From be4fadd84daf0eb735b00b3835a0b9827bdceaee Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 13 Aug 2023 17:47:51 +0100 Subject: [PATCH] feat: new route to reminder users of their username via email. Closes #14 --- README.md | 8 +++ src/main.rs | 1 + src/methods/account_recover.rs | 119 ++++++++++++++++++++++++++++++++- 3 files changed, 127 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d6491c5..3c69c2e 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,14 @@ Invalid Auth: Generic responses which is used unless otherwise specified above. +### POST /ldap/recover/username +Sends an email to the user of the address reminding them of their username (if there is an account associated with said username). +```json +{ + "email" : "email looking for remidner" +} +``` + ### POST /ldap/recover/password ```json diff --git a/src/main.rs b/src/main.rs index e3992ba..e860632 100644 --- a/src/main.rs +++ b/src/main.rs @@ -30,6 +30,7 @@ async fn main() -> tide::Result<()> { // for folks who forget password/username app.at("/ldap/recover/password").post(account_recover::password::reset); app.at("/ldap/recover/password/auth").post(account_recover::password::auth); + app.at("/ldap/recover/username").post(account_recover::username::submit); app.listen(host_port).await?; Ok(()) diff --git a/src/methods/account_recover.rs b/src/methods/account_recover.rs index 3c50db5..eb954c6 100644 --- a/src/methods/account_recover.rs +++ b/src/methods/account_recover.rs @@ -109,7 +109,7 @@ pub mod password { Ok(json!({"result": "success", "success": "Password set"}).into()) } - async fn db_get_user(pool: &Pool, user_in: &Option, mail_in: &Option) -> Option { + pub async fn db_get_user(pool: &Pool, user_in: &Option, mail_in: &Option) -> Option { let user = match user_in { None => "", Some(x) => x, @@ -305,3 +305,120 @@ pub mod password { .await } } + +pub mod username { + use super::password::db_get_user; + use super::*; + + // far simpler, accept email, send notification via email + + #[derive(Debug, Deserialize)] + struct UsernameReminder { + email: String, + } + + pub async fn submit(mut req: Request) -> tide::Result { + let UsernameReminder { + email, + } = req.body_json().await?; + + // check that any mail is not using @skynet.ie + + if email.trim().ends_with("@skynet.ie") { + // all responses from this are a success + return Ok(json!({"result": "error", "error": "Skynet email not permitted."}).into()); + } + + let config = &req.state().config; + let db = &req.state().db; + + // considering the local db is updated hourly (or less) use that instead of teh ldap for lookups + let user_details = match db_get_user(db, &None, &Some(email)).await { + None => { + return Ok(json!({"result": "success"}).into()); + } + Some(x) => x, + }; + + // user does not have a different email address set + if user_details.mail.trim().ends_with("@skynet.ie") { + // not returning an error here as there is no need to let the person requesting what email the user has + return Ok(json!({"result": "success"}).into()); + } + + send_mail(config, &user_details).ok(); + + Ok(json!({"result": "success"}).into()) + } + + fn send_mail(config: &Config, record: &Accounts) -> Result { + let recipient = &record.user; + let mail = &record.mail; + let discord = "https://discord.skynet.ie"; + let sender = format!("UL Computer Society <{}>", &config.mail_user); + + // Create the html we want to send. + let html = html! { + head { + title { "Hello from Skynet!" } + style type="text/css" { + "h2, h4 { font-family: Arial, Helvetica, sans-serif; }" + } + } + div style="display: flex; flex-direction: column; align-items: center;" { + h2 { "Hello from Skynet!" } + // Substitute in the name of our recipient. + p { "Hi there," } + p { + "You requested a username reminder: " (recipient) + } + p { + "If did not request this please ignore." + } + p { + "UL Computer Society" + br; + "Skynet Team" + br; + a href=(discord) { (discord) } + } + } + }; + + let body_text = format!( + r#" + Hi there, + + You requested a username reminder: {recipient} + + If did not request this please ignore. + + UL Computer Society + Skynet Team + {discord} + "# + ); + + // Build the message. + let email = Message::builder() + .from(sender.parse().unwrap()) + .to(mail.parse().unwrap()) + .subject("Skynet: Username Reminder") + .multipart( + // This is composed of two parts. + // also helps not trip spam settings (uneven number of url's + MultiPart::alternative() + .singlepart(SinglePart::builder().header(header::ContentType::TEXT_PLAIN).body(body_text)) + .singlepart(SinglePart::builder().header(header::ContentType::TEXT_HTML).body(html.into_string())), + ) + .expect("failed to build email"); + + let creds = Credentials::new(config.mail_user.clone(), config.mail_pass.clone()); + + // Open a remote connection to gmail using STARTTLS + let mailer = SmtpTransport::starttls_relay(&config.mail_smtp).unwrap().credentials(creds).build(); + + // Send the email + mailer.send(&email) + } +}