Skynet/ldap_backend
6
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch '#23-restricted-account-names' into 'main'

Browse source 
Restrict account names that users can signup with

Closes #23

See merge request compsoc1/skynet/ldap/backend!17
This commit is contained in:
silver 2023-09-16 14:11:49 +00:00
commit e4e7171eac
4 changed files with 26 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
flake.nix
View file

@ -55,10 +55,11 @@
SSH_ROOT = "skynet_old"; SSH_ROOT = "skynet_old";
# special categories of users # special categories of users
USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin; USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin;
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee; USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime; USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned; USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
USERS_RESTRICTED = lib.strings.concatStringsSep "," cfg.users.restricted;
}; };
service_name = script: lib.strings.sanitizeDerivationName("${cfg.user}@${script}"); service_name = script: lib.strings.sanitizeDerivationName("${cfg.user}@${script}");
@ -146,6 +147,11 @@
default = []; default = [];
description = "array of banned users"; description = "array of banned users";
}; };
restricted = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of restricted user accounts";
};
}; };
host_port = mkOption rec { host_port = mkOption rec {

9
src/lib.rs
View file

@ -190,6 +190,7 @@ pub struct Config {
pub mail_pass: String, pub mail_pass: String,
pub ssh_root: String, pub ssh_root: String,
pub auth_discord: String, pub auth_discord: String,
pub users_restricted: Vec<String>,
} }
pub fn get_config() -> Config { pub fn get_config() -> Config {
@ -209,6 +210,7 @@ pub fn get_config() -> Config {
mail_pass: "".to_string(), mail_pass: "".to_string(),
ssh_root: "skynet_old".to_string(), ssh_root: "skynet_old".to_string(),
auth_discord: "".to_string(), auth_discord: "".to_string(),
users_restricted: vec![],
}; };
if let Ok(x) = env::var("LDAP_HOST") { if let Ok(x) = env::var("LDAP_HOST") {
@ -248,6 +250,13 @@ pub fn get_config() -> Config {
config.auth_discord = x.trim().to_string(); config.auth_discord = x.trim().to_string();
} }
if let Ok(x) = env::var("USERS_RESTRICTED") {
// usernames that are restricted
for user in x.split(',').collect::<Vec<&str>>() {
config.users_restricted.push(user.to_string());
}
}
config config
} }

7
src/methods/account_new.rs
View file

@ -269,6 +269,13 @@ pub mod account {
return Ok(json!({"result": "error", "error": error}).into()); return Ok(json!({"result": "error", "error": error}).into());
} }
// check against forbidden names first
for name in &config.users_restricted {
if user.contains(name) {
return Ok(json!({"result": "error", "error": "username not available"}).into());
}
}
// easier to give each request its own connection // easier to give each request its own connection
let mut ldap = LdapConn::new(&config.ldap_host)?; let mut ldap = LdapConn::new(&config.ldap_host)?;

2
src/methods/discord.rs
View file

@ -35,7 +35,6 @@ pub mod account {
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize)]
pub struct DiscordResult { pub struct DiscordResult {
discord: String, discord: String,
email: String,
wolves_id: String, wolves_id: String,
} }
@ -59,7 +58,6 @@ pub mod account {
if !accounts.is_empty() { if !accounts.is_empty() {
let tmp = DiscordResult { let tmp = DiscordResult {
discord, discord,
email: item.mail,
wolves_id: accounts[0].id_wolves.to_owned(), wolves_id: accounts[0].id_wolves.to_owned(),
}; };