aboutsummaryrefslogtreecommitdiff
path: root/src/login
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2023-11-23 17:19:35 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2023-11-23 17:19:35 +0100
commit0722886efbeef3713bd7a671d2c09c8af2bdb6bd (patch)
tree89683e814debbd9689517009f0e946bd7b7a7d3f /src/login
parent8cd9801030e24c58621b3bed8723e8a8a4722ef8 (diff)
downloadaerogramme-0722886efbeef3713bd7a671d2c09c8af2bdb6bd.tar.gz
aerogramme-0722886efbeef3713bd7a671d2c09c8af2bdb6bd.zip
it compiles!
Diffstat (limited to 'src/login')
-rw-r--r--src/login/ldap_provider.rs90
-rw-r--r--src/login/static_provider.rs38
2 files changed, 71 insertions, 57 deletions
diff --git a/src/login/ldap_provider.rs b/src/login/ldap_provider.rs
index 2eeb6d9..561b1c2 100644
--- a/src/login/ldap_provider.rs
+++ b/src/login/ldap_provider.rs
@@ -5,10 +5,9 @@ use log::debug;
use crate::config::*;
use crate::login::*;
+use crate::storage;
pub struct LdapLoginProvider {
- k2v_region: Region,
- s3_region: Region,
ldap_server: String,
pre_bind_on_login: bool,
@@ -19,12 +18,9 @@ pub struct LdapLoginProvider {
username_attr: String,
mail_attr: String,
- aws_access_key_id_attr: String,
- aws_secret_access_key_attr: String,
+ storage_specific: StorageSpecific,
user_secret_attr: String,
alternate_user_secrets_attr: Option<String>,
-
- bucket_source: BucketSource,
}
enum BucketSource {
@@ -32,8 +28,13 @@ enum BucketSource {
Attr(String),
}
+enum StorageSpecific {
+ InMemory,
+ Garage { from_config: LdapGarageConfig, bucket_source: BucketSource },
+}
+
impl LdapLoginProvider {
- pub fn new(config: LoginLdapConfig, k2v_region: Region, s3_region: Region) -> Result<Self> {
+ pub fn new(config: LoginLdapConfig) -> Result<Self> {
let bind_dn_and_pw = match (config.bind_dn, config.bind_password) {
(Some(dn), Some(pw)) => Some((dn, pw)),
(None, None) => None,
@@ -42,12 +43,6 @@ impl LdapLoginProvider {
),
};
- let bucket_source = match (config.bucket, config.bucket_attr) {
- (Some(b), None) => BucketSource::Constant(b),
- (None, Some(a)) => BucketSource::Attr(a),
- _ => bail!("Must set `bucket` or `bucket_attr`, but not both"),
- };
-
if config.pre_bind_on_login && bind_dn_and_pw.is_none() {
bail!("Cannot use `pre_bind_on_login` without setting `bind_dn` and `bind_password`");
}
@@ -55,20 +50,34 @@ impl LdapLoginProvider {
let mut attrs_to_retrieve = vec![
config.username_attr.clone(),
config.mail_attr.clone(),
- config.aws_access_key_id_attr.clone(),
- config.aws_secret_access_key_attr.clone(),
config.user_secret_attr.clone(),
];
+
if let Some(a) = &config.alternate_user_secrets_attr {
attrs_to_retrieve.push(a.clone());
}
- if let BucketSource::Attr(a) = &bucket_source {
- attrs_to_retrieve.push(a.clone());
- }
+
+ // storage specific
+ let specific = match config.storage {
+ LdapStorage::InMemory => StorageSpecific::InMemory,
+ LdapStorage::Garage(grgconf) => {
+ let bucket_source = match (grgconf.default_bucket.clone(), grgconf.bucket_attr.clone()) {
+ (Some(b), None) => BucketSource::Constant(b),
+ (None, Some(a)) => BucketSource::Attr(a),
+ _ => bail!("Must set `bucket` or `bucket_attr`, but not both"),
+ };
+
+ if let BucketSource::Attr(a) = &bucket_source {
+ attrs_to_retrieve.push(a.clone());
+ }
+
+ StorageSpecific::Garage { from_config: grgconf, bucket_source }
+ },
+ };
+
+
Ok(Self {
- k2v_region,
- s3_region,
ldap_server: config.ldap_server,
pre_bind_on_login: config.pre_bind_on_login,
bind_dn_and_pw,
@@ -76,29 +85,36 @@ impl LdapLoginProvider {
attrs_to_retrieve,
username_attr: config.username_attr,
mail_attr: config.mail_attr,
- aws_access_key_id_attr: config.aws_access_key_id_attr,
- aws_secret_access_key_attr: config.aws_secret_access_key_attr,
+ storage_specific: specific,
user_secret_attr: config.user_secret_attr,
alternate_user_secrets_attr: config.alternate_user_secrets_attr,
- bucket_source,
})
}
- fn storage_creds_from_ldap_user(&self, user: &SearchEntry) -> Result<StorageCredentials> {
- let aws_access_key_id = get_attr(user, &self.aws_access_key_id_attr)?;
- let aws_secret_access_key = get_attr(user, &self.aws_secret_access_key_attr)?;
- let bucket = match &self.bucket_source {
- BucketSource::Constant(b) => b.clone(),
- BucketSource::Attr(a) => get_attr(user, a)?,
+ fn storage_creds_from_ldap_user(&self, user: &SearchEntry) -> Result<Builders> {
+ let storage: Builders = match &self.storage_specific {
+ StorageSpecific::InMemory => Box::new(storage::in_memory::FullMem {}),
+ StorageSpecific::Garage { from_config, bucket_source } => {
+ let aws_access_key_id = get_attr(user, &from_config.aws_access_key_id_attr)?;
+ let aws_secret_access_key = get_attr(user, &from_config.aws_secret_access_key_attr)?;
+ let bucket = match bucket_source {
+ BucketSource::Constant(b) => b.clone(),
+ BucketSource::Attr(a) => get_attr(user, &a)?,
+ };
+
+
+ Box::new(storage::garage::GrgCreds {
+ region: from_config.aws_region.clone(),
+ s3_endpoint: from_config.s3_endpoint.clone(),
+ k2v_endpoint: from_config.k2v_endpoint.clone(),
+ aws_access_key_id,
+ aws_secret_access_key,
+ bucket
+ })
+ },
};
- Ok(StorageCredentials {
- k2v_region: self.k2v_region.clone(),
- s3_region: self.s3_region.clone(),
- aws_access_key_id,
- aws_secret_access_key,
- bucket,
- })
+ Ok(storage)
}
}
@@ -204,7 +220,7 @@ impl LoginProvider for LdapLoginProvider {
let storage = self.storage_creds_from_ldap_user(&user)?;
drop(ldap);
- let k2v_client = storage.k2v_client()?;
+ let k2v_client = storage.row_store()?;
let (_, public_key) = CryptoKeys::load_salt_and_public(&k2v_client).await?;
Ok(PublicCredentials {
diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs
index bd22060..0b726cb 100644
--- a/src/login/static_provider.rs
+++ b/src/login/static_provider.rs
@@ -52,9 +52,16 @@ impl LoginProvider for StaticLoginProvider {
}
tracing::debug!(user=%username, "fetch keys");
- let storage: storage::Builders = match user.storage {
+ let storage: storage::Builders = match &user.storage {
StaticStorage::InMemory => Box::new(storage::in_memory::FullMem {}),
- StaticStorage::Garage(c) => Box::new(storage::garage::GrgCreds {}),
+ StaticStorage::Garage(grgconf) => Box::new(storage::garage::GrgCreds {
+ region: grgconf.aws_region.clone(),
+ k2v_endpoint: grgconf.k2v_endpoint.clone(),
+ s3_endpoint: grgconf.s3_endpoint.clone(),
+ aws_access_key_id: grgconf.aws_access_key_id.clone(),
+ aws_secret_access_key: grgconf.aws_secret_access_key.clone(),
+ bucket: grgconf.bucket.clone(),
+ }),
};
let keys = match (&user.master_key, &user.secret_key) {
@@ -87,25 +94,16 @@ impl LoginProvider for StaticLoginProvider {
Some(u) => u,
};
- /*
- let bucket = user
- .bucket
- .clone()
- .or_else(|| self.default_bucket.clone())
- .ok_or(anyhow!(
- "No bucket configured and no default bucket specieid"
- ))?;
-
- let storage = StorageCredentials {
- k2v_region: self.k2v_region.clone(),
- s3_region: self.s3_region.clone(),
- aws_access_key_id: user.aws_access_key_id.clone(),
- aws_secret_access_key: user.aws_secret_access_key.clone(),
- bucket,
- };*/
- let storage: storage::Builders = match user.storage {
+ let storage: storage::Builders = match &user.storage {
StaticStorage::InMemory => Box::new(storage::in_memory::FullMem {}),
- StaticStorage::Garage(c) => Box::new(storage::garage::GrgCreds {}),
+ StaticStorage::Garage(grgconf) => Box::new(storage::garage::GrgCreds {
+ region: grgconf.aws_region.clone(),
+ k2v_endpoint: grgconf.k2v_endpoint.clone(),
+ s3_endpoint: grgconf.s3_endpoint.clone(),
+ aws_access_key_id: grgconf.aws_access_key_id.clone(),
+ aws_secret_access_key: grgconf.aws_secret_access_key.clone(),
+ bucket: grgconf.bucket.clone(),
+ }),
};
let k2v_client = storage.row_store()?;