Brendan Golden
1ec21d22dd
Backend for new SSH page Closes #24 See merge request compsoc1/skynet/ldap/backend!20 |
||
---|---|---|
scripts | ||
src | ||
.gitignore | ||
.gitlab-ci.yml | ||
.rustfmt.toml | ||
Cargo.lock | ||
Cargo.toml | ||
flake.lock | ||
flake.nix | ||
README.md | ||
rust-toolchain.toml |
Skynet LDAP backend
Basic information on the Skynet ldap backend for use on https://account.skynet.ie
Error: HTTP 500
No indication of the issue is returned to teh frontend.
Routes
Base URL: https://api.account.skynet.ie
POST /ldap/update
Fields:
- userPassword
- sshPublicKey
- cn
- sn
- skDiscord
{
"user" : "username",
"pass" : "password",
"field": "field to change",
"value": "new value of field"
}
Success:
Each value is either a string or null
.
{
"result": "success",
"success": {
"cn": "Firstname Surname",
"mail": "Email address",
"skDiscord": null,
"sshPublicKey": "ssh key"
}
}
Changing userPassword
requires the existing password in teh apssword field and the new one in teh value field.
POST /ldap/new/email
Kickstarts teh process of signing up to Skynet
{
"email" : "User's wolves email"
}
POST /ldap/new/account
Verifies teh user has access to this email
{
"auth" : "Authcode from the email",
"user" : "username the user wants",
"pass" : "password teh user wants"
}
Username taken:
{"result": "error", "error": "username not available"}
Invalid Auth:
{"result": "error", "error": "Invalid auth"}
Responses
Generic responses which is used unless otherwise specified above.
POST /ldap/recover/username
Sends an email to the user of the address reminding them of their username (if there is an account associated with said username).
{
"email" : "email looking for remidner"
}
POST /ldap/recover/password
{
"user" : "[OPTIONAL] username looking for reset",
"email" : "[OPTIONAL] email looking for reset"
}
All responses:
{"result": "success"}
POST /ldap/recover/password/auth
{
"auth" : "Auth key from teh email",
"pass" : "Password the user chooses"
}
Early Errors:
{"result": "error"}
LDAP error:
{"result": "error", "error": "ldap error"}
Success:
{"result": "success", "success": "Password set"}
POST /ldap/recover/ssh/request
This endpoint can set emails for old skynet members who previously logged in via ssh keys.
- Request for their account.
- A list of public keys will be displayed.
- Sign using one of the private keys.
- Submit the pem value.
echo "auth code" | ssh-keygen -Y sign -n file -f /path/to/private/key
{
"user" : "Skynet username",
"email" : "Email to set"
}
Errors:
{"result": "error", "error": "Skynet email not permitted."}
{ "result": "success", "success": { "auth": "", "keys": [] }}
{ "result": "success", "success": { "auth": "code here", "keys": ["key 1", "key 2"] }}
POST /ldap/recover/ssh/verify
{
"user" : "Skynet username",
"auth_signed" : "signed auth code"
}
Errors
{ "result": "error"}
{ "result": "error", "error": "Incorrect signed format"}
{"result": "error", "error": "no valid key"}
Success
{"result": "success", "success": "key valid"}
POST /ldap/ssh
Returns array of SSH keys associated with the Skynet account
{
"auth" : {
"user": "username",
"pass": "password"
}
}
Errors
{"result": "error", "error": "Failed to authenticate"}
Success
{"result": "success", "success": ["key1","key2","key3"]}
DELETE /ldap/ssh
Deletes SSH key from Skynet account
{
"auth" : {
"user": "username",
"pass": "password"
},
"key": "ssh key"
}
Errors
{"result": "error", "error": "Failed to authenticate"}
{"result": "error", "error": "Failed to remove key"}
Success
{"result": "success"}
POST /ldap/ssh/add
Adds SSH key to Skynet account
{
"auth" : {
"user": "username",
"pass": "password"
},
"key": "ssh key"
}
Errors
{"result": "error", "error": "Failed to authenticate"}
{"result": "error", "error": "Failed to add key"}
Success
{"result": "success"}
Responses
Generic responses which is used unless otherwise specified above.
Success: HTTP 200
{
"result": "success"
}