#11 signup email #36
6 changed files with 420 additions and 372 deletions
|
@ -10,9 +10,6 @@ name = "update_data"
|
||||||
[[bin]]
|
[[bin]]
|
||||||
name = "update_groups"
|
name = "update_groups"
|
||||||
|
|
||||||
[[bin]]
|
|
||||||
name = "new_users"
|
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
# for the ldap
|
# for the ldap
|
||||||
ldap3="0.11.1"
|
ldap3="0.11.1"
|
||||||
|
|
15
README.md
15
README.md
|
@ -44,7 +44,20 @@ Each value is either a string or ``null``.
|
||||||
|
|
||||||
Changing ``userPassword`` requires the existing password in teh apssword field and the new one in teh value field.
|
Changing ``userPassword`` requires the existing password in teh apssword field and the new one in teh value field.
|
||||||
|
|
||||||
### POST /ldap/new
|
### POST /ldap/new/email
|
||||||
|
|
||||||
|
Kickstarts teh process of signing up to Skynet
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"email" : "User's wolves email"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### POST /ldap/new/account
|
||||||
|
|
||||||
|
Verifies teh user has access to this email
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
|
|
|
@ -101,8 +101,8 @@
|
||||||
|
|
||||||
# modify these
|
# modify these
|
||||||
scripts = {
|
scripts = {
|
||||||
"update_data" = "*:0,15,30,45";
|
"update_data" = "*:0,15,30,45";
|
||||||
"new_users" = "*:5,20,35,50";
|
#"new_users" = "*:5,20,35,50";
|
||||||
"update_groups" = "*:10";
|
"update_groups" = "*:10";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,197 +0,0 @@
|
||||||
use lettre::{
|
|
||||||
message::{header, MultiPart, SinglePart},
|
|
||||||
transport::smtp::{authentication::Credentials, response::Response},
|
|
||||||
Message, SmtpTransport, Transport,
|
|
||||||
};
|
|
||||||
use maud::html;
|
|
||||||
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, random_string, AccountWolves, Accounts, AccountsNew, Config};
|
|
||||||
use sqlx::{Pool, Sqlite};
|
|
||||||
|
|
||||||
#[async_std::main]
|
|
||||||
async fn main() {
|
|
||||||
let config = get_config();
|
|
||||||
let db = db_init(&config).await.unwrap();
|
|
||||||
|
|
||||||
for record in get_wolves(&db).await {
|
|
||||||
// skynet emails not permitted
|
|
||||||
if record.email.trim().ends_with("@skynet.ie") {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if the email is already in the db
|
|
||||||
if !check(&db, &record.email).await {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate a auth key
|
|
||||||
let auth = random_string(50);
|
|
||||||
|
|
||||||
match send_mail(&config, &record, &auth) {
|
|
||||||
Ok(_) => match save_to_db(&db, &record, &auth).await {
|
|
||||||
Ok(_) => {}
|
|
||||||
Err(e) => {
|
|
||||||
println!("Unable to save to db {} {e:?}", &record.email);
|
|
||||||
}
|
|
||||||
},
|
|
||||||
Err(e) => {
|
|
||||||
println!("Unable to send mail to {} {e:?}", &record.email);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn check(db: &Pool<Sqlite>, mail: &str) -> bool {
|
|
||||||
check_pending(db, mail).await && check_users(db, mail).await
|
|
||||||
}
|
|
||||||
async fn check_users(db: &Pool<Sqlite>, mail: &str) -> bool {
|
|
||||||
sqlx::query_as::<_, Accounts>(
|
|
||||||
r#"
|
|
||||||
SELECT *
|
|
||||||
FROM accounts
|
|
||||||
WHERE mail == ?
|
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(mail)
|
|
||||||
.fetch_all(db)
|
|
||||||
.await
|
|
||||||
.unwrap_or(vec![])
|
|
||||||
.is_empty()
|
|
||||||
}
|
|
||||||
async fn check_pending(db: &Pool<Sqlite>, mail: &str) -> bool {
|
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
|
||||||
r#"
|
|
||||||
SELECT *
|
|
||||||
FROM accounts_new
|
|
||||||
WHERE mail == ?
|
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(mail)
|
|
||||||
.fetch_all(db)
|
|
||||||
.await
|
|
||||||
.unwrap_or(vec![])
|
|
||||||
.is_empty()
|
|
||||||
}
|
|
||||||
|
|
||||||
// using https://github.com/lettre/lettre/blob/57886c367d69b4d66300b322c94bd910b1eca364/examples/maud_html.rs
|
|
||||||
fn send_mail(config: &Config, record: &AccountWolves, auth: &str) -> Result<Response, lettre::transport::smtp::Error> {
|
|
||||||
let recipient = &record.name_first;
|
|
||||||
let mail = &record.email;
|
|
||||||
let url_base = "https://sso.skynet.ie";
|
|
||||||
let link_new = format!("{url_base}/register?auth={auth}");
|
|
||||||
let link_mod = format!("{url_base}/modify");
|
|
||||||
let discord = "https://discord.gg/mkuKJkCuyM";
|
|
||||||
let sender = format!("UL Computer Society <{}>", &config.mail_user);
|
|
||||||
|
|
||||||
// Create the html we want to send.
|
|
||||||
let html = html! {
|
|
||||||
head {
|
|
||||||
title { "Hello from Skynet!" }
|
|
||||||
style type="text/css" {
|
|
||||||
"h2, h4 { font-family: Arial, Helvetica, sans-serif; }"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
div style="display: flex; flex-direction: column; align-items: center;" {
|
|
||||||
h2 { "Hello from Skynet!" }
|
|
||||||
// Substitute in the name of our recipient.
|
|
||||||
p { "Hi " (recipient) "," }
|
|
||||||
p {
|
|
||||||
"As part of the UL Computer Society you get an account on our Skynet cluster."
|
|
||||||
br;
|
|
||||||
"This gives you access to some of teh various services we offer:"
|
|
||||||
ul {
|
|
||||||
li { "Email" }
|
|
||||||
li { "Gitlab" }
|
|
||||||
li { "Linux Webhost" }
|
|
||||||
}
|
|
||||||
br;
|
|
||||||
"The following invite will remain active until the end of year."
|
|
||||||
}
|
|
||||||
p {
|
|
||||||
"If you are a new member please use the following link:"
|
|
||||||
br;
|
|
||||||
a href=(link_new) { (link_new) }
|
|
||||||
}
|
|
||||||
p {
|
|
||||||
"If you are a returning user please set an email for your account at:"
|
|
||||||
br;
|
|
||||||
a href=(link_mod) { (link_mod) }
|
|
||||||
}
|
|
||||||
p {
|
|
||||||
"If you have issues please refer to our Discord server:"
|
|
||||||
br;
|
|
||||||
a href=(discord) { (discord) }
|
|
||||||
}
|
|
||||||
|
|
||||||
p {
|
|
||||||
"Skynet Team"
|
|
||||||
br;
|
|
||||||
"UL Computer Society"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
let body_text = format!(
|
|
||||||
r#"
|
|
||||||
Hi {recipient}
|
|
||||||
|
|
||||||
As part of the UL Computer Society you get an account on our Skynet cluster.
|
|
||||||
This gives you access to some of teh various services we offer:
|
|
||||||
* Email
|
|
||||||
* Gitlab
|
|
||||||
* Linux Webhost
|
|
||||||
The following invite will remain active until the end of year.
|
|
||||||
|
|
||||||
If you are a new member please use the following link:
|
|
||||||
{link_new}
|
|
||||||
|
|
||||||
If you are a returning user please set an email for your account at:
|
|
||||||
{link_mod}
|
|
||||||
|
|
||||||
If you have issues please refer to our Discord server:
|
|
||||||
{discord}
|
|
||||||
|
|
||||||
Skynet Team
|
|
||||||
UL Computer Society
|
|
||||||
"#
|
|
||||||
);
|
|
||||||
|
|
||||||
// Build the message.
|
|
||||||
let email = Message::builder()
|
|
||||||
.from(sender.parse().unwrap())
|
|
||||||
.to(mail.parse().unwrap())
|
|
||||||
.subject("Skynet: New Account.")
|
|
||||||
.multipart(
|
|
||||||
// This is composed of two parts.
|
|
||||||
// also helps not trip spam settings (uneven number of url's
|
|
||||||
MultiPart::alternative()
|
|
||||||
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_PLAIN).body(body_text))
|
|
||||||
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_HTML).body(html.into_string())),
|
|
||||||
)
|
|
||||||
.expect("failed to build email");
|
|
||||||
|
|
||||||
let creds = Credentials::new(config.mail_user.clone(), config.mail_pass.clone());
|
|
||||||
|
|
||||||
// Open a remote connection to gmail using STARTTLS
|
|
||||||
let mailer = SmtpTransport::starttls_relay(&config.mail_smtp).unwrap().credentials(creds).build();
|
|
||||||
|
|
||||||
// Send the email
|
|
||||||
mailer.send(&email)
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn save_to_db(db: &Pool<Sqlite>, record: &AccountWolves, auth: &str) -> Result<Option<AccountsNew>, sqlx::Error> {
|
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
|
||||||
"
|
|
||||||
INSERT OR REPLACE INTO accounts_new (mail, auth_code, date_iso, date_expiry, name_first, name_surname, id_student)
|
|
||||||
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)
|
|
||||||
",
|
|
||||||
)
|
|
||||||
.bind(record.email.to_owned())
|
|
||||||
.bind(auth.to_owned())
|
|
||||||
.bind(get_now_iso(false))
|
|
||||||
.bind(record.expiry.to_owned())
|
|
||||||
.bind(record.name_first.to_owned())
|
|
||||||
.bind(record.name_second.to_owned())
|
|
||||||
.bind(record.id_student.to_owned())
|
|
||||||
.fetch_optional(db)
|
|
||||||
.await
|
|
||||||
}
|
|
|
@ -1,6 +1,9 @@
|
||||||
use skynet_ldap_backend::{
|
use skynet_ldap_backend::{
|
||||||
db_init, get_config,
|
db_init, get_config,
|
||||||
methods::{account_new::post_new_account, account_update::post_update_ldap},
|
methods::{
|
||||||
|
account_new::post::{account, email},
|
||||||
|
account_update::post_update_ldap,
|
||||||
|
},
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -21,7 +24,8 @@ async fn main() -> tide::Result<()> {
|
||||||
let mut app = tide::with_state(state);
|
let mut app = tide::with_state(state);
|
||||||
|
|
||||||
app.at("/ldap/update").post(post_update_ldap);
|
app.at("/ldap/update").post(post_update_ldap);
|
||||||
app.at("/ldap/new").post(post_new_account);
|
app.at("/ldap/new/email").post(email::submit);
|
||||||
|
app.at("/ldap/new/account").post(account::submit);
|
||||||
|
|
||||||
app.listen(host_port).await?;
|
app.listen(host_port).await?;
|
||||||
Ok(())
|
Ok(())
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
use crate::{get_now_iso, random_string, Accounts, AccountsNew, Config, State};
|
use crate::{get_now_iso, random_string, AccountWolves, Accounts, AccountsNew, Config, State};
|
||||||
use ldap3::{exop::PasswordModify, LdapConn, Scope};
|
use ldap3::{exop::PasswordModify, LdapConn, Scope};
|
||||||
|
use lettre::{
|
||||||
|
message::{header, MultiPart, SinglePart},
|
||||||
|
transport::smtp::authentication::Credentials,
|
||||||
|
Message, SmtpTransport, Transport,
|
||||||
|
};
|
||||||
|
use maud::html;
|
||||||
use sqlx::{Error, Pool, Sqlite};
|
use sqlx::{Error, Pool, Sqlite};
|
||||||
use std::collections::HashSet;
|
use std::collections::HashSet;
|
||||||
use tide::{
|
use tide::{
|
||||||
|
@ -7,221 +13,446 @@ use tide::{
|
||||||
Request,
|
Request,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
pub mod post {
|
||||||
pub struct LdapNewUser {
|
use super::*;
|
||||||
auth: String,
|
|
||||||
user: String,
|
|
||||||
pass: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Handles initial detail entering page
|
pub mod email {
|
||||||
/// Verify users have access to said email
|
use super::*;
|
||||||
/// Get users to set username and password.
|
|
||||||
pub async fn post_new_account(mut req: Request<State>) -> tide::Result {
|
|
||||||
let LdapNewUser {
|
|
||||||
auth,
|
|
||||||
user,
|
|
||||||
pass,
|
|
||||||
} = req.body_json().await?;
|
|
||||||
|
|
||||||
let config = &req.state().config;
|
#[derive(Debug, Deserialize)]
|
||||||
let db = &req.state().db;
|
struct SignupEmail {
|
||||||
|
email: String,
|
||||||
|
}
|
||||||
|
|
||||||
// ensure there are no old requests
|
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
db_pending_clear_expired(db).await?;
|
let SignupEmail {
|
||||||
|
email,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
|
||||||
let user_db = if let Some(x) = db_get_user(db, &auth).await {
|
let config = &req.state().config;
|
||||||
x
|
let db = &req.state().db;
|
||||||
} else {
|
|
||||||
return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
|
|
||||||
};
|
|
||||||
|
|
||||||
if let Some(error) = is_valid_name(&user) {
|
for record in get_wolves_mail(db, &email).await {
|
||||||
return Ok(json!({"result": "error", "error": error}).into());
|
// skynet emails not permitted
|
||||||
}
|
if record.email.trim().ends_with("@skynet.ie") {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
// easier to give each request its own connection
|
// check if the email is already in the db
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
if !check(db, &record.email).await {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
// ldap3 docs say a blank username and pass is an anon bind
|
// generate a auth key
|
||||||
ldap.simple_bind("", "")?.success()?;
|
let auth = random_string(75);
|
||||||
|
|
||||||
let filter_dn = format!("(uid={})", &user);
|
match send_mail(config, &record, &auth) {
|
||||||
if let Ok(x) = ldap.search("ou=users,dc=skynet,dc=ie", Scope::OneLevel, &filter_dn, vec!["*"]) {
|
Ok(_) => match save_to_db(db, &record, &auth).await {
|
||||||
if let Ok((rs, _res)) = x.success() {
|
Ok(_) => {}
|
||||||
if !rs.is_empty() {
|
Err(e) => {
|
||||||
return Ok(json!({"result": "error", "error": "username not available"}).into());
|
println!("Unable to save to db {} {e:?}", &record.email);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Err(e) => {
|
||||||
|
println!("Unable to send mail to {} {e:?}", &record.email);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Ok(json!({"result": "success"}).into())
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
|
||||||
|
sqlx::query_as::<_, AccountWolves>(
|
||||||
|
r#"
|
||||||
|
SELECT *
|
||||||
|
FROM accounts_wolves
|
||||||
|
WHERE email = ?
|
||||||
|
"#,
|
||||||
|
)
|
||||||
|
.bind(mail)
|
||||||
|
.fetch_all(db)
|
||||||
|
.await
|
||||||
|
.unwrap_or(vec![])
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn check(db: &Pool<Sqlite>, mail: &str) -> bool {
|
||||||
|
check_pending(db, mail).await && check_users(db, mail).await
|
||||||
|
}
|
||||||
|
async fn check_users(db: &Pool<Sqlite>, mail: &str) -> bool {
|
||||||
|
sqlx::query_as::<_, Accounts>(
|
||||||
|
r#"
|
||||||
|
SELECT *
|
||||||
|
FROM accounts
|
||||||
|
WHERE mail == ?
|
||||||
|
"#,
|
||||||
|
)
|
||||||
|
.bind(mail)
|
||||||
|
.fetch_all(db)
|
||||||
|
.await
|
||||||
|
.unwrap_or(vec![])
|
||||||
|
.is_empty()
|
||||||
|
}
|
||||||
|
async fn check_pending(db: &Pool<Sqlite>, mail: &str) -> bool {
|
||||||
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
|
SELECT *
|
||||||
|
FROM accounts_new
|
||||||
|
WHERE mail == ?
|
||||||
|
"#,
|
||||||
|
)
|
||||||
|
.bind(mail)
|
||||||
|
.fetch_all(db)
|
||||||
|
.await
|
||||||
|
.unwrap_or(vec![])
|
||||||
|
.is_empty()
|
||||||
|
}
|
||||||
|
|
||||||
|
// using https://github.com/lettre/lettre/blob/57886c367d69b4d66300b322c94bd910b1eca364/examples/maud_html.rs
|
||||||
|
fn send_mail(config: &Config, record: &AccountWolves, auth: &str) -> Result<lettre::transport::smtp::response::Response, lettre::transport::smtp::Error> {
|
||||||
|
let recipient = &record.name_first;
|
||||||
|
let mail = &record.email;
|
||||||
|
let url_base = "https://sso.skynet.ie";
|
||||||
|
let link_new = format!("{url_base}/register?auth={auth}");
|
||||||
|
let link_mod = format!("{url_base}/modify");
|
||||||
|
let discord = "https://discord.gg/mkuKJkCuyM";
|
||||||
|
let sender = format!("UL Computer Society <{}>", &config.mail_user);
|
||||||
|
|
||||||
|
// Create the html we want to send.
|
||||||
|
let html = html! {
|
||||||
|
head {
|
||||||
|
title { "Hello from Skynet!" }
|
||||||
|
style type="text/css" {
|
||||||
|
"h2, h4 { font-family: Arial, Helvetica, sans-serif; }"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
div style="display: flex; flex-direction: column; align-items: center;" {
|
||||||
|
h2 { "Hello from Skynet!" }
|
||||||
|
// Substitute in the name of our recipient.
|
||||||
|
p { "Hi " (recipient) "," }
|
||||||
|
p {
|
||||||
|
"As part of the UL Computer Society you get an account on our Skynet cluster."
|
||||||
|
br;
|
||||||
|
"This gives you access to some of teh various services we offer:"
|
||||||
|
ul {
|
||||||
|
li { "Email" }
|
||||||
|
li { "Gitlab" }
|
||||||
|
li { "Linux Webhost" }
|
||||||
|
}
|
||||||
|
br;
|
||||||
|
"The following invite will remain active until the end of year."
|
||||||
|
}
|
||||||
|
p {
|
||||||
|
"If you are a new member please use the following link:"
|
||||||
|
br;
|
||||||
|
a href=(link_new) { (link_new) }
|
||||||
|
}
|
||||||
|
p {
|
||||||
|
"If you are a returning user please set an email for your account at:"
|
||||||
|
br;
|
||||||
|
a href=(link_mod) { (link_mod) }
|
||||||
|
}
|
||||||
|
p {
|
||||||
|
"If you have issues please refer to our Discord server:"
|
||||||
|
br;
|
||||||
|
a href=(discord) { (discord) }
|
||||||
|
}
|
||||||
|
|
||||||
|
p {
|
||||||
|
"Skynet Team"
|
||||||
|
br;
|
||||||
|
"UL Computer Society"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let body_text = format!(
|
||||||
|
r#"
|
||||||
|
Hi {recipient}
|
||||||
|
|
||||||
|
As part of the UL Computer Society you get an account on our Skynet cluster.
|
||||||
|
This gives you access to some of teh various services we offer:
|
||||||
|
* Email
|
||||||
|
* Gitlab
|
||||||
|
* Linux Webhost
|
||||||
|
The following invite will remain active until the end of year.
|
||||||
|
|
||||||
|
If you are a new member please use the following link:
|
||||||
|
{link_new}
|
||||||
|
|
||||||
|
If you are a returning user please set an email for your account at:
|
||||||
|
{link_mod}
|
||||||
|
|
||||||
|
If you have issues please refer to our Discord server:
|
||||||
|
{discord}
|
||||||
|
|
||||||
|
Skynet Team
|
||||||
|
UL Computer Society
|
||||||
|
"#
|
||||||
|
);
|
||||||
|
|
||||||
|
// Build the message.
|
||||||
|
let email = Message::builder()
|
||||||
|
.from(sender.parse().unwrap())
|
||||||
|
.to(mail.parse().unwrap())
|
||||||
|
.subject("Skynet: New Account.")
|
||||||
|
.multipart(
|
||||||
|
// This is composed of two parts.
|
||||||
|
// also helps not trip spam settings (uneven number of url's
|
||||||
|
MultiPart::alternative()
|
||||||
|
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_PLAIN).body(body_text))
|
||||||
|
.singlepart(SinglePart::builder().header(header::ContentType::TEXT_HTML).body(html.into_string())),
|
||||||
|
)
|
||||||
|
.expect("failed to build email");
|
||||||
|
|
||||||
|
let creds = Credentials::new(config.mail_user.clone(), config.mail_pass.clone());
|
||||||
|
|
||||||
|
// Open a remote connection to gmail using STARTTLS
|
||||||
|
let mailer = SmtpTransport::starttls_relay(&config.mail_smtp).unwrap().credentials(creds).build();
|
||||||
|
|
||||||
|
// Send the email
|
||||||
|
mailer.send(&email)
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn save_to_db(db: &Pool<Sqlite>, record: &AccountWolves, auth: &str) -> Result<Option<AccountsNew>, sqlx::Error> {
|
||||||
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
|
"
|
||||||
|
INSERT OR REPLACE INTO accounts_new (mail, auth_code, date_iso, date_expiry, name_first, name_surname, id_student)
|
||||||
|
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)
|
||||||
|
",
|
||||||
|
)
|
||||||
|
.bind(record.email.to_owned())
|
||||||
|
.bind(auth.to_owned())
|
||||||
|
.bind(get_now_iso(false))
|
||||||
|
.bind(record.expiry.to_owned())
|
||||||
|
.bind(record.name_first.to_owned())
|
||||||
|
.bind(record.name_second.to_owned())
|
||||||
|
.bind(record.id_student.to_owned())
|
||||||
|
.fetch_optional(db)
|
||||||
|
.await
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// done with anon ldap
|
pub mod account {
|
||||||
ldap.unbind()?;
|
use super::*;
|
||||||
|
|
||||||
ldap_create_account(config, db, user_db, &user, &pass).await?;
|
#[derive(Debug, Deserialize)]
|
||||||
|
struct LdapNewUser {
|
||||||
|
auth: String,
|
||||||
|
user: String,
|
||||||
|
pass: String,
|
||||||
|
}
|
||||||
|
|
||||||
// account now created, delete from the new table
|
/// Handles initial detail entering page
|
||||||
account_verification_clear_pending(db, &auth).await?;
|
/// Verify users have access to said email
|
||||||
|
/// Get users to set username and password.
|
||||||
|
pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
|
let LdapNewUser {
|
||||||
|
auth,
|
||||||
|
user,
|
||||||
|
pass,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
|
||||||
Ok(json!({"result": "success"}).into())
|
let config = &req.state().config;
|
||||||
}
|
let db = &req.state().db;
|
||||||
|
|
||||||
// clear the db of expired ones before checking for username and validating inputs
|
// ensure there are no old requests
|
||||||
async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew>, Error> {
|
db_pending_clear_expired(db).await?;
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
|
||||||
r#"
|
let user_db = if let Some(x) = db_get_user(db, &auth).await {
|
||||||
|
x
|
||||||
|
} else {
|
||||||
|
return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Some(error) = is_valid_name(&user) {
|
||||||
|
return Ok(json!({"result": "error", "error": error}).into());
|
||||||
|
}
|
||||||
|
|
||||||
|
// easier to give each request its own connection
|
||||||
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
|
// ldap3 docs say a blank username and pass is an anon bind
|
||||||
|
ldap.simple_bind("", "")?.success()?;
|
||||||
|
|
||||||
|
let filter_dn = format!("(uid={})", &user);
|
||||||
|
if let Ok(x) = ldap.search("ou=users,dc=skynet,dc=ie", Scope::OneLevel, &filter_dn, vec!["*"]) {
|
||||||
|
if let Ok((rs, _res)) = x.success() {
|
||||||
|
if !rs.is_empty() {
|
||||||
|
return Ok(json!({"result": "error", "error": "username not available"}).into());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// done with anon ldap
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
ldap_create_account(config, db, user_db, &user, &pass).await?;
|
||||||
|
|
||||||
|
// account now created, delete from the new table
|
||||||
|
account_verification_clear_pending(db, &auth).await?;
|
||||||
|
|
||||||
|
Ok(json!({"result": "success"}).into())
|
||||||
|
}
|
||||||
|
|
||||||
|
// clear the db of expired ones before checking for username and validating inputs
|
||||||
|
async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew>, Error> {
|
||||||
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
DELETE
|
DELETE
|
||||||
FROM accounts_new
|
FROM accounts_new
|
||||||
WHERE date_expiry < ?
|
WHERE date_expiry < ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(get_now_iso(true))
|
.bind(get_now_iso(true))
|
||||||
.fetch_all(pool)
|
.fetch_all(pool)
|
||||||
.await
|
.await
|
||||||
}
|
|
||||||
|
|
||||||
fn is_valid_name(name: &str) -> Option<String> {
|
|
||||||
// max length is 31 chars
|
|
||||||
if name.len() >= 32 {
|
|
||||||
return Some(String::from("Too long, max len 31"));
|
|
||||||
}
|
|
||||||
|
|
||||||
for (index, letter) in name.chars().enumerate() {
|
|
||||||
// no uppercase characters allowed
|
|
||||||
if letter.is_ascii_uppercase() {
|
|
||||||
return Some(String::from("Has uppercase"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if index == 0 {
|
fn is_valid_name(name: &str) -> Option<String> {
|
||||||
// first character ahs to be either a letter or underscore
|
// max length is 31 chars
|
||||||
if !(letter.is_ascii_alphabetic() || letter == '_') {
|
if name.len() >= 32 {
|
||||||
return Some(String::from("Does not start with letter or _"));
|
return Some(String::from("Too long, max len 31"));
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
// after first character options are more relaxed
|
for (index, letter) in name.chars().enumerate() {
|
||||||
if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
|
// no uppercase characters allowed
|
||||||
return Some(String::from("Contains character that is not letter, number, _ or -"));
|
if letter.is_ascii_uppercase() {
|
||||||
|
return Some(String::from("Has uppercase"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if index == 0 {
|
||||||
|
// first character ahs to be either a letter or underscore
|
||||||
|
if !(letter.is_ascii_alphabetic() || letter == '_') {
|
||||||
|
return Some(String::from("Does not start with letter or _"));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// after first character options are more relaxed
|
||||||
|
if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
|
||||||
|
return Some(String::from("Contains character that is not letter, number, _ or -"));
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
None
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
None
|
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
|
||||||
}
|
if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
|
|
||||||
if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
|
|
||||||
r#"
|
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts_new
|
FROM accounts_new
|
||||||
WHERE auth_code == ?
|
WHERE auth_code == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(auth)
|
.bind(auth)
|
||||||
.fetch_all(pool)
|
.fetch_all(pool)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
if !res.is_empty() {
|
if !res.is_empty() {
|
||||||
return Some(res[0].to_owned());
|
return Some(res[0].to_owned());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
None
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
None
|
async fn ldap_create_account(config: &Config, db: &Pool<Sqlite>, user: AccountsNew, username: &str, pass: &str) -> Result<(), ldap3::LdapError> {
|
||||||
}
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
||||||
|
|
||||||
async fn ldap_create_account(config: &Config, db: &Pool<Sqlite>, user: AccountsNew, username: &str, pass: &str) -> Result<(), ldap3::LdapError> {
|
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", username);
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
let cn = format!("{} {}", &user.name_first, &user.name_surname);
|
||||||
ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;
|
let home_directory = format!("/home/{}", username);
|
||||||
|
let password_tmp = random_string(50);
|
||||||
|
let labeled_uri = format!("ldap:///ou=groups,dc=skynet,dc=ie??sub?(&(objectclass=posixgroup)(memberuid={}))", username);
|
||||||
|
let sk_mail = format!("{}@skynet.ie", username);
|
||||||
|
let sk_created = get_sk_created();
|
||||||
|
let uid_number = get_max_uid_number(db).await;
|
||||||
|
|
||||||
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", username);
|
// create user
|
||||||
let cn = format!("{} {}", &user.name_first, &user.name_surname);
|
ldap.add(
|
||||||
let home_directory = format!("/home/{}", username);
|
&dn,
|
||||||
let password_tmp = random_string(50);
|
vec![
|
||||||
let labeled_uri = format!("ldap:///ou=groups,dc=skynet,dc=ie??sub?(&(objectclass=posixgroup)(memberuid={}))", username);
|
("objectClass", HashSet::from(["top", "person", "posixaccount", "ldapPublicKey", "inetOrgPerson", "skPerson"])),
|
||||||
let sk_mail = format!("{}@skynet.ie", username);
|
// top
|
||||||
let sk_created = get_sk_created();
|
("ou", HashSet::from(["users"])),
|
||||||
let uid_number = get_max_uid_number(db).await;
|
// person
|
||||||
|
("uid", HashSet::from([username])),
|
||||||
|
("cn", HashSet::from([cn.as_str()])),
|
||||||
|
// posixaccount
|
||||||
|
("uidNumber", HashSet::from([uid_number.to_string().as_str()])),
|
||||||
|
("gidNumber", HashSet::from(["1001"])),
|
||||||
|
("homedirectory", HashSet::from([home_directory.as_str()])),
|
||||||
|
("userpassword", HashSet::from([password_tmp.as_str()])),
|
||||||
|
// inetOrgPerson
|
||||||
|
("mail", HashSet::from([user.mail.as_str()])),
|
||||||
|
("sn", HashSet::from([user.name_surname.as_str()])),
|
||||||
|
// skPerson
|
||||||
|
("labeledURI", HashSet::from([labeled_uri.as_str()])),
|
||||||
|
("skMail", HashSet::from([sk_mail.as_str()])),
|
||||||
|
("skID", HashSet::from([user.id_student.as_str()])),
|
||||||
|
("skCreated", HashSet::from([sk_created.as_str()])),
|
||||||
|
// 1 = secure, automatic since its a new account
|
||||||
|
("skSecure", HashSet::from(["1"])),
|
||||||
|
// quotas
|
||||||
|
("quotaEmail", HashSet::from(["10737418240"])),
|
||||||
|
("quotaDisk", HashSet::from(["10737418240"])),
|
||||||
|
],
|
||||||
|
)?
|
||||||
|
.success()?;
|
||||||
|
|
||||||
// create user
|
// now to properly set teh password
|
||||||
ldap.add(
|
let tmp = PasswordModify {
|
||||||
&dn,
|
user_id: Some(&dn),
|
||||||
vec![
|
old_pass: None,
|
||||||
("objectClass", HashSet::from(["top", "person", "posixaccount", "ldapPublicKey", "inetOrgPerson", "skPerson"])),
|
new_pass: Some(pass),
|
||||||
// top
|
};
|
||||||
("ou", HashSet::from(["users"])),
|
|
||||||
// person
|
|
||||||
("uid", HashSet::from([username])),
|
|
||||||
("cn", HashSet::from([cn.as_str()])),
|
|
||||||
// posixaccount
|
|
||||||
("uidNumber", HashSet::from([uid_number.to_string().as_str()])),
|
|
||||||
("gidNumber", HashSet::from(["1001"])),
|
|
||||||
("homedirectory", HashSet::from([home_directory.as_str()])),
|
|
||||||
("userpassword", HashSet::from([password_tmp.as_str()])),
|
|
||||||
// inetOrgPerson
|
|
||||||
("mail", HashSet::from([user.mail.as_str()])),
|
|
||||||
("sn", HashSet::from([user.name_surname.as_str()])),
|
|
||||||
// skPerson
|
|
||||||
("labeledURI", HashSet::from([labeled_uri.as_str()])),
|
|
||||||
("skMail", HashSet::from([sk_mail.as_str()])),
|
|
||||||
("skID", HashSet::from([user.id_student.as_str()])),
|
|
||||||
("skCreated", HashSet::from([sk_created.as_str()])),
|
|
||||||
// 1 = secure, automatic since its a new account
|
|
||||||
("skSecure", HashSet::from(["1"])),
|
|
||||||
// quotas
|
|
||||||
("quotaEmail", HashSet::from(["10737418240"])),
|
|
||||||
("quotaDisk", HashSet::from(["10737418240"])),
|
|
||||||
],
|
|
||||||
)?
|
|
||||||
.success()?;
|
|
||||||
|
|
||||||
// now to properly set teh password
|
ldap.extended(tmp).unwrap();
|
||||||
let tmp = PasswordModify {
|
|
||||||
user_id: Some(&dn),
|
|
||||||
old_pass: None,
|
|
||||||
new_pass: Some(pass),
|
|
||||||
};
|
|
||||||
|
|
||||||
ldap.extended(tmp).unwrap();
|
ldap.unbind()?;
|
||||||
|
|
||||||
ldap.unbind()?;
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
Ok(())
|
fn get_sk_created() -> String {
|
||||||
}
|
use chrono::Utc;
|
||||||
|
let now = Utc::now();
|
||||||
|
|
||||||
fn get_sk_created() -> String {
|
format!("{}", now.format("%Y%m%d%H%M%SZ"))
|
||||||
use chrono::Utc;
|
}
|
||||||
let now = Utc::now();
|
|
||||||
|
|
||||||
format!("{}", now.format("%Y%m%d%H%M%SZ"))
|
async fn get_max_uid_number(db: &Pool<Sqlite>) -> i64 {
|
||||||
}
|
if let Ok(results) = sqlx::query_as::<_, Accounts>(
|
||||||
|
r#"
|
||||||
async fn get_max_uid_number(db: &Pool<Sqlite>) -> i64 {
|
|
||||||
if let Ok(results) = sqlx::query_as::<_, Accounts>(
|
|
||||||
r#"
|
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM accounts
|
FROM accounts
|
||||||
ORDER BY uid DESC
|
ORDER BY uid DESC
|
||||||
LIMIT 1
|
LIMIT 1
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
if !results.is_empty() {
|
if !results.is_empty() {
|
||||||
return results[0].uid + 1;
|
return results[0].uid + 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
9999
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
9999
|
async fn account_verification_clear_pending(db: &Pool<Sqlite>, auth_code: &str) -> Result<Vec<AccountsNew>, Error> {
|
||||||
}
|
sqlx::query_as::<_, AccountsNew>(
|
||||||
|
r#"
|
||||||
async fn account_verification_clear_pending(db: &Pool<Sqlite>, auth_code: &str) -> Result<Vec<AccountsNew>, Error> {
|
|
||||||
sqlx::query_as::<_, AccountsNew>(
|
|
||||||
r#"
|
|
||||||
DELETE FROM accounts_new
|
DELETE FROM accounts_new
|
||||||
WHERE auth_code == ?
|
WHERE auth_code == ?
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(auth_code)
|
.bind(auth_code)
|
||||||
.fetch_all(db)
|
.fetch_all(db)
|
||||||
.await
|
.await
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue