cargo fmt
This commit is contained in:
parent
d626f3366d
commit
8975b0f9e9
@ -255,9 +255,9 @@ fn get_ldap_config() -> Option<LdapConfig> {
|
|||||||
if addr.is_some() && base_dn.is_some() {
|
if addr.is_some() && base_dn.is_some() {
|
||||||
let tls = var("LDAP_TLS").unwrap_or_else(|_| "false".to_owned());
|
let tls = var("LDAP_TLS").unwrap_or_else(|_| "false".to_owned());
|
||||||
let tls = match tls.as_ref() {
|
let tls = match tls.as_ref() {
|
||||||
"1" | "true" | "TRUE" => true,
|
"1" | "true" | "TRUE" => true,
|
||||||
"0" | "false" | "FALSE" => false,
|
"0" | "false" | "FALSE" => false,
|
||||||
_ => panic!("Invalid LDAP configuration : tls")
|
_ => panic!("Invalid LDAP configuration : tls"),
|
||||||
};
|
};
|
||||||
let user_name_attr = var("LDAP_USER_NAME_ATTR").unwrap_or_else(|_| "cn".to_owned());
|
let user_name_attr = var("LDAP_USER_NAME_ATTR").unwrap_or_else(|_| "cn".to_owned());
|
||||||
let mail_attr = var("LDAP_USER_MAIL_ATTR").unwrap_or_else(|_| "mail".to_owned());
|
let mail_attr = var("LDAP_USER_MAIL_ATTR").unwrap_or_else(|_| "mail".to_owned());
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
use crate::{
|
use crate::{
|
||||||
ap_url, blocklisted_emails::BlocklistedEmail, blogs::Blog, config::CONFIG, db_conn::DbConn, follows::Follow,
|
ap_url, blocklisted_emails::BlocklistedEmail, blogs::Blog, config::CONFIG, db_conn::DbConn,
|
||||||
instance::*, medias::Media, notifications::Notification, post_authors::PostAuthor, posts::Post,
|
follows::Follow, instance::*, medias::Media, notifications::Notification,
|
||||||
safe_string::SafeString, schema::users, search::Searcher, timeline::Timeline, Connection,
|
post_authors::PostAuthor, posts::Post, safe_string::SafeString, schema::users,
|
||||||
Error, PlumeRocket, Result, ITEMS_PER_PAGE,
|
search::Searcher, timeline::Timeline, Connection, Error, PlumeRocket, Result, ITEMS_PER_PAGE,
|
||||||
};
|
};
|
||||||
use activitypub::{
|
use activitypub::{
|
||||||
activity::Delete,
|
activity::Delete,
|
||||||
@ -14,7 +14,7 @@ use activitypub::{
|
|||||||
use bcrypt;
|
use bcrypt;
|
||||||
use chrono::{NaiveDateTime, Utc};
|
use chrono::{NaiveDateTime, Utc};
|
||||||
use diesel::{self, BelongingToDsl, ExpressionMethods, OptionalExtension, QueryDsl, RunQueryDsl};
|
use diesel::{self, BelongingToDsl, ExpressionMethods, OptionalExtension, QueryDsl, RunQueryDsl};
|
||||||
use ldap3::{LdapConn, SearchEntry, Scope};
|
use ldap3::{LdapConn, Scope, SearchEntry};
|
||||||
use openssl::{
|
use openssl::{
|
||||||
hash::MessageDigest,
|
hash::MessageDigest,
|
||||||
pkey::{PKey, Private},
|
pkey::{PKey, Private},
|
||||||
@ -297,16 +297,23 @@ impl User {
|
|||||||
if let Some(ldap) = CONFIG.ldap.as_ref() {
|
if let Some(ldap) = CONFIG.ldap.as_ref() {
|
||||||
let mut ldap_conn = LdapConn::new(&ldap.addr).map_err(|_| Error::NotFound)?;
|
let mut ldap_conn = LdapConn::new(&ldap.addr).map_err(|_| Error::NotFound)?;
|
||||||
let ldap_name = format!("{}={},{}", ldap.user_name_attr, name, ldap.base_dn);
|
let ldap_name = format!("{}={},{}", ldap.user_name_attr, name, ldap.base_dn);
|
||||||
let bind = ldap_conn.simple_bind(&ldap_name, password).map_err(|_| Error::NotFound)?;
|
let bind = ldap_conn
|
||||||
|
.simple_bind(&ldap_name, password)
|
||||||
|
.map_err(|_| Error::NotFound)?;
|
||||||
if bind.success().is_ok() {
|
if bind.success().is_ok() {
|
||||||
let search = ldap_conn.search(&ldap_name, Scope::Base, "(|(objectClass=person)(objectClass=user))", vec![&ldap.mail_attr])
|
let search = ldap_conn
|
||||||
|
.search(
|
||||||
|
&ldap_name,
|
||||||
|
Scope::Base,
|
||||||
|
"(|(objectClass=person)(objectClass=user))",
|
||||||
|
vec![&ldap.mail_attr],
|
||||||
|
)
|
||||||
.map_err(|_| Error::NotFound)?
|
.map_err(|_| Error::NotFound)?
|
||||||
.success()
|
.success()
|
||||||
.map_err(|_| Error::NotFound)?;
|
.map_err(|_| Error::NotFound)?;
|
||||||
for entry in search.0 {
|
for entry in search.0 {
|
||||||
let entry = SearchEntry::construct(entry);
|
let entry = SearchEntry::construct(entry);
|
||||||
let email = entry.attrs.get("mail")
|
let email = entry.attrs.get("mail").and_then(|vec| vec.first());
|
||||||
.and_then(|vec| vec.first());
|
|
||||||
if email.is_some() {
|
if email.is_some() {
|
||||||
let _ = ldap_conn.unbind();
|
let _ = ldap_conn.unbind();
|
||||||
return NewUser::new_local(
|
return NewUser::new_local(
|
||||||
@ -337,7 +344,10 @@ impl User {
|
|||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
};
|
};
|
||||||
let name = format!("{}={},{}", ldap.user_name_attr, &self.username, ldap.base_dn);
|
let name = format!(
|
||||||
|
"{}={},{}",
|
||||||
|
ldap.user_name_attr, &self.username, ldap.base_dn
|
||||||
|
);
|
||||||
if let Ok(bind) = conn.simple_bind(&name, password) {
|
if let Ok(bind) = conn.simple_bind(&name, password) {
|
||||||
bind.success().is_ok()
|
bind.success().is_ok()
|
||||||
} else {
|
} else {
|
||||||
@ -352,35 +362,40 @@ impl User {
|
|||||||
let local_id = Instance::get_local()?.id;
|
let local_id = Instance::get_local()?.id;
|
||||||
let user = User::find_by_email(conn, ident)
|
let user = User::find_by_email(conn, ident)
|
||||||
.or_else(|_| User::find_by_name(conn, ident, local_id))
|
.or_else(|_| User::find_by_name(conn, ident, local_id))
|
||||||
.and_then(|u| if u.instance_id == local_id {
|
.and_then(|u| {
|
||||||
Ok(u)
|
if u.instance_id == local_id {
|
||||||
} else {
|
Ok(u)
|
||||||
Err(Error::NotFound)
|
} else {
|
||||||
|
Err(Error::NotFound)
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
match user {
|
match user {
|
||||||
Ok(user) if user.hashed_password.is_some() => {
|
Ok(user) if user.hashed_password.is_some() => {
|
||||||
if bcrypt::verify(password, user.hashed_password.as_ref().unwrap()).unwrap_or(false) {
|
if bcrypt::verify(password, user.hashed_password.as_ref().unwrap()).unwrap_or(false)
|
||||||
|
{
|
||||||
Ok(user)
|
Ok(user)
|
||||||
} else {
|
} else {
|
||||||
Err(Error::NotFound)
|
Err(Error::NotFound)
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
Ok(user) => {
|
Ok(user) => {
|
||||||
if user.ldap_login(password) {
|
if user.ldap_login(password) {
|
||||||
Ok(user)
|
Ok(user)
|
||||||
} else {
|
} else {
|
||||||
Err(Error::NotFound)
|
Err(Error::NotFound)
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
e => {
|
e => {
|
||||||
if let Ok(user) = User::ldap_register(conn, ident, password) {
|
if let Ok(user) = User::ldap_register(conn, ident, password) {
|
||||||
return Ok(user);
|
return Ok(user);
|
||||||
}
|
}
|
||||||
let other = User::get(&*conn, 1).expect("No user is registered").hashed_password;
|
let other = User::get(&*conn, 1)
|
||||||
|
.expect("No user is registered")
|
||||||
|
.hashed_password;
|
||||||
other.map(|pass| bcrypt::verify(password, &pass));
|
other.map(|pass| bcrypt::verify(password, &pass));
|
||||||
e
|
e
|
||||||
},
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user