From 38cbb440aff00ddaefa105395679c870d948c569 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 6 Aug 2023 14:25:42 +0100 Subject: [PATCH 1/2] feat: new users will immediately gain access to most services Closes #13 --- src/bin/update_groups.rs | 46 +------------------------------------- src/lib.rs | 44 ++++++++++++++++++++++++++++++++++++ src/methods/account_new.rs | 6 +++++ 3 files changed, 51 insertions(+), 45 deletions(-) diff --git a/src/bin/update_groups.rs b/src/bin/update_groups.rs index 388960e..3e6857e 100644 --- a/src/bin/update_groups.rs +++ b/src/bin/update_groups.rs @@ -1,5 +1,4 @@ -use ldap3::{LdapConn, Mod}; -use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, Accounts, Config}; +use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, update_group, Accounts, Config}; use sqlx::{Pool, Sqlite}; use std::{collections::HashSet, env, error::Error}; @@ -68,49 +67,6 @@ async fn update(config: &Config) -> tide::Result<()> { Ok(()) } -fn uid_to_dn(uid: &str) -> String { - format!("uid={},ou=users,dc=skynet,dc=ie", uid) -} - -async fn update_group(config: &Config, group: &str, users: &Vec, replace: bool) -> tide::Result<()> { - if users.is_empty() { - return Ok(()); - } - - let mut ldap = LdapConn::new(&config.ldap_host)?; - - // use the admin account - ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?; - - let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group); - let members = users.iter().map(|uid| uid_to_dn(uid)).collect(); - let mods = if replace { - vec![Mod::Replace("member".to_string(), members)] - } else { - vec![Mod::Add("member".to_string(), members)] - }; - - if let Err(x) = ldap.modify(&dn, mods) { - println!("{:?}", x); - } - - let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group); - let members_linux = users.iter().map(|uid| uid.to_string()).collect(); - let mods = if replace { - vec![Mod::Replace("memberUid".to_string(), members_linux)] - } else { - vec![Mod::Add("memberUid".to_string(), members_linux)] - }; - if let Err(x) = ldap.modify(&dn_linux, mods) { - println!("{:?}", x); - }; - - // tidy up - ldap.unbind()?; - - Ok(()) -} - async fn from_csv(config: &Config) -> Result, Box> { let db = db_init(config).await.unwrap(); diff --git a/src/lib.rs b/src/lib.rs index 92d30b2..1b5e908 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,7 @@ pub mod methods; use chrono::{Datelike, SecondsFormat, Utc}; use dotenvy::dotenv; +use ldap3::{LdapConn, Mod}; use rand::{distributions::Alphanumeric, thread_rng, Rng}; use sqlx::{ sqlite::{SqliteConnectOptions, SqlitePoolOptions}, @@ -212,3 +213,46 @@ pub async fn get_wolves(db: &Pool) -> Vec { .await .unwrap_or(vec![]) } + +pub async fn update_group(config: &Config, group: &str, users: &Vec, replace: bool) -> tide::Result<()> { + if users.is_empty() { + return Ok(()); + } + + let mut ldap = LdapConn::new(&config.ldap_host)?; + + // use the admin account + ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?; + + let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group); + let members = users.iter().map(|uid| uid_to_dn(uid)).collect(); + let mods = if replace { + vec![Mod::Replace("member".to_string(), members)] + } else { + vec![Mod::Add("member".to_string(), members)] + }; + + if let Err(x) = ldap.modify(&dn, mods) { + println!("{:?}", x); + } + + let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group); + let members_linux = users.iter().map(|uid| uid.to_string()).collect(); + let mods = if replace { + vec![Mod::Replace("memberUid".to_string(), members_linux)] + } else { + vec![Mod::Add("memberUid".to_string(), members_linux)] + }; + if let Err(x) = ldap.modify(&dn_linux, mods) { + println!("{:?}", x); + }; + + // tidy up + ldap.unbind()?; + + Ok(()) +} + +pub fn uid_to_dn(uid: &str) -> String { + format!("uid={},ou=users,dc=skynet,dc=ie", uid) +} diff --git a/src/methods/account_new.rs b/src/methods/account_new.rs index 0026076..269e183 100644 --- a/src/methods/account_new.rs +++ b/src/methods/account_new.rs @@ -235,6 +235,7 @@ pub mod post { pub mod account { use super::*; + use crate::update_group; #[derive(Debug, Deserialize)] struct LdapNewUser { @@ -411,6 +412,11 @@ pub mod post { ldap.extended(tmp).unwrap(); + // user is already verified by being an active member on wolves + if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await { + println!("Couldnt add {} to skynet-users: {:?}", username, e) + } + ldap.unbind()?; Ok(()) -- 2.46.1 From 3134c651066469424efc56898af455d3d7c1f802 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 6 Aug 2023 14:27:24 +0100 Subject: [PATCH 2/2] fix: groups are now updated every 8 hours --- flake.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 950a332..90ef311 100644 --- a/flake.nix +++ b/flake.nix @@ -101,9 +101,11 @@ # modify these scripts = { + # every 15 min "update_data" = "*:0,15,30,45"; - #"new_users" = "*:5,20,35,50"; - "update_groups" = "*:5,20,35,50"; + #"new_users" = "*:5,20,35,50"; + # groups are updated every 8 hours + "update_groups" = "00,08,16:00:00"; }; in { -- 2.46.1