finga/ldap0r
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Further improvements regarding indents

Browse source
This commit is contained in:
finga 2020-08-29 00:59:56 +02:00
parent b155c17337
commit b2e8141676
1 changed files with 75 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

149
src/main.rs
View file

@ -58,6 +58,7 @@ fn reset_prepare(config: &Ldap0rConfig, keys: &Keys, email_address: &str) -> Res
ldap.unbind()?; ldap.unbind()?;
let (rs, _res) = result.success()?; let (rs, _res) = result.success()?;
// check for less or more than 1 result
if rs.len() != 1 { if rs.len() != 1 {
bail!("Invalid password reset request for '{}'", email_address); bail!("Invalid password reset request for '{}'", email_address);
} }
@ -101,76 +102,78 @@ fn set_password(
key: &str, key: &str,
passwords: &PasswordsForm, passwords: &PasswordsForm,
) -> Result<Flash<Redirect>> { ) -> Result<Flash<Redirect>> {
if passwords.password == passwords.password_control { if passwords.password != passwords.password_control {
if passwords.password.len() >= 8 {
// key lookup
let keys = Arc::clone(&keys.keys);
if let Ok(mut keys) = keys.lock() {
let email = keys
.get(key)
.ok_or_else(|| anyhow!("Could not extract email"))?
.to_string();
// ldap lookup
let mut ldap = LdapConn::new(&config.ldap.server)?;
let result = ldap.search(
&config.ldap.base,
Scope::Subtree,
&format!("(&{}(mail={}))", &config.ldap.filter, &email),
vec!["cn"],
)?;
let (mut rs, _res) = result.success()?;
// ldap set new password
let user = SearchEntry::construct(
rs.pop()
.ok_or_else(|| anyhow!("Could extract not receive LDAP result"))?,
)
.attrs
.get("cn")
.ok_or_else(|| anyhow!("Could not extract 'cn' from LDAP entry"))?[0]
.to_string();
let mut password = HashSet::new();
password.insert(passwords.password.as_str());
ldap.simple_bind(&config.ldap.bind, &config.ldap.password)?
.success()?;
ldap.with_controls(RelaxRules.critical())
.modify(
&format!("cn={},{}", &user, &config.ldap.base),
vec![Mod::Replace("userPassword", password)],
)?
.success()?;
ldap.unbind()?;
keys.remove(key);
info!(
"New password set for user '{}' with email address '{}'",
&user, &email
);
return Ok(Flash::success(
Redirect::to(uri!(reset)),
"New password was saved",
));
} else {
error!("Could not aquire lock for keys");
};
} else {
return Ok(Flash::error(
Redirect::to(uri!(reset_key: key)),
"Password length has to be at least 8",
));
}
} else {
return Ok(Flash::error( return Ok(Flash::error(
Redirect::to(uri!(reset_key: key)), Redirect::to(uri!(reset_key: key)),
"Password does not match the password verification field", "Password does not match the password verification field",
)); ));
} }
Ok(Flash::error( if passwords.password.len() < 8 {
Redirect::to(uri!(reset_key: key)), return Ok(Flash::error(
"Setting new password failed", Redirect::to(uri!(reset_key: key)),
"Password length has to be at least 8",
));
}
// key lookup
let keys = Arc::clone(&keys.keys);
let mut keys = match keys.lock() {
Ok(keys) => keys,
Err(e) => {
error!("Could not aquire lock for keys: {}", e);
return Ok(Flash::error(
Redirect::to(uri!(reset_key: key)),
"Setting new password failed",
));
}
};
let email = keys
.get(key)
.ok_or_else(|| anyhow!("Could not extract email"))?
.to_string();
// ldap lookup
let mut ldap = LdapConn::new(&config.ldap.server)?;
let result = ldap.search(
&config.ldap.base,
Scope::Subtree,
&format!("(&{}(mail={}))", &config.ldap.filter, &email),
vec!["cn"],
)?;
let (mut rs, _res) = result.success()?;
// ldap set new password
let user = SearchEntry::construct(
rs.pop()
.ok_or_else(|| anyhow!("Could extract not receive LDAP result"))?,
)
.attrs
.get("cn")
.ok_or_else(|| anyhow!("Could not extract 'cn' from LDAP entry"))?[0]
.to_string();
let mut password = HashSet::new();
password.insert(passwords.password.as_str());
ldap.simple_bind(&config.ldap.bind, &config.ldap.password)?
.success()?;
ldap.with_controls(RelaxRules.critical())
.modify(
&format!("cn={},{}", &user, &config.ldap.base),
vec![Mod::Replace("userPassword", password)],
)?
.success()?;
ldap.unbind()?;
keys.remove(key);
info!(
"New password set for user '{}' with email address '{}'",
&user, &email
);
Ok(Flash::success(
Redirect::to(uri!(reset)),
"New password was saved",
)) ))
} }
@ -241,6 +244,7 @@ fn reset_key(keys: State<Keys>, key: String, flash: Option<FlashMessage>) -> Opt
} else { } else {
error!("Could not aquire lock for keys"); error!("Could not aquire lock for keys");
} }
None None
} }
@ -252,16 +256,13 @@ fn reset_password(
key: String, key: String,
passwords: Form<PasswordsForm>, passwords: Form<PasswordsForm>,
) -> Flash<Redirect> { ) -> Flash<Redirect> {
match set_password(&config, &keys, &key, &passwords) { set_password(&config, &keys, &key, &passwords).unwrap_or_else(|e| {
Ok(flash) => flash, error!("{} from {}", e, remote_address);
Err(e) => { Flash::error(
error!("{} from {}", e, remote_address); Redirect::to(uri!(reset_key: key)),
Flash::error( "Setting new password failed",
Redirect::to(uri!(reset_key: key)), )
"Setting new password failed", })
)
}
}
} }
fn main() { fn main() {