feat: when a user adds a mail and is not already a member of skynet-users it... #39
2 changed files with 32 additions and 5 deletions
|
@ -59,7 +59,7 @@ pub mod email {
|
||||||
Ok(json!({"result": "success"}).into())
|
Ok(json!({"result": "success"}).into())
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
|
pub async fn get_wolves_mail(db: &Pool<Sqlite>, mail: &str) -> Vec<AccountWolves> {
|
||||||
sqlx::query_as::<_, AccountWolves>(
|
sqlx::query_as::<_, AccountWolves>(
|
||||||
r#"
|
r#"
|
||||||
SELECT *
|
SELECT *
|
||||||
|
@ -410,7 +410,7 @@ pub mod account {
|
||||||
ldap.extended(tmp).unwrap();
|
ldap.extended(tmp).unwrap();
|
||||||
|
|
||||||
// user is already verified by being an active member on wolves
|
// user is already verified by being an active member on wolves
|
||||||
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], true).await {
|
if let Err(e) = update_group(config, "skynet-users", &vec![username.to_string()], false).await {
|
||||||
println!("Couldnt add {} to skynet-users: {:?}", username, e)
|
println!("Couldnt add {} to skynet-users: {:?}", username, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
use crate::State;
|
use crate::{methods::account_new::email::get_wolves_mail, update_group, Config, State};
|
||||||
use ldap3::{exop::PasswordModify, LdapConn, Mod, Scope, SearchEntry};
|
use ldap3::{exop::PasswordModify, LdapConn, Mod, Scope, SearchEntry};
|
||||||
|
use sqlx::{Pool, Sqlite};
|
||||||
use std::collections::{HashMap, HashSet};
|
use std::collections::{HashMap, HashSet};
|
||||||
use tide::{
|
use tide::{
|
||||||
prelude::{json, Deserialize, Serialize},
|
prelude::{json, Deserialize, Serialize},
|
||||||
|
@ -39,6 +40,7 @@ pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
}
|
}
|
||||||
|
|
||||||
let config = &req.state().config;
|
let config = &req.state().config;
|
||||||
|
let db = &req.state().db;
|
||||||
|
|
||||||
// easier to give each request its own connection
|
// easier to give each request its own connection
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
@ -48,18 +50,33 @@ pub async fn submit(mut req: Request<State>) -> tide::Result {
|
||||||
|
|
||||||
// always assume insecure
|
// always assume insecure
|
||||||
let mut pw_keep_same = false;
|
let mut pw_keep_same = false;
|
||||||
|
let mut is_skynet_user = false;
|
||||||
|
|
||||||
// get the users current password hash
|
// get the users current password hash
|
||||||
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword"])?.success()?;
|
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword", "memberOf"])?.success()?;
|
||||||
if !rs.is_empty() {
|
if !rs.is_empty() {
|
||||||
let tmp = SearchEntry::construct(rs[0].clone());
|
let tmp = SearchEntry::construct(rs[0].clone());
|
||||||
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
|
if tmp.attrs.contains_key("userPassword")
|
||||||
|
&& !tmp.attrs["userPassword"].is_empty()
|
||||||
|
&& tmp.attrs["userPassword"][0].starts_with("{SSHA512}")
|
||||||
|
{
|
||||||
pw_keep_same = true;
|
pw_keep_same = true;
|
||||||
}
|
}
|
||||||
|
if tmp.attrs.contains_key("memberOf") {
|
||||||
|
for group in tmp.attrs["memberOf"].clone() {
|
||||||
|
if group.contains("skynet-users") {
|
||||||
|
is_skynet_user = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the password field itself is being updated
|
// check if the password field itself is being updated
|
||||||
let pass_new = if &field != "userPassword" {
|
let pass_new = if &field != "userPassword" {
|
||||||
|
if !is_skynet_user && &field == "mail" {
|
||||||
|
activate_group(db, config, &user, &value).await;
|
||||||
|
}
|
||||||
|
|
||||||
// if password is not being updated then just update the required field
|
// if password is not being updated then just update the required field
|
||||||
let mods = vec![
|
let mods = vec![
|
||||||
// the value we are updating
|
// the value we are updating
|
||||||
|
@ -128,3 +145,13 @@ fn get_result_values(attrs: &HashMap<String, Vec<String>>, field: &str) -> Optio
|
||||||
}
|
}
|
||||||
None
|
None
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn activate_group(db: &Pool<Sqlite>, config: &Config, user: &str, mail: &str) {
|
||||||
|
// check if user has this mail in teh wolves db
|
||||||
|
if !get_wolves_mail(db, mail).await.is_empty() {
|
||||||
|
// if so then activate
|
||||||
|
if let Err(e) = update_group(config, "skynet-users", &vec![user.to_string()], false).await {
|
||||||
|
println!("Couldnt add {} to skynet-users: {:?}", user, e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue