail)
|
||||||
.bind(&tmp_account.student_id)
|
.bind(&tmp_account.student_id)
|
||||||
.bind(tmp_account.enabled)
|
.bind(tmp_account.enabled)
|
||||||
.bind(tmp_account.secure)
|
.bind(tmp_account.secure)
|
||||||
.fetch_optional(db)
|
.fetch_optional(db)
|
||||||
.await
|
.await
|
||||||
.ok();
|
.ok();
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// done with ldap
|
// done with ldap
|
||||||
ldap.unbind().unwrap();
|
ldap.unbind().unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, serde::Deserialize)]
|
#[derive(Debug, serde::Deserialize)]
|
||||||
struct RecordCSV {
|
struct RecordCSV {
|
||||||
#[serde(rename = "MemID")]
|
#[serde(rename = "MemID")]
|
||||||
mem_id: String,
|
mem_id: String,
|
||||||
#[serde(rename = "Student Num")]
|
#[serde(rename = "Student Num")]
|
||||||
id_student: String,
|
id_student: String,
|
||||||
#[serde(rename = "Contact Email")]
|
#[serde(rename = "Contact Email")]
|
||||||
email: String,
|
email: String,
|
||||||
#[serde(rename = "Expiry")]
|
#[serde(rename = "Expiry")]
|
||||||
expiry: String,
|
expiry: String,
|
||||||
#[serde(rename = "First Name")]
|
#[serde(rename = "First Name")]
|
||||||
name_first: String,
|
name_first: String,
|
||||||
#[serde(rename = "Last Name")]
|
#[serde(rename = "Last Name")]
|
||||||
name_second: String,
|
name_second: String,
|
||||||
}
|
}
|
||||||
impl From<RecordCSV> for AccountWolves {
|
impl From<RecordCSV> for AccountWolves {
|
||||||
fn from(input: RecordCSV) -> Self {
|
fn from(input: RecordCSV) -> Self {
|
||||||
AccountWolves {
|
AccountWolves {
|
||||||
id_wolves: input.mem_id,
|
id_wolves: input.mem_id,
|
||||||
id_student: input.id_student,
|
id_student: input.id_student,
|
||||||
email: input.email,
|
email: input.email,
|
||||||
expiry: input.expiry,
|
expiry: input.expiry,
|
||||||
name_first: input.name_first,
|
name_first: input.name_first,
|
||||||
name_second: input.name_second,
|
name_second: input.name_second,
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_csv(config: &Config) -> Result<Vec<RecordCSV>, Box<dyn std::error::Error>> {
|
fn get_csv(config: &Config) -> Result<Vec<RecordCSV>, Box<dyn std::error::Error>> {
|
||||||
let mut records: Vec<RecordCSV> = vec![];
|
let mut records: Vec<RecordCSV> = vec![];
|
||||||
|
|
||||||
let csv = format!("{}/{}", &config.home, &config.csv);
|
let csv = format!("{}/{}", &config.home, &config.csv);
|
||||||
println!("CSV: {:?}", &csv);
|
println!("CSV: {:?}", &csv);
|
||||||
if let Ok(mut rdr) = csv::Reader::from_path(csv) {
|
if let Ok(mut rdr) = csv::Reader::from_path(csv) {
|
||||||
for result in rdr.deserialize() {
|
for result in rdr.deserialize() {
|
||||||
// Notice that we need to provide a type hint for automatic
|
// Notice that we need to provide a type hint for automatic
|
||||||
// deserialization.
|
// deserialization.
|
||||||
let record: RecordCSV = result?;
|
let record: RecordCSV = result?;
|
||||||
if record.mem_id.is_empty() {
|
if record.mem_id.is_empty() {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
records.push(record);
|
records.push(record);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(records)
|
Ok(records)
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn update_account(db: &Pool<Sqlite>, account: &AccountWolves) {
|
async fn update_account(db: &Pool<Sqlite>, account: &AccountWolves) {
|
||||||
sqlx::query_as::<_, AccountWolves>(
|
sqlx::query_as::<_, AccountWolves>(
|
||||||
"
|
"
|
||||||
INSERT OR REPLACE INTO accounts_wolves (id_wolves, id_student, email, expiry, name_first, name_second)
|
INSERT OR REPLACE INTO accounts_wolves (id_wolves, id_student, email, expiry, name_first, name_second)
|
||||||
VALUES (?1, ?2, ?3, ?4, ?5, ?6)
|
VALUES (?1, ?2, ?3, ?4, ?5, ?6)
|
||||||
",
|
",
|
||||||
)
|
)
|
||||||
.bind(&account.id_wolves)
|
.bind(&account.id_wolves)
|
||||||
.bind(&account.id_student)
|
.bind(&account.id_student)
|
||||||
.bind(&account.email)
|
.bind(&account.email)
|
||||||
.bind(&account.expiry)
|
.bind(&account.expiry)
|
||||||
.bind(&account.name_first)
|
.bind(&account.name_first)
|
||||||
.bind(&account.name_second)
|
.bind(&account.name_second)
|
||||||
.fetch_optional(db)
|
.fetch_optional(db)
|
||||||
.await
|
.await
|
||||||
.ok();
|
.ok();
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,170 +4,170 @@ use std::{collections::HashSet, env, error::Error};
|
||||||
|
|
||||||
#[async_std::main]
|
#[async_std::main]
|
||||||
async fn main() -> tide::Result<()> {
|
async fn main() -> tide::Result<()> {
|
||||||
let config = get_config();
|
let config = get_config();
|
||||||
|
|
||||||
update(&config).await?;
|
update(&config).await?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn update(config: &Config) -> tide::Result<()> {
|
async fn update(config: &Config) -> tide::Result<()> {
|
||||||
let db = db_init(config).await.unwrap();
|
let db = db_init(config).await.unwrap();
|
||||||
|
|
||||||
// default user to ensure group is never empty
|
// default user to ensure group is never empty
|
||||||
let mut users_tmp = HashSet::from([String::from("compsoc")]);
|
let mut users_tmp = HashSet::from([String::from("compsoc")]);
|
||||||
let mut admins_tmp = HashSet::from([String::from("compsoc")]);
|
let mut admins_tmp = HashSet::from([String::from("compsoc")]);
|
||||||
let mut committee_tmp = HashSet::from([String::from("compsoc")]);
|
let mut committee_tmp = HashSet::from([String::from("compsoc")]);
|
||||||
|
|
||||||
if let Ok(x) = env::var("USERS_LIFETIME") {
|
if let Ok(x) = env::var("USERS_LIFETIME") {
|
||||||
for user in x.split(',').collect::<Vec<&str>>() {
|
for user in x.split(',').collect::<Vec<&str>>() {
|
||||||
users_tmp.insert(user.to_string());
|
users_tmp.insert(user.to_string());
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// pull from wolves csv
|
// pull from wolves csv
|
||||||
for user in from_csv(&db).await.unwrap_or_default() {
|
for user in from_csv(&db).await.unwrap_or_default() {
|
||||||
users_tmp.insert(user);
|
users_tmp.insert(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
if let Ok(x) = env::var("USERS_ADMIN") {
|
||||||
|
// admins automatically get added as users
|
||||||
|
for user in x.split(',').collect::<Vec<&str>>() {
|
||||||
|
admins_tmp.insert(user.to_string());
|
||||||
|
users_tmp.insert(user.to_string());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if let Ok(x) = env::var("USERS_ADMIN") {
|
// read from teh env
|
||||||
// admins automatically get added as users
|
if let Ok(x) = env::var("USERS_COMMITTEE") {
|
||||||
for user in x.split(',').collect::<Vec<&str>>() {
|
// committee automatically get added as users
|
||||||
admins_tmp.insert(user.to_string());
|
for user in x.split(',').collect::<Vec<&str>>() {
|
||||||
users_tmp.insert(user.to_string());
|
committee_tmp.insert(user.to_string());
|
||||||
}
|
users_tmp.insert(user.to_string());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// read from teh env
|
// sorting makes it easier/faster
|
||||||
if let Ok(x) = env::var("USERS_COMMITTEE") {
|
if let Ok(x) = env::var("USERS_BANNED") {
|
||||||
// committee automatically get added as users
|
for user in x.split(',').collect::<Vec<&str>>() {
|
||||||
for user in x.split(',').collect::<Vec<&str>>() {
|
users_tmp.remove(user);
|
||||||
committee_tmp.insert(user.to_string());
|
|
||||||
users_tmp.insert(user.to_string());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// sorting makes it easier/faster
|
let AccountsSecure {
|
||||||
if let Ok(x) = env::var("USERS_BANNED") {
|
users,
|
||||||
for user in x.split(',').collect::<Vec<&str>>() {
|
admins,
|
||||||
users_tmp.remove(user);
|
committee,
|
||||||
}
|
} = get_secure(&db, &users_tmp, &admins_tmp, &committee_tmp).await;
|
||||||
}
|
|
||||||
|
|
||||||
let AccountsSecure {
|
update_group(config, "skynet-users", &users, true).await?;
|
||||||
users,
|
update_group(config, "skynet-admins", &admins, true).await?;
|
||||||
admins,
|
update_group(config, "skynet-committee", &committee, true).await?;
|
||||||
committee,
|
|
||||||
} = get_secure(&db, &users_tmp, &admins_tmp, &committee_tmp).await;
|
|
||||||
|
|
||||||
update_group(config, "skynet-users", &users, true).await?;
|
Ok(())
|
||||||
update_group(config, "skynet-admins", &admins, true).await?;
|
|
||||||
update_group(config, "skynet-committee", &committee, true).await?;
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn from_csv(db: &Pool<Sqlite>) -> Result<HashSet<String>, Box<dyn Error>> {
|
async fn from_csv(db: &Pool<Sqlite>) -> Result<HashSet<String>, Box<dyn Error>> {
|
||||||
let mut uids = HashSet::new();
|
let mut uids = HashSet::new();
|
||||||
|
|
||||||
for record in get_wolves(db).await {
|
for record in get_wolves(db).await {
|
||||||
// only import users if it is actually active.
|
// only import users if it is actually active.
|
||||||
if record.expiry < get_now_iso(true) {
|
if record.expiry < get_now_iso(true) {
|
||||||
continue;
|
continue;
|
||||||
}
|
|
||||||
if let Some(uid) = account_mail_get_uid(db, &record.email).await {
|
|
||||||
uids.insert(uid);
|
|
||||||
} else if let Some(uid) = account_id_get_uid(db, &record.id_student).await {
|
|
||||||
uids.insert(uid);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
if let Some(uid) = account_mail_get_uid(db, &record.email).await {
|
||||||
|
uids.insert(uid);
|
||||||
|
} else if let Some(uid) = account_id_get_uid(db, &record.id_student).await {
|
||||||
|
uids.insert(uid);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(uids)
|
Ok(uids)
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn account_mail_get_uid(db: &Pool<Sqlite>, mail: &str) -> Option<String> {
|
async fn account_mail_get_uid(db: &Pool<Sqlite>, mail: &str) -> Option<String> {
|
||||||
match sqlx::query_as::<_, Accounts>(
|
match sqlx::query_as::<_, Accounts>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts
|
FROM accounts
|
||||||
WHERE mail == ?
|
WHERE mail == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(mail)
|
.bind(mail)
|
||||||
.fetch_one(db)
|
.fetch_one(db)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(res) => Some(res.user.to_owned()),
|
Ok(res) => Some(res.user.to_owned()),
|
||||||
Err(_) => None,
|
Err(_) => None,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn account_id_get_uid(db: &Pool<Sqlite>, id: &str) -> Option<String> {
|
async fn account_id_get_uid(db: &Pool<Sqlite>, id: &str) -> Option<String> {
|
||||||
match sqlx::query_as::<_, Accounts>(
|
match sqlx::query_as::<_, Accounts>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts
|
FROM accounts
|
||||||
WHERE student_id == ?
|
WHERE student_id == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(id)
|
.bind(id)
|
||||||
.fetch_one(db)
|
.fetch_one(db)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(res) => Some(res.student_id.to_owned()),
|
Ok(res) => Some(res.student_id.to_owned()),
|
||||||
Err(_) => None,
|
Err(_) => None,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct AccountsSecure {
|
struct AccountsSecure {
|
||||||
users: Vec<String>,
|
users: Vec<String>,
|
||||||
admins: Vec<String>,
|
admins: Vec<String>,
|
||||||
committee: Vec<String>,
|
committee: Vec<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_secure(db: &Pool<Sqlite>, users: &HashSet<String>, admins: &HashSet<String>, committee: &HashSet<String>) -> AccountsSecure {
|
async fn get_secure(db: &Pool<Sqlite>, users: &HashSet<String>, admins: &HashSet<String>, committee: &HashSet<String>) -> AccountsSecure {
|
||||||
// to avoid searching for teh same thing again.
|
// to avoid searching for teh same thing again.
|
||||||
let mut cache = HashSet::new();
|
let mut cache = HashSet::new();
|
||||||
AccountsSecure {
|
AccountsSecure {
|
||||||
users: get_secure_sub(db, users, &mut cache).await,
|
users: get_secure_sub(db, users, &mut cache).await,
|
||||||
admins: get_secure_sub(db, admins, &mut cache).await,
|
admins: get_secure_sub(db, admins, &mut cache).await,
|
||||||
committee: get_secure_sub(db, committee, &mut cache).await,
|
committee: get_secure_sub(db, committee, &mut cache).await,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_secure_sub(db: &Pool<Sqlite>, group: &HashSet<String>, cache: &mut HashSet<String>) -> Vec<String> {
|
async fn get_secure_sub(db: &Pool<Sqlite>, group: &HashSet<String>, cache: &mut HashSet<String>) -> Vec<String> {
|
||||||
let mut tmp = vec![];
|
let mut tmp = vec![];
|
||||||
|
|
||||||
for user in group {
|
for user in group {
|
||||||
// check the cache first
|
// check the cache first
|
||||||
let mut add = false;
|
let mut add = false;
|
||||||
if cache.get(user).is_some() {
|
if cache.get(user).is_some() {
|
||||||
add = true;
|
add = true;
|
||||||
} else if is_secure(db, user).await {
|
} else if is_secure(db, user).await {
|
||||||
cache.insert(user.to_string());
|
cache.insert(user.to_string());
|
||||||
add = true;
|
add = true;
|
||||||
}
|
|
||||||
|
|
||||||
if add {
|
|
||||||
tmp.push(user.clone());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
tmp
|
if add {
|
||||||
|
tmp.push(user.clone());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tmp
|
||||||
}
|
}
|
||||||
async fn is_secure(db: &Pool<Sqlite>, user: &str) -> bool {
|
async fn is_secure(db: &Pool<Sqlite>, user: &str) -> bool {
|
||||||
match sqlx::query_as::<_, Accounts>(
|
match sqlx::query_as::<_, Accounts>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts
|
FROM accounts
|
||||||
WHERE user == ? AND secure == 1
|
WHERE user == ? AND secure == 1
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(user)
|
.bind(user)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(res) => !res.is_empty(),
|
Ok(res) => !res.is_empty(),
|
||||||
Err(_) => false,
|
Err(_) => false,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
376
src/lib.rs
376
src/lib.rs
|
@ -4,72 +4,72 @@ use dotenvy::dotenv;
|
||||||
use ldap3::{LdapConn, Mod};
|
use ldap3::{LdapConn, Mod};
|
||||||
use rand::{distributions::Alphanumeric, thread_rng, Rng};
|
use rand::{distributions::Alphanumeric, thread_rng, Rng};
|
||||||
use sqlx::{
|
use sqlx::{
|
||||||
sqlite::{SqliteConnectOptions, SqlitePoolOptions},
|
sqlite::{SqliteConnectOptions, SqlitePoolOptions},
|
||||||
Error, Pool, Sqlite,
|
Error, Pool, Sqlite,
|
||||||
};
|
};
|
||||||
use std::{
|
use std::{
|
||||||
env,
|
env,
|
||||||
str::FromStr,
|
str::FromStr,
|
||||||
time::{SystemTime, UNIX_EPOCH},
|
time::{SystemTime, UNIX_EPOCH},
|
||||||
};
|
};
|
||||||
use tide::prelude::*;
|
use tide::prelude::*;
|
||||||
|
|
||||||
#[derive(Debug, Deserialize, Serialize, sqlx::FromRow)]
|
#[derive(Debug, Deserialize, Serialize, sqlx::FromRow)]
|
||||||
pub struct AccountWolves {
|
pub struct AccountWolves {
|
||||||
pub id_wolves: String,
|
pub id_wolves: String,
|
||||||
pub id_student: String,
|
pub id_student: String,
|
||||||
pub email: String,
|
pub email: String,
|
||||||
pub expiry: String,
|
pub expiry: String,
|
||||||
pub name_first: String,
|
pub name_first: String,
|
||||||
pub name_second: String,
|
pub name_second: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
||||||
pub struct AccountsNew {
|
pub struct AccountsNew {
|
||||||
pub mail: String,
|
pub mail: String,
|
||||||
pub auth_code: String,
|
pub auth_code: String,
|
||||||
pub date_iso: String,
|
pub date_iso: String,
|
||||||
pub date_expiry: String,
|
pub date_expiry: String,
|
||||||
pub name_first: String,
|
pub name_first: String,
|
||||||
pub name_surname: String,
|
pub name_surname: String,
|
||||||
pub id_student: String,
|
pub id_student: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
||||||
pub struct AccountsReset {
|
pub struct AccountsReset {
|
||||||
pub user: String,
|
pub user: String,
|
||||||
pub auth_code: String,
|
pub auth_code: String,
|
||||||
pub date_expiry: String,
|
pub date_expiry: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
||||||
pub struct AccountsSSH {
|
pub struct AccountsSSH {
|
||||||
pub user: String,
|
pub user: String,
|
||||||
pub auth_code: String,
|
pub auth_code: String,
|
||||||
pub email: String,
|
pub email: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
#[derive(Debug, Clone, Deserialize, Serialize, sqlx::FromRow)]
|
||||||
pub struct Accounts {
|
pub struct Accounts {
|
||||||
pub user: String,
|
pub user: String,
|
||||||
pub uid: i64,
|
pub uid: i64,
|
||||||
pub discord: Option<String>,
|
pub discord: Option<String>,
|
||||||
pub mail: String,
|
pub mail: String,
|
||||||
pub student_id: String,
|
pub student_id: String,
|
||||||
pub enabled: bool,
|
pub enabled: bool,
|
||||||
pub secure: bool,
|
pub secure: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
|
pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
|
||||||
let database = format!("{}/{}", &config.home, &config.database);
|
let database = format!("{}/{}", &config.home, &config.database);
|
||||||
println!("Database: {:?}", &database);
|
println!("Database: {:?}", &database);
|
||||||
let pool = SqlitePoolOptions::new()
|
let pool = SqlitePoolOptions::new()
|
||||||
.max_connections(5)
|
.max_connections(5)
|
||||||
.connect_with(SqliteConnectOptions::from_str(&format!("sqlite://{}", database))?.create_if_missing(true))
|
.connect_with(SqliteConnectOptions::from_str(&format!("sqlite://{}", database))?.create_if_missing(true))
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
sqlx::query(
|
sqlx::query(
|
||||||
"CREATE TABLE IF NOT EXISTS accounts_wolves (
|
"CREATE TABLE IF NOT EXISTS accounts_wolves (
|
||||||
id_wolves text primary key,
|
id_wolves text primary key,
|
||||||
id_student text not null,
|
id_student text not null,
|
||||||
email text not null,
|
email text not null,
|
||||||
|
@ -77,12 +77,12 @@ pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
|
||||||
name_first text not null,
|
name_first text not null,
|
||||||
name_second integer not null
|
name_second integer not null
|
||||||
)",
|
)",
|
||||||
)
|
)
|
||||||
.execute(&pool)
|
.execute(&pool)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
sqlx::query(
|
sqlx::query(
|
||||||
"CREATE TABLE IF NOT EXISTS accounts_new (
|
"CREATE TABLE IF NOT EXISTS accounts_new (
|
||||||
mail text primary key,
|
mail text primary key,
|
||||||
auth_code text not null,
|
auth_code text not null,
|
||||||
date_iso text not null,
|
date_iso text not null,
|
||||||
|
@ -91,47 +91,47 @@ pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
|
||||||
name_surname integer not null,
|
name_surname integer not null,
|
||||||
id_student text not null
|
id_student text not null
|
||||||
)",
|
)",
|
||||||
)
|
)
|
||||||
|
.execute(&pool)
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_new (auth_code)")
|
||||||
|
.execute(&pool)
|
||||||
|
.await?;
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_new (date_expiry)")
|
||||||
.execute(&pool)
|
.execute(&pool)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_new (auth_code)")
|
sqlx::query(
|
||||||
.execute(&pool)
|
"CREATE TABLE IF NOT EXISTS accounts_ssh (
|
||||||
.await?;
|
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_new (date_expiry)")
|
|
||||||
.execute(&pool)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
sqlx::query(
|
|
||||||
"CREATE TABLE IF NOT EXISTS accounts_ssh (
|
|
||||||
user text primary key,
|
user text primary key,
|
||||||
auth_code text not null,
|
auth_code text not null,
|
||||||
email text not null
|
email text not null
|
||||||
)",
|
)",
|
||||||
)
|
)
|
||||||
.execute(&pool)
|
.execute(&pool)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
sqlx::query(
|
sqlx::query(
|
||||||
"CREATE TABLE IF NOT EXISTS accounts_reset (
|
"CREATE TABLE IF NOT EXISTS accounts_reset (
|
||||||
user text primary key,
|
user text primary key,
|
||||||
auth_code text not null,
|
auth_code text not null,
|
||||||
date_expiry text not null
|
date_expiry text not null
|
||||||
)",
|
)",
|
||||||
)
|
)
|
||||||
|
.execute(&pool)
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_reset (auth_code)")
|
||||||
|
.execute(&pool)
|
||||||
|
.await?;
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_reset (date_expiry)")
|
||||||
.execute(&pool)
|
.execute(&pool)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_auth_code ON accounts_reset (auth_code)")
|
// this is for active use
|
||||||
.execute(&pool)
|
sqlx::query(
|
||||||
.await?;
|
"CREATE TABLE IF NOT EXISTS accounts (
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_date_expiry ON accounts_reset (date_expiry)")
|
|
||||||
.execute(&pool)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
// this is for active use
|
|
||||||
sqlx::query(
|
|
||||||
"CREATE TABLE IF NOT EXISTS accounts (
|
|
||||||
user text primary key,
|
user text primary key,
|
||||||
uid integer not null,
|
uid integer not null,
|
||||||
discord text,
|
discord text,
|
||||||
|
@ -140,168 +140,168 @@ pub async fn db_init(config: &Config) -> Result<Pool<Sqlite>, Error> {
|
||||||
enabled integer not null,
|
enabled integer not null,
|
||||||
secure integer not null
|
secure integer not null
|
||||||
)",
|
)",
|
||||||
)
|
)
|
||||||
|
.execute(&pool)
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_uid_number ON accounts (uid)").execute(&pool).await?;
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_mail ON accounts (mail)").execute(&pool).await?;
|
||||||
|
sqlx::query("CREATE INDEX IF NOT EXISTS index_student_id ON accounts (student_id)")
|
||||||
.execute(&pool)
|
.execute(&pool)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_uid_number ON accounts (uid)").execute(&pool).await?;
|
Ok(pool)
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_mail ON accounts (mail)").execute(&pool).await?;
|
|
||||||
sqlx::query("CREATE INDEX IF NOT EXISTS index_student_id ON accounts (student_id)")
|
|
||||||
.execute(&pool)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
Ok(pool)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_now() -> i64 {
|
pub fn get_now() -> i64 {
|
||||||
if let Ok(x) = SystemTime::now().duration_since(UNIX_EPOCH) {
|
if let Ok(x) = SystemTime::now().duration_since(UNIX_EPOCH) {
|
||||||
x.as_secs() as i64
|
x.as_secs() as i64
|
||||||
} else {
|
} else {
|
||||||
0
|
0
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_now_iso(short: bool) -> String {
|
pub fn get_now_iso(short: bool) -> String {
|
||||||
let now = Utc::now();
|
let now = Utc::now();
|
||||||
if short {
|
if short {
|
||||||
format!("{}-{:02}-{:02}", now.year(), now.month(), now.day())
|
format!("{}-{:02}-{:02}", now.year(), now.month(), now.day())
|
||||||
} else {
|
} else {
|
||||||
now.to_rfc3339_opts(SecondsFormat::Millis, true)
|
now.to_rfc3339_opts(SecondsFormat::Millis, true)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
pub struct State {
|
pub struct State {
|
||||||
pub db: Pool<Sqlite>,
|
pub db: Pool<Sqlite>,
|
||||||
pub config: Config,
|
pub config: Config,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
pub ldap_host: String,
|
pub ldap_host: String,
|
||||||
pub ldap_admin: String,
|
pub ldap_admin: String,
|
||||||
pub ldap_admin_pw: String,
|
pub ldap_admin_pw: String,
|
||||||
pub home: String,
|
pub home: String,
|
||||||
pub database: String,
|
pub database: String,
|
||||||
pub csv: String,
|
pub csv: String,
|
||||||
pub host_port: String,
|
pub host_port: String,
|
||||||
pub mail_smtp: String,
|
pub mail_smtp: String,
|
||||||
pub mail_user: String,
|
pub mail_user: String,
|
||||||
pub mail_pass: String,
|
pub mail_pass: String,
|
||||||
pub ssh_root: String,
|
pub ssh_root: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_config() -> Config {
|
pub fn get_config() -> Config {
|
||||||
dotenv().ok();
|
dotenv().ok();
|
||||||
|
|
||||||
// reasonable defaults
|
// reasonable defaults
|
||||||
let mut config = Config {
|
let mut config = Config {
|
||||||
ldap_host: "".to_string(),
|
ldap_host: "".to_string(),
|
||||||
ldap_admin: "".to_string(),
|
ldap_admin: "".to_string(),
|
||||||
ldap_admin_pw: "".to_string(),
|
ldap_admin_pw: "".to_string(),
|
||||||
home: ".".to_string(),
|
home: ".".to_string(),
|
||||||
database: "database.db".to_string(),
|
database: "database.db".to_string(),
|
||||||
csv: "wolves.csv".to_string(),
|
csv: "wolves.csv".to_string(),
|
||||||
host_port: "127.0.0.1:8087".to_string(),
|
host_port: "127.0.0.1:8087".to_string(),
|
||||||
mail_smtp: "".to_string(),
|
mail_smtp: "".to_string(),
|
||||||
mail_user: "".to_string(),
|
mail_user: "".to_string(),
|
||||||
mail_pass: "".to_string(),
|
mail_pass: "".to_string(),
|
||||||
ssh_root: "/skynet_old/home".to_string(),
|
ssh_root: "/skynet_old/home".to_string(),
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Ok(x) = env::var("LDAP_HOST") {
|
if let Ok(x) = env::var("LDAP_HOST") {
|
||||||
config.ldap_host = x.trim().to_string();
|
config.ldap_host = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("LDAP_ADMIN") {
|
if let Ok(x) = env::var("LDAP_ADMIN") {
|
||||||
config.ldap_admin = x.trim().to_string();
|
config.ldap_admin = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("LDAP_ADMIN_PW") {
|
if let Ok(x) = env::var("LDAP_ADMIN_PW") {
|
||||||
config.ldap_admin_pw = x.trim().to_string();
|
config.ldap_admin_pw = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("HOME") {
|
if let Ok(x) = env::var("HOME") {
|
||||||
config.home = x.trim().to_string();
|
config.home = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("DATABASE") {
|
if let Ok(x) = env::var("DATABASE") {
|
||||||
config.database = x.trim().to_string();
|
config.database = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("CSV") {
|
if let Ok(x) = env::var("CSV") {
|
||||||
config.csv = x.trim().to_string();
|
config.csv = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("HOST_PORT") {
|
if let Ok(x) = env::var("HOST_PORT") {
|
||||||
config.host_port = x.trim().to_string();
|
config.host_port = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("EMAIL_SMTP") {
|
if let Ok(x) = env::var("EMAIL_SMTP") {
|
||||||
config.mail_smtp = x.trim().to_string();
|
config.mail_smtp = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("EMAIL_USER") {
|
if let Ok(x) = env::var("EMAIL_USER") {
|
||||||
config.mail_user = x.trim().to_string();
|
config.mail_user = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("EMAIL_PASS") {
|
if let Ok(x) = env::var("EMAIL_PASS") {
|
||||||
config.mail_pass = x.trim().to_string();
|
config.mail_pass = x.trim().to_string();
|
||||||
}
|
}
|
||||||
if let Ok(x) = env::var("SSH_ROOT") {
|
if let Ok(x) = env::var("SSH_ROOT") {
|
||||||
config.ssh_root = x.trim().to_string();
|
config.ssh_root = x.trim().to_string();
|
||||||
}
|
}
|
||||||
|
|
||||||
config
|
config
|
||||||
}
|
}
|
||||||
|
|
||||||
// from https://rust-lang-nursery.github.io/rust-cookbook/algorithms/randomness.html#create-random-passwords-from-a-set-of-alphanumeric-characters
|
// from https://rust-lang-nursery.github.io/rust-cookbook/algorithms/randomness.html#create-random-passwords-from-a-set-of-alphanumeric-characters
|
||||||
pub fn random_string(len: usize) -> String {
|
pub fn random_string(len: usize) -> String {
|
||||||
thread_rng().sample_iter(&Alphanumeric).take(len).map(char::from).collect()
|
thread_rng().sample_iter(&Alphanumeric).take(len).map(char::from).collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_wolves(db: &Pool<Sqlite>) -> Vec<AccountWolves> {
|
pub async fn get_wolves(db: &Pool<Sqlite>) -> Vec<AccountWolves> {
|
||||||
sqlx::query_as::<_, AccountWolves>(
|
sqlx::query_as::<_, AccountWolves>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts_wolves
|
FROM accounts_wolves
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
.unwrap_or(vec![])
|
.unwrap_or(vec![])
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn uid_to_dn(uid: &str) -> String {
|
pub fn uid_to_dn(uid: &str) -> String {
|
||||||
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
|
format!("uid={},ou=users,dc=skynet,dc=ie", uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
|
pub async fn update_group(config: &Config, group: &str, users: &Vec<String>, replace: bool) -> tide::Result<()> {
|
||||||
if users.is_empty() {
|
if users.is_empty() {
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
// use the admin account
|
// use the admin account
|
||||||
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
||||||
|
|
||||||
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
|
let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
|
||||||
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
|
let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
|
||||||
let mods = if replace {
|
let mods = if replace {
|
||||||
vec![Mod::Replace("member".to_string(), members)]
|
vec![Mod::Replace("member".to_string(), members)]
|
||||||
} else {
|
} else {
|
||||||
vec![Mod::Add("member".to_string(), members)]
|
vec![Mod::Add("member".to_string(), members)]
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Err(x) = ldap.modify(&dn, mods) {
|
if let Err(x) = ldap.modify(&dn, mods) {
|
||||||
println!("{:?}", x);
|
println!("{:?}", x);
|
||||||
}
|
}
|
||||||
|
|
||||||
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
|
let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
|
||||||
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
|
let members_linux = users.iter().map(|uid| uid.to_string()).collect();
|
||||||
let mods = if replace {
|
let mods = if replace {
|
||||||
vec![Mod::Replace("memberUid".to_string(), members_linux)]
|
vec![Mod::Replace("memberUid".to_string(), members_linux)]
|
||||||
} else {
|
} else {
|
||||||
vec![Mod::Add("memberUid".to_string(), members_linux)]
|
vec![Mod::Add("memberUid".to_string(), members_linux)]
|
||||||
};
|
};
|
||||||
if let Err(x) = ldap.modify(&dn_linux, mods) {
|
if let Err(x) = ldap.modify(&dn_linux, mods) {
|
||||||
println!("{:?}", x);
|
println!("{:?}", x);
|
||||||
};
|
};
|
||||||
|
|
||||||
// tidy up
|
// tidy up
|
||||||
ldap.unbind()?;
|
ldap.unbind()?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
50
src/main.rs
50
src/main.rs
|
@ -1,39 +1,39 @@
|
||||||
use skynet_ldap_backend::{
|
use skynet_ldap_backend::{
|
||||||
db_init, get_config,
|
db_init, get_config,
|
||||||
methods::{account_new, account_recover, account_update},
|
methods::{account_new, account_recover, account_update},
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[async_std::main]
|
#[async_std::main]
|
||||||
async fn main() -> tide::Result<()> {
|
async fn main() -> tide::Result<()> {
|
||||||
let config = get_config();
|
let config = get_config();
|
||||||
let db = db_init(&config).await?;
|
let db = db_init(&config).await?;
|
||||||
|
|
||||||
let host_port = config.host_port.clone();
|
let host_port = config.host_port.clone();
|
||||||
|
|
||||||
tide::log::start();
|
tide::log::start();
|
||||||
|
|
||||||
let state = State {
|
let state = State {
|
||||||
db,
|
db,
|
||||||
config,
|
config,
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut app = tide::with_state(state);
|
let mut app = tide::with_state(state);
|
||||||
|
|
||||||
// for users to update their own profile
|
// for users to update their own profile
|
||||||
app.at("/ldap/update").post(account_update::submit);
|
app.at("/ldap/update").post(account_update::submit);
|
||||||
|
|
||||||
// for new users
|
// for new users
|
||||||
app.at("/ldap/new/email").post(account_new::email::submit);
|
app.at("/ldap/new/email").post(account_new::email::submit);
|
||||||
app.at("/ldap/new/account").post(account_new::account::submit);
|
app.at("/ldap/new/account").post(account_new::account::submit);
|
||||||
|
|
||||||
// for folks who forget password/username
|
// for folks who forget password/username
|
||||||
app.at("/ldap/recover/password").post(account_recover::password::reset);
|
app.at("/ldap/recover/password").post(account_recover::password::reset);
|
||||||
app.at("/ldap/recover/password/auth").post(account_recover::password::auth);
|
app.at("/ldap/recover/password/auth").post(account_recover::password::auth);
|
||||||
app.at("/ldap/recover/username").post(account_recover::username::submit);
|
app.at("/ldap/recover/username").post(account_recover::username::submit);
|
||||||
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
|
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
|
||||||
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
|
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
|
||||||
|
|
||||||
app.listen(host_port).await?;
|
app.listen(host_port).await?;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,170 +1,170 @@
|
||||||
use crate::{get_now_iso, random_string, AccountWolves, Accounts, AccountsNew, Config, State};
|
use crate::{get_now_iso, random_string, AccountWolves, Accounts, AccountsNew, Config, State};
|
||||||
use ldap3::{exop::PasswordModify, LdapConn, Scope};
|
use ldap3::{exop::PasswordModify, LdapConn, Scope};
|
||||||
use lettre::{
|
use lettre::{
|
||||||
message::{header, MultiPart, SinglePart},
|
message::{header, MultiPart, SinglePart},
|
||||||
transport::smtp::authentication::Credentials,
|
transport::smtp::{self, authentication::Credentials},
|
||||||
Message, SmtpTransport, Transport,
|
Message, SmtpTransport, Transport,
|
||||||
};
|
};
|
||||||
use maud::html;
|
use maud::html;
|
||||||
use sqlx::{Error, Pool, Sqlite};
|
use sqlx::{Error, Pool, Sqlite};
|
||||||
use std::collections::HashSet;
|
use std::collections::HashSet;
|
||||||
use tide::{
|
use tide::{
|
||||||
prelude::{json, Deserialize},
|
prelude::{json, Deserialize},
|
||||||
Request,
|
Request,
|
||||||
};
|
};
|
||||||
|
|
||||||
pub mod email {
|
pub mod email {
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
struct SignupEmail {
|
struct SignupEmail {
|
||||||
email: String,
|
email: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
let SignupEmail {
|
let SignupEmail {
|
||||||
email,
|
email,
|
||||||
} = req.body_json().await?;
|
} = req.body_json().await?;
|
||||||
|
|
||||||
let config = &req.state().config;
|
let config = &req.state().config;
|
||||||
let db = &req.state().db;
|
let db = &req.state().db;
|
||||||
|
|
||||||
for record in get_wolves_mail(db, &email).await {
|
for record in get_wolves_mail(db, &email).await {
|
||||||
// skynet emails not permitted
|
// skynet emails not permitted
|
||||||
if record.email.trim().ends_with("@skynet.ie") {
|
if record.email.trim().ends_with("@skynet.ie") {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the email is already in the db
|
// check if the email is already in the db
|
||||||
if !check(db, &record.email).await {
|
if !check(db, &record.email).await {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
// generate a auth key
|
// generate a auth key
|
||||||
let auth = random_string(75);
|
let auth = random_string(75);
|
||||||
|
|
||||||
match send_mail(config, &record, &auth) {
|
match send_mail(config, &record, &auth) {
|
||||||
Ok(_) => match save_to_db(db, &record, &auth).await {
|
Ok(_) => match save_to_db(db, &record, &auth).await {
|
||||||
Ok(_) => {}
|
Ok(_) => {}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
println!("Unable to save to db {} {e:?}", &record.email);
|
println!("Unable to save to db {} {e:?}", &record.email);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
println!("Unable to send mail to {} {e:?}", &record.email);
|
println!("Unable to send mail to {} {e:?}", &record.email);
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
Ok(json!({"result": "success"}).into())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
|
Ok(json!({"result": "success"}).into())
|
||||||
sqlx::query_as::<_, AccountWolves>(
|
}
|
||||||
r#"
|
|
||||||
|
pub async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
|
||||||
|
sqlx::query_as::<_, AccountWolves>(
|
||||||
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts_wolves
|
FROM accounts_wolves
|
||||||
WHERE email = ?
|
WHERE email = ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(mail)
|
.bind(mail)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
.unwrap_or(vec![])
|
.unwrap_or(vec![])
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn check(db: &Pool<Sqlite>, mail: &str) -> bool {
|
async fn check(db: &Pool<Sqlite>, mail: &str) -> bool {
|
||||||
check_pending(db, mail).await && check_users(db, mail).await
|
check_pending(db, mail).await && check_users(db, mail).await
|
||||||
}
|
}
|
||||||
async fn check_users(db: &Pool<Sqlite>, mail: &str) -> bool {
|
async fn check_users(db: &Pool<Sqlite>, mail: &str) -> bool {
|
||||||
sqlx::query_as::<_, Accounts>(
|
sqlx::query_as::<_, Accounts>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts
|
FROM accounts
|
||||||
WHERE mail == ?
|
WHERE mail == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(mail)
|
.bind(mail)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
.unwrap_or(vec![])
|
.unwrap_or(vec![])
|
||||||
.is_empty()
|
.is_empty()
|
||||||
}
|
}
|
||||||
async fn check_pending(db: &Pool<Sqlite>, mail: &str) -> bool {
|
async fn check_pending(db: &Pool<Sqlite>, mail: &str) -> bool {
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts_new
|
FROM accounts_new
|
||||||
WHERE mail == ?
|
WHERE mail == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(mail)
|
.bind(mail)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
.unwrap_or(vec![])
|
.unwrap_or(vec![])
|
||||||
.is_empty()
|
.is_empty()
|
||||||
}
|
}
|
||||||
|
|
||||||
// using https://github.com/lettre/lettre/blob/57886c367d69b4d66300b322c94bd910b1eca364/examples/maud_html.rs
|
// using https://github.com/lettre/lettre/blob/57886c367d69b4d66300b322c94bd910b1eca364/examples/maud_html.rs
|
||||||
fn send_mail(config: &Config, record: &AccountWolves, auth: &str) -> Result<lettre::transport::smtp::response::Response, lettre::transport::smtp::Error> {
|
fn send_mail(config: &Config, record: &AccountWolves, auth: &str) -> Result<smtp::response::Response, smtp::Error> {
|
||||||
let recipient = &record.name_first;
|
let recipient = &record.name_first;
|
||||||
let mail = &record.email;
|
let mail = &record.email;
|
||||||
let url_base = "https://account.skynet.ie";
|
let url_base = "https://account.skynet.ie";
|
||||||
let link_new = format!("{url_base}/register?auth={auth}");
|
let link_new = format!("{url_base}/register?auth={auth}");
|
||||||
let link_mod = format!("{url_base}/modify");
|
let link_mod = format!("{url_base}/modify");
|
||||||
let discord = "https://discord.skynet.ie";
|
let discord = "https://discord.skynet.ie";
|
||||||
let sender = format!("UL Computer Society <{}>", &config.mail_user);
|
let sender = format!("UL Computer Society <{}>", &config.mail_user);
|
||||||
|
|
||||||
// Create the html we want to send.
|
// Create the html we want to send.
|
||||||
let html = html! {
|
let html = html! {
|
||||||
head {
|
head {
|
||||||
title { "Hello from Skynet!" }
|
title { "Hello from Skynet!" }
|
||||||
style type="text/css" {
|
style type="text/css" {
|
||||||
"h2, h4 { font-family: Arial, Helvetica, sans-serif; }"
|
"h2, h4 { font-family: Arial, Helvetica, sans-serif; }"
|
||||||
}
|
|
||||||
}
|
}
|
||||||
div style="display: flex; flex-direction: column; align-items: center;" {
|
}
|
||||||
h2 { "Hello from Skynet!" }
|
div style="display: flex; flex-direction: column; align-items: center;" {
|
||||||
// Substitute in the name of our recipient.
|
h2 { "Hello from Skynet!" }
|
||||||
p { "Hi " (recipient) "," }
|
// Substitute in the name of our recipient.
|
||||||
p {
|
p { "Hi " (recipient) "," }
|
||||||
"As part of the UL Computer Society you get an account on our Skynet cluster."
|
p {
|
||||||
br;
|
"As part of the UL Computer Society you get an account on our Skynet cluster."
|
||||||
"This gives you access to some of teh various services we offer:"
|
br;
|
||||||
ul {
|
"This gives you access to some of teh various services we offer:"
|
||||||
li { "Email" }
|
ul {
|
||||||
li { "Gitlab" }
|
li { "Email" }
|
||||||
li { "Linux Webhost" }
|
li { "Gitlab" }
|
||||||
}
|
li { "Linux Webhost" }
|
||||||
br;
|
|
||||||
"The following invite will remain active until the end of year."
|
|
||||||
}
|
|
||||||
p {
|
|
||||||
"If you are a new member please use the following link:"
|
|
||||||
br;
|
|
||||||
a href=(link_new) { (link_new) }
|
|
||||||
}
|
|
||||||
p {
|
|
||||||
"If you are a returning user please set an email for your account at:"
|
|
||||||
br;
|
|
||||||
a href=(link_mod) { (link_mod) }
|
|
||||||
}
|
|
||||||
p {
|
|
||||||
"If you have issues please refer to our Discord server:"
|
|
||||||
br;
|
|
||||||
a href=(discord) { (discord) }
|
|
||||||
}
|
|
||||||
|
|
||||||
p {
|
|
||||||
"Skynet Team"
|
|
||||||
br;
|
|
||||||
"UL Computer Society"
|
|
||||||
}
|
}
|
||||||
|
br;
|
||||||
|
"The following invite will remain active until the end of year."
|
||||||
|
}
|
||||||
|
p {
|
||||||
|
"If you are a new member please use the following link:"
|
||||||
|
br;
|
||||||
|
a href=(link_new) { (link_new) }
|
||||||
|
}
|
||||||
|
p {
|
||||||
|
"If you are a returning user please set an email for your account at:"
|
||||||
|
br;
|
||||||
|
a href=(link_mod) { (link_mod) }
|
||||||
|
}
|
||||||
|
p {
|
||||||
|
"If you have issues please refer to our Discord server:"
|
||||||
|
br;
|
||||||
|
a href=(discord) { (discord) }
|
||||||
}
|
}
|
||||||
};
|
|
||||||
|
|
||||||
let body_text = format!(
|
p {
|
||||||
r#"
|
"Skynet Team"
|
||||||
|
br;
|
||||||
|
"UL Computer Society"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let body_text = format!(
|
||||||
|
r#"
|
||||||
Hi {recipient}
|
Hi {recipient}
|
||||||
|
|
||||||
As part of the UL Computer Society you get an account on our Skynet cluster.
|
As part of the UL Computer Society you get an account on our Skynet cluster.
|
||||||
|
@ -186,275 +186,276 @@ pub mod email {
|
||||||
Skynet Team
|
Skynet Team
|
||||||
UL Computer Society
|
UL Computer Society
|
||||||
"#
|
"#
|
||||||
);
|
);
|
||||||
|
|
||||||
// Build the message.
|
// Build the message.
|
||||||
let email = Message::builder()
|
let email = Message::builder()
|
||||||
.from(sender.parse().unwrap())
|
.from(sender.parse().unwrap())
|
||||||
.to(mail.parse().unwrap())
|
.to(mail.parse().unwrap())
|
||||||
.subject("Skynet: New Account.")
|
.subject("Skynet: New Account.")
|
||||||
.multipart(
|
.multipart(
|
||||||
// This is composed of two parts.
|
// This is composed of two parts.
|
||||||
// also helps not trip spam settings (uneven number of url's
|
// also helps not trip spam settings (uneven number of url's
|
||||||
MultiPart::alternative()
|
MultiPart::alternative()
|
||||||
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_PLAIN).body(body_text))
|
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_PLAIN).body(body_text))
|
||||||
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_HTML).body(html.into_string())),
|
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_HTML).body(html.into_string())),
|
||||||
)
|
)
|
||||||
.expect("failed to build email");
|
.expect("failed to build email");
|
||||||
|
|
||||||
let creds = Credentials::new(config.mail_user.clone(), config.mail_pass.clone());
|
let creds = Credentials::new(config.mail_user.clone(), config.mail_pass.clone());
|
||||||
|
|
||||||
// Open a remote connection to gmail using STARTTLS
|
// Open a remote connection to gmail using STARTTLS
|
||||||
let mailer = SmtpTransport::starttls_relay(&config.mail_smtp).unwrap().credentials(creds).build();
|
let mailer = SmtpTransport::starttls_relay(&config.mail_smtp).unwrap().credentials(creds).build();
|
||||||
|
|
||||||
// Send the email
|
// Send the email
|
||||||
mailer.send(&email)
|
mailer.send(&email)
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn save_to_db(db: &Pool<Sqlite>, record: &AccountWolves, auth: &str) -> Result<Option<AccountsNew>, sqlx::Error> {
|
async fn save_to_db(db: &Pool<Sqlite>, record: &AccountWolves, auth: &str) -> Result<Option<AccountsNew>, sqlx::Error> {
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
"
|
"
|
||||||
INSERT OR REPLACE INTO accounts_new (mail, auth_code, date_iso, date_expiry, name_first, name_surname, id_student)
|
INSERT OR REPLACE INTO accounts_new (mail, auth_code, date_iso, date_expiry, name_first, name_surname, id_student)
|
||||||
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)
|
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)
|
||||||
",
|
",
|
||||||
)
|
)
|
||||||
.bind(record.email.to_owned())
|
.bind(record.email.to_owned())
|
||||||
.bind(auth.to_owned())
|
.bind(auth.to_owned())
|
||||||
.bind(get_now_iso(false))
|
.bind(get_now_iso(false))
|
||||||
.bind(record.expiry.to_owned())
|
.bind(record.expiry.to_owned())
|
||||||
.bind(record.name_first.to_owned())
|
.bind(record.name_first.to_owned())
|
||||||
.bind(record.name_second.to_owned())
|
.bind(record.name_second.to_owned())
|
||||||
.bind(record.id_student.to_owned())
|
.bind(record.id_student.to_owned())
|
||||||
.fetch_optional(db)
|
.fetch_optional(db)
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub mod account {
|
pub mod account {
|
||||||
use super::*;
|
use super::*;
|
||||||
use crate::update_group;
|
use crate::update_group;
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
struct LdapNewUser {
|
struct LdapNewUser {
|
||||||
auth: String,
|
auth: String,
|
||||||
user: String,
|
user: String,
|
||||||
pass: String,
|
pass: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Handles initial detail entering page
|
||||||
|
/// Verify users have access to said email
|
||||||
|
/// Get users to set username and password.
|
||||||
|
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
|
let LdapNewUser {
|
||||||
|
auth,
|
||||||
|
user,
|
||||||
|
pass,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
|
||||||
|
let config = &req.state().config;
|
||||||
|
let db = &req.state().db;
|
||||||
|
|
||||||
|
// ensure there are no old requests
|
||||||
|
db_pending_clear_expired(db).await?;
|
||||||
|
|
||||||
|
let user_db = if let Some(x) = db_get_user(db, &auth).await {
|
||||||
|
x
|
||||||
|
} else {
|
||||||
|
return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Some(error) = is_valid_name(&user) {
|
||||||
|
return Ok(json!({"result": "error", "error": error}).into());
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Handles initial detail entering page
|
// easier to give each request its own connection
|
||||||
/// Verify users have access to said email
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
/// Get users to set username and password.
|
|
||||||
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
|
||||||
let LdapNewUser {
|
|
||||||
auth,
|
|
||||||
user,
|
|
||||||
pass,
|
|
||||||
} = req.body_json().await?;
|
|
||||||
|
|
||||||
let config = &req.state().config;
|
// ldap3 docs say a blank username and pass is an anon bind
|
||||||
let db = &req.state().db;
|
ldap.simple_bind("", "")?.success()?;
|
||||||
|
|
||||||
// ensure there are no old requests
|
let filter_dn = format!("(uid={})", &user);
|
||||||
db_pending_clear_expired(db).await?;
|
if let Ok(x) = ldap.search("ou=users,dc=skynet,dc=ie", Scope::OneLevel, &filter_dn, vec!["*"]) {
|
||||||
|
if let Ok((rs, _res)) = x.success() {
|
||||||
let user_db = if let Some(x) = db_get_user(db, &auth).await {
|
if !rs.is_empty() {
|
||||||
x
|
return Ok(json!({"result": "error", "error": "username not available"}).into());
|
||||||
} else {
|
|
||||||
return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
|
|
||||||
};
|
|
||||||
|
|
||||||
if let Some(error) = is_valid_name(&user) {
|
|
||||||
return Ok(json!({"result": "error", "error": error}).into());
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
// easier to give each request its own connection
|
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
|
||||||
|
|
||||||
// ldap3 docs say a blank username and pass is an anon bind
|
|
||||||
ldap.simple_bind("", "")?.success()?;
|
|
||||||
|
|
||||||
let filter_dn = format!("(uid={})", &user);
|
|
||||||
if let Ok(x) = ldap.search("ou=users,dc=skynet,dc=ie", Scope::OneLevel, &filter_dn, vec!["*"]) {
|
|
||||||
if let Ok((rs, _res)) = x.success() {
|
|
||||||
if !rs.is_empty() {
|
|
||||||
return Ok(json!({"result": "error", "error": "username not available"}).into());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// done with anon ldap
|
|
||||||
ldap.unbind()?;
|
|
||||||
|
|
||||||
ldap_create_account(config, db, user_db, &user, &pass).await?;
|
|
||||||
|
|
||||||
// account now created, delete from the new table
|
|
||||||
account_verification_clear_pending(db, &auth).await?;
|
|
||||||
|
|
||||||
Ok(json!({"result": "success"}).into())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// clear the db of expired ones before checking for username and validating inputs
|
// done with anon ldap
|
||||||
async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew>, Error> {
|
ldap.unbind()?;
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
|
||||||
r#"
|
ldap_create_account(config, db, user_db, &user, &pass).await?;
|
||||||
|
|
||||||
|
// account now created, delete from the new table
|
||||||
|
account_verification_clear_pending(db, &auth).await?;
|
||||||
|
|
||||||
|
Ok(json!({"result": "success"}).into())
|
||||||
|
}
|
||||||
|
|
||||||
|
// clear the db of expired ones before checking for username and validating inputs
|
||||||
|
async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew>, Error> {
|
||||||
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
DELETE
|
DELETE
|
||||||
FROM accounts_new
|
FROM accounts_new
|
||||||
WHERE date_expiry < ?
|
WHERE date_expiry < ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(get_now_iso(true))
|
.bind(get_now_iso(true))
|
||||||
.fetch_all(pool)
|
.fetch_all(pool)
|
||||||
.await
|
.await
|
||||||
|
}
|
||||||
|
|
||||||
|
fn is_valid_name(name: &str) -> Option<String> {
|
||||||
|
// max length is 31 chars
|
||||||
|
if name.len() >= 32 {
|
||||||
|
return Some(String::from("Too long, max len 31"));
|
||||||
}
|
}
|
||||||
|
|
||||||
fn is_valid_name(name: &str) -> Option<String> {
|
for (index, letter) in name.chars().enumerate() {
|
||||||
// max length is 31 chars
|
// no uppercase characters allowed
|
||||||
if name.len() >= 32 {
|
if letter.is_ascii_uppercase() {
|
||||||
return Some(String::from("Too long, max len 31"));
|
return Some(String::from("Has uppercase"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if index == 0 {
|
||||||
|
// first character ahs to be either a letter or underscore
|
||||||
|
if !(letter.is_ascii_alphabetic() || letter == '_') {
|
||||||
|
return Some(String::from("Does not start with letter or _"));
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
for (index, letter) in name.chars().enumerate() {
|
// after first character options are more relaxed
|
||||||
// no uppercase characters allowed
|
if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
|
||||||
if letter.is_ascii_uppercase() {
|
return Some(String::from("Contains character that is not letter, number, _ or -"));
|
||||||
return Some(String::from("Has uppercase"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if index == 0 {
|
|
||||||
// first character ahs to be either a letter or underscore
|
|
||||||
if !(letter.is_ascii_alphabetic() || letter == '_') {
|
|
||||||
return Some(String::from("Does not start with letter or _"));
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// after first character options are more relaxed
|
|
||||||
if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
|
|
||||||
return Some(String::from("Contains character that is not letter, number, _ or -"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
None
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
|
None
|
||||||
if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
|
}
|
||||||
r#"
|
|
||||||
|
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
|
||||||
|
if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts_new
|
FROM accounts_new
|
||||||
WHERE auth_code == ?
|
WHERE auth_code == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(auth)
|
.bind(auth)
|
||||||
.fetch_all(pool)
|
.fetch_all(pool)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
if !res.is_empty() {
|
if !res.is_empty() {
|
||||||
return Some(res[0].to_owned());
|
return Some(res[0].to_owned());
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
None
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn ldap_create_account(config: &Config, db: &Pool<Sqlite>, user: AccountsNew, username: &str, pass: &str) -> Result<(), ldap3::LdapError> {
|
None
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
}
|
||||||
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
|
||||||
|
|
||||||
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", username);
|
async fn ldap_create_account(config: &Config, db: &Pool<Sqlite>, user: AccountsNew, username: &str, pass: &str) -> Result<(), ldap3::LdapError> {
|
||||||
let cn = format!("{} {}", &user.name_first, &user.name_surname);
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
let home_directory = format!("/home/{}", username);
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
||||||
let password_tmp = random_string(50);
|
|
||||||
let labeled_uri = format!("ldap:///ou=groups,dc=skynet,dc=ie??sub?(&(objectclass=posixgroup)(memberuid={}))", username);
|
|
||||||
let sk_mail = format!("{}@skynet.ie", username);
|
|
||||||
let sk_created = get_sk_created();
|
|
||||||
let uid_number = get_max_uid_number(db).await;
|
|
||||||
|
|
||||||
// create user
|
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", username);
|
||||||
ldap.add(
|
let cn = format!("{} {}", &user.name_first, &user.name_surname);
|
||||||
&dn,
|
let home_directory = format!("/home/{}", username);
|
||||||
vec![
|
let password_tmp = random_string(50);
|
||||||
("objectClass", HashSet::from(["top", "person", "posixaccount", "ldapPublicKey", "inetOrgPerson", "skPerson"])),
|
let labeled_uri = format!("ldap:///ou=groups,dc=skynet,dc=ie??sub?(&(objectclass=posixgroup)(memberuid={}))", username);
|
||||||
// top
|
let sk_mail = format!("{}@skynet.ie", username);
|
||||||
("ou", HashSet::from(["users"])),
|
let sk_created = get_sk_created();
|
||||||
// person
|
let uid_number = get_max_uid_number(db).await;
|
||||||
("uid", HashSet::from([username])),
|
|
||||||
("cn", HashSet::from([cn.as_str()])),
|
|
||||||
// posixaccount
|
|
||||||
("uidNumber", HashSet::from([uid_number.to_string().as_str()])),
|
|
||||||
("gidNumber", HashSet::from(["1001"])),
|
|
||||||
("homedirectory", HashSet::from([home_directory.as_str()])),
|
|
||||||
("userpassword", HashSet::from([password_tmp.as_str()])),
|
|
||||||
// inetOrgPerson
|
|
||||||
("mail", HashSet::from([user.mail.as_str()])),
|
|
||||||
("sn", HashSet::from([user.name_surname.as_str()])),
|
|
||||||
// skPerson
|
|
||||||
("labeledURI", HashSet::from([labeled_uri.as_str()])),
|
|
||||||
("skMail", HashSet::from([sk_mail.as_str()])),
|
|
||||||
("skID", HashSet::from([user.id_student.as_str()])),
|
|
||||||
("skCreated", HashSet::from([sk_created.as_str()])),
|
|
||||||
// 1 = secure, automatic since its a new account
|
|
||||||
("skSecure", HashSet::from(["1"])),
|
|
||||||
// quotas
|
|
||||||
("quotaEmail", HashSet::from(["10737418240"])),
|
|
||||||
("quotaDisk", HashSet::from(["10737418240"])),
|
|
||||||
],
|
|
||||||
)?
|
|
||||||
.success()?;
|
|
||||||
|
|
||||||
// now to properly set teh password
|
// create user
|
||||||
let tmp = PasswordModify {
|
ldap
|
||||||
user_id: Some(&dn),
|
.add(
|
||||||
old_pass: None,
|
&dn,
|
||||||
new_pass: Some(pass),
|
vec![
|
||||||
};
|
("objectClass", HashSet::from(["top", "person", "posixaccount", "ldapPublicKey", "inetOrgPerson", "skPerson"])),
|
||||||
|
// top
|
||||||
|
("ou", HashSet::from(["users"])),
|
||||||
|
// person
|
||||||
|
("uid", HashSet::from([username])),
|
||||||
|
("cn", HashSet::from([cn.as_str()])),
|
||||||
|
// posixaccount
|
||||||
|
("uidNumber", HashSet::from([uid_number.to_string().as_str()])),
|
||||||
|
("gidNumber", HashSet::from(["1001"])),
|
||||||
|
("homedirectory", HashSet::from([home_directory.as_str()])),
|
||||||
|
("userpassword", HashSet::from([password_tmp.as_str()])),
|
||||||
|
// inetOrgPerson
|
||||||
|
("mail", HashSet::from([user.mail.as_str()])),
|
||||||
|
("sn", HashSet::from([user.name_surname.as_str()])),
|
||||||
|
// skPerson
|
||||||
|
("labeledURI", HashSet::from([labeled_uri.as_str()])),
|
||||||
|
("skMail", HashSet::from([sk_mail.as_str()])),
|
||||||
|
("skID", HashSet::from([user.id_student.as_str()])),
|
||||||
|
("skCreated", HashSet::from([sk_created.as_str()])),
|
||||||
|
// 1 = secure, automatic since its a new account
|
||||||
|
("skSecure", HashSet::from(["1"])),
|
||||||
|
// quotas
|
||||||
|
("quotaEmail", HashSet::from(["10737418240"])),
|
||||||
|
("quotaDisk", HashSet::from(["10737418240"])),
|
||||||
|
],
|
||||||
|
)?
|
||||||
|
.success()?;
|
||||||
|
|
||||||
ldap.extended(tmp).unwrap();
|
// now to properly set teh password
|
||||||
|
let tmp = PasswordModify {
|
||||||
|
user_id: Some(&dn),
|
||||||
|
old_pass: None,
|
||||||
|
new_pass: Some(pass),
|
||||||
|
};
|
||||||
|
|
||||||
// user is already verified by being an active member on wolves
|
ldap.extended(tmp).unwrap();
|
||||||
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], false).await {
|
|
||||||
println!("Couldnt add {} to skynet-users: {:?}", username, e)
|
|
||||||
}
|
|
||||||
|
|
||||||
ldap.unbind()?;
|
// user is already verified by being an active member on wolves
|
||||||
|
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], false).await {
|
||||||
Ok(())
|
println!("Couldnt add {} to skynet-users: {:?}", username, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_sk_created() -> String {
|
ldap.unbind()?;
|
||||||
use chrono::Utc;
|
|
||||||
let now = Utc::now();
|
|
||||||
|
|
||||||
format!("{}", now.format("%Y%m%d%H%M%SZ"))
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_max_uid_number(db: &Pool<Sqlite>) -> i64 {
|
fn get_sk_created() -> String {
|
||||||
if let Ok(results) = sqlx::query_as::<_, Accounts>(
|
use chrono::Utc;
|
||||||
r#"
|
let now = Utc::now();
|
||||||
|
|
||||||
|
format!("{}", now.format("%Y%m%d%H%M%SZ"))
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn get_max_uid_number(db: &Pool<Sqlite>) -> i64 {
|
||||||
|
if let Ok(results) = sqlx::query_as::<_, Accounts>(
|
||||||
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts
|
FROM accounts
|
||||||
ORDER BY uid DESC
|
ORDER BY uid DESC
|
||||||
LIMIT 1
|
LIMIT 1
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
if !results.is_empty() {
|
if !results.is_empty() {
|
||||||
return results[0].uid + 1;
|
return results[0].uid + 1;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
9999
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn account_verification_clear_pending(db: &Pool<Sqlite>, auth_code: &str) -> Result<Vec<AccountsNew>, Error> {
|
9999
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
}
|
||||||
r#"
|
|
||||||
|
async fn account_verification_clear_pending(db: &Pool<Sqlite>, auth_code: &str) -> Result<Vec<AccountsNew>, Error> {
|
||||||
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
DELETE FROM accounts_new
|
DELETE FROM accounts_new
|
||||||
WHERE auth_code == ?
|
WHERE auth_code == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(auth_code)
|
.bind(auth_code)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -3,152 +3,152 @@ use ldap3::{exop::PasswordModify, LdapConn, Mod, Scope, SearchEntry};
|
||||||
use sqlx::{Pool, Sqlite};
|
use sqlx::{Pool, Sqlite};
|
||||||
use std::collections::{HashMap, HashSet};
|
use std::collections::{HashMap, HashSet};
|
||||||
use tide::{
|
use tide::{
|
||||||
prelude::{json, Deserialize, Serialize},
|
prelude::{json, Deserialize, Serialize},
|
||||||
Request,
|
Request,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
pub struct LdapUpdate {
|
pub struct LdapUpdate {
|
||||||
user: String,
|
user: String,
|
||||||
pass: String,
|
pass: String,
|
||||||
field: String,
|
field: String,
|
||||||
value: String,
|
value: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Serialize)]
|
#[derive(Debug, Serialize)]
|
||||||
pub struct ModifyResult {
|
pub struct ModifyResult {
|
||||||
mail: Option<String>,
|
mail: Option<String>,
|
||||||
#[serde(rename = "sshPublicKey")]
|
#[serde(rename = "sshPublicKey")]
|
||||||
ssh_public_key: Option<String>,
|
ssh_public_key: Option<String>,
|
||||||
cn: Option<String>,
|
cn: Option<String>,
|
||||||
#[serde(rename = "skDiscord")]
|
#[serde(rename = "skDiscord")]
|
||||||
sk_discord: Option<String>,
|
sk_discord: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Handles updating a single field with the users own password
|
/// Handles updating a single field with the users own password
|
||||||
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
let LdapUpdate {
|
let LdapUpdate {
|
||||||
user,
|
user,
|
||||||
pass,
|
pass,
|
||||||
field,
|
field,
|
||||||
value,
|
value,
|
||||||
} = req.body_json().await?;
|
} = req.body_json().await?;
|
||||||
|
|
||||||
// check that any mail is not using @skynet.ie
|
// check that any mail is not using @skynet.ie
|
||||||
if field == "mail" && value.trim().ends_with("@skynet.ie") {
|
if field == "mail" && value.trim().ends_with("@skynet.ie") {
|
||||||
return Ok(json!({"result": "error", "error": "Skynet email not valid contact address"}).into());
|
return Ok(json!({"result": "error", "error": "Skynet email not valid contact address"}).into());
|
||||||
|
}
|
||||||
|
|
||||||
|
let config = &req.state().config;
|
||||||
|
let db = &req.state().db;
|
||||||
|
|
||||||
|
// easier to give each request its own connection
|
||||||
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
|
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user);
|
||||||
|
ldap.simple_bind(&dn, &pass)?.success()?;
|
||||||
|
|
||||||
|
// always assume insecure
|
||||||
|
let mut pw_keep_same = false;
|
||||||
|
let mut is_skynet_user = false;
|
||||||
|
|
||||||
|
// get the users current password hash
|
||||||
|
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
|
||||||
|
if !rs.is_empty() {
|
||||||
|
let tmp = SearchEntry::construct(rs[0].clone());
|
||||||
|
if tmp.attrs.contains_key("userPassword") && !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
|
||||||
|
pw_keep_same = true;
|
||||||
|
}
|
||||||
|
if tmp.attrs.contains_key("memberOf") {
|
||||||
|
for group in tmp.attrs["memberOf"].clone() {
|
||||||
|
if group.contains("skynet-users") {
|
||||||
|
is_skynet_user = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if the password field itself is being updated
|
||||||
|
let pass_new = if &field != "userPassword" {
|
||||||
|
if !is_skynet_user && &field == "mail" {
|
||||||
|
activate_group(db, config, &user, &value).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
let config = &req.state().config;
|
// if password is not being updated then just update the required field
|
||||||
let db = &req.state().db;
|
let mods = vec![
|
||||||
|
// the value we are updating
|
||||||
|
Mod::Replace(field, HashSet::from([value])),
|
||||||
|
];
|
||||||
|
|
||||||
// easier to give each request its own connection
|
ldap.modify(&dn, mods)?.success()?;
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
|
||||||
|
|
||||||
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user);
|
// pass back the "old" and "new" passwords
|
||||||
ldap.simple_bind(&dn, &pass)?.success()?;
|
// using this means we can create teh vars without them needing to be mutable
|
||||||
|
pass.clone()
|
||||||
|
} else {
|
||||||
|
// password is going to be updated, even if the old value is not starting with "{SSHA512}"
|
||||||
|
pw_keep_same = false;
|
||||||
|
value
|
||||||
|
};
|
||||||
|
|
||||||
// always assume insecure
|
// changing teh password because of an explicit request or upgrading teh security.
|
||||||
let mut pw_keep_same = false;
|
if !pw_keep_same {
|
||||||
let mut is_skynet_user = false;
|
// really easy to update password once ye know how
|
||||||
|
let tmp = PasswordModify {
|
||||||
// get the users current password hash
|
// none as we are staying on the same connection
|
||||||
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
|
user_id: None,
|
||||||
if !rs.is_empty() {
|
old_pass: Some(&pass),
|
||||||
let tmp = SearchEntry::construct(rs[0].clone());
|
new_pass: Some(&pass_new),
|
||||||
if tmp.attrs.contains_key("userPassword") && !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
|
|
||||||
pw_keep_same = true;
|
|
||||||
}
|
|
||||||
if tmp.attrs.contains_key("memberOf") {
|
|
||||||
for group in tmp.attrs["memberOf"].clone() {
|
|
||||||
if group.contains("skynet-users") {
|
|
||||||
is_skynet_user = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if the password field itself is being updated
|
|
||||||
let pass_new = if &field != "userPassword" {
|
|
||||||
if !is_skynet_user && &field == "mail" {
|
|
||||||
activate_group(db, config, &user, &value).await;
|
|
||||||
}
|
|
||||||
|
|
||||||
// if password is not being updated then just update the required field
|
|
||||||
let mods = vec![
|
|
||||||
// the value we are updating
|
|
||||||
Mod::Replace(field, HashSet::from([value])),
|
|
||||||
];
|
|
||||||
|
|
||||||
ldap.modify(&dn, mods)?.success()?;
|
|
||||||
|
|
||||||
// pass back the "old" and "new" passwords
|
|
||||||
// using this means we can create teh vars without them needing to be mutable
|
|
||||||
pass.clone()
|
|
||||||
} else {
|
|
||||||
// password is going to be updated, even if the old value is not starting with "{SSHA512}"
|
|
||||||
pw_keep_same = false;
|
|
||||||
value
|
|
||||||
};
|
};
|
||||||
|
|
||||||
// changing teh password because of an explicit request or upgrading teh security.
|
ldap.extended(tmp)?.success()?;
|
||||||
if !pw_keep_same {
|
};
|
||||||
// really easy to update password once ye know how
|
|
||||||
let tmp = PasswordModify {
|
|
||||||
// none as we are staying on the same connection
|
|
||||||
user_id: None,
|
|
||||||
old_pass: Some(&pass),
|
|
||||||
new_pass: Some(&pass_new),
|
|
||||||
};
|
|
||||||
|
|
||||||
ldap.extended(tmp)?.success()?;
|
let result = get_result(&mut ldap, &dn);
|
||||||
};
|
|
||||||
|
|
||||||
let result = get_result(&mut ldap, &dn);
|
ldap.unbind()?;
|
||||||
|
|
||||||
ldap.unbind()?;
|
Ok(json!({"result": "success", "success": result}).into())
|
||||||
|
|
||||||
Ok(json!({"result": "success", "success": result}).into())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_result(ldap: &mut LdapConn, dn: &str) -> ModifyResult {
|
fn get_result(ldap: &mut LdapConn, dn: &str) -> ModifyResult {
|
||||||
let mut result = ModifyResult {
|
let mut result = ModifyResult {
|
||||||
mail: None,
|
mail: None,
|
||||||
ssh_public_key: None,
|
ssh_public_key: None,
|
||||||
cn: None,
|
cn: None,
|
||||||
sk_discord: None,
|
sk_discord: None,
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Ok(temp) = ldap.search(dn, Scope::Base, "(objectClass=*)", vec!["mail", "sshPublicKey", "cn", "skDiscord"]) {
|
if let Ok(temp) = ldap.search(dn, Scope::Base, "(objectClass=*)", vec!["mail", "sshPublicKey", "cn", "skDiscord"]) {
|
||||||
if let Ok((rs, _res)) = temp.success() {
|
if let Ok((rs, _res)) = temp.success() {
|
||||||
if !rs.is_empty() {
|
if !rs.is_empty() {
|
||||||
let tmp = SearchEntry::construct(rs[0].clone());
|
let tmp = SearchEntry::construct(rs[0].clone());
|
||||||
result.mail = get_result_values(&tmp.attrs, "mail");
|
result.mail = get_result_values(&tmp.attrs, "mail");
|
||||||
result.ssh_public_key = get_result_values(&tmp.attrs, "sshPublicKey");
|
result.ssh_public_key = get_result_values(&tmp.attrs, "sshPublicKey");
|
||||||
result.cn = get_result_values(&tmp.attrs, "cn");
|
result.cn = get_result_values(&tmp.attrs, "cn");
|
||||||
result.sk_discord = get_result_values(&tmp.attrs, "skDiscord");
|
result.sk_discord = get_result_values(&tmp.attrs, "skDiscord");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
result
|
result
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_result_values(attrs: &HashMap<String, Vec<String>>, field: &str) -> Option<String> {
|
fn get_result_values(attrs: &HashMap<String, Vec<String>>, field: &str) -> Option<String> {
|
||||||
if let Some(field) = attrs.get(field) {
|
if let Some(field) = attrs.get(field) {
|
||||||
if !field.is_empty() {
|
if !field.is_empty() {
|
||||||
return Some(field[0].clone());
|
return Some(field[0].clone());
|
||||||
}
|
|
||||||
}
|
}
|
||||||
None
|
}
|
||||||
|
None
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn activate_group(db: &Pool<Sqlite>, config: &Config, user: &str, mail: &str) {
|
async fn activate_group(db: &Pool<Sqlite>, config: &Config, user: &str, mail: &str) {
|
||||||
// check if user has this mail in teh wolves db
|
// check if user has this mail in teh wolves db
|
||||||
if !get_wolves_mail(db, mail).await.is_empty() {
|
if !get_wolves_mail(db, mail).await.is_empty() {
|
||||||
// if so then activate
|
// if so then activate
|
||||||
if let Err(e) = update_group(config, "skynet-users", &vec![user.to_string()], false).await {
|
if let Err(e) = update_group(config, "skynet-users", &vec![user.to_string()], false).await {
|
||||||
println!("Couldnt add {} to skynet-users: {:?}", user, e)
|
println!("Couldnt add {} to skynet-users: {:?}", user, e)
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue