Restrict account names that users can signup with #44
3 changed files with 26 additions and 4 deletions
|
@ -59,6 +59,7 @@
|
||||||
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
|
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
|
||||||
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
|
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
|
||||||
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
|
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
|
||||||
|
USERS_RESTRICTED = lib.strings.concatStringsSep "," cfg.users.restricted;
|
||||||
};
|
};
|
||||||
|
|
||||||
service_name = script: lib.strings.sanitizeDerivationName("${cfg.user}@${script}");
|
service_name = script: lib.strings.sanitizeDerivationName("${cfg.user}@${script}");
|
||||||
|
@ -146,6 +147,11 @@
|
||||||
default = [];
|
default = [];
|
||||||
description = "array of banned users";
|
description = "array of banned users";
|
||||||
};
|
};
|
||||||
|
restricted = mkOption rec {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = "array of restricted user accounts";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
host_port = mkOption rec {
|
host_port = mkOption rec {
|
||||||
|
|
|
@ -190,6 +190,7 @@ pub struct Config {
|
||||||
pub mail_pass: String,
|
pub mail_pass: String,
|
||||||
pub ssh_root: String,
|
pub ssh_root: String,
|
||||||
pub auth_discord: String,
|
pub auth_discord: String,
|
||||||
|
pub users_restricted: Vec<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_config() -> Config {
|
pub fn get_config() -> Config {
|
||||||
|
@ -209,6 +210,7 @@ pub fn get_config() -> Config {
|
||||||
mail_pass: "".to_string(),
|
mail_pass: "".to_string(),
|
||||||
ssh_root: "skynet_old".to_string(),
|
ssh_root: "skynet_old".to_string(),
|
||||||
auth_discord: "".to_string(),
|
auth_discord: "".to_string(),
|
||||||
|
users_restricted: vec![],
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Ok(x) = env::var("LDAP_HOST") {
|
if let Ok(x) = env::var("LDAP_HOST") {
|
||||||
|
@ -248,6 +250,13 @@ pub fn get_config() -> Config {
|
||||||
config.auth_discord = x.trim().to_string();
|
config.auth_discord = x.trim().to_string();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if let Ok(x) = env::var("USERS_RESTRICTED") {
|
||||||
|
// usernames that are restricted
|
||||||
|
for user in x.split(',').collect::<Vec<&str>>() {
|
||||||
|
config.users_restricted.push(user.to_string());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
config
|
config
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -269,6 +269,13 @@ pub mod account {
|
||||||
return Ok(json!({"result": "error", "error": error}).into());
|
return Ok(json!({"result": "error", "error": error}).into());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check against forbidden names first
|
||||||
|
for name in &config.users_restricted {
|
||||||
|
if user.contains(name) {
|
||||||
|
return Ok(json!({"result": "error", "error": "username not available"}).into());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// easier to give each request its own connection
|
// easier to give each request its own connection
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue