Test replacing password with ldap connection

6 years ago · 3541e61c21
4 changed files with 32 additions and 0 deletions
--- a/.env.template
+++ b/.env.template
@ -157,3 +157,13 @@
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_AUTH_MECHANISM="Plain"
+
+## LDAP Connection info
+# BITWARDEN_URL = "http://bitwarden:80"
+# BITWARDEN_ADMIN_TOKEN = "admin"
+# LDAP_HOST = "ldap"
+# LDAP_BIND_DN = "cn=admin,dc=example,dc=org"
+# LDAP_BIND_PASSWORD = "admin"
+# LDAP_SEARCH_BASE_DN = "dc=example,dc=org"
+# LDAP_SEARCH_FILTER = "(&(objectClass=*)(uid=*))"
+# LDAP_SYNC_INTERVAL_SECONDS = 10
--- a/Cargo.toml
+++ b/Cargo.toml
@ -112,6 +112,9 @@ openssl = { version = "0.10.25", optional = true }
 # URL encoding library
 percent-encoding = "2.1.0"

+# LDAP
+ldap3 = "0.6.1"
+
 [patch.crates-io]
 # Add support for Timestamp type
 rmp = { git = 'https://github.com/3Hren/msgpack-rust', rev = 'd6c6c672e470341207ed9feb69b56322b5597a11' }
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -14,6 +14,8 @@ use crate::mail;
 use crate::util;
 use crate::CONFIG;

+use ldap3::{DerefAliases, LdapConn, Scope, SearchEntry, SearchOptions};
+
 pub fn routes() -> Vec<Route> {
    routes![login]
 }
@ -77,6 +79,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
        err!("Scope not supported")
    }

+    
    // Get the user
    let username = data.username.as_ref().unwrap();
    let user = match User::find_by_mail(username, &conn) {
@ -87,6 +90,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
        ),
    };

+    /*
    // Check password
    let password = data.password.as_ref().unwrap();
    if !user.check_valid_password(password) {
@ -95,6 +99,19 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
            format!("IP: {}. Username: {}.", ip.ip, username)
        )
    }
+    */
+
+    let ldap = LdapConn::new(CONFIG.ldap_host.as_str())?;
+    match ldap.simple_bind(data.username, data.password) {
+        _ => {}
+    };
+
+    if ldap.is_err() {
+        err!(
+            "Username or password is incorrect. Try again",
+            format!("IP: {}. Username: {}.", ip.ip, username)
+        );
+    }

    let (mut device, new_device) = get_device(&data, &conn, &user);

--- a/src/main.rs
+++ b/src/main.rs
@ -22,6 +22,8 @@ extern crate derive_more;
 #[macro_use]
 extern crate num_derive;

+extern crate ldap3;
+
 use std::{
    path::Path,
    process::{exit, Command},