From 3541e61c21d4786455459925a09bef2ff2323441 Mon Sep 17 00:00:00 2001
From: "ORLHAC Etienne [EXT]" <etienne.orlhac.ext@scalian.com>
Date: Mon, 21 Oct 2019 18:37:11 +0200
Subject: [PATCH] Test replacing password with ldap connection

---
 .env.template       | 10 ++++++++++
 Cargo.toml          |  3 +++
 src/api/identity.rs | 17 +++++++++++++++++
 src/main.rs         |  2 ++
 4 files changed, 32 insertions(+)

diff --git a/.env.template b/.env.template
index a753a3df..ae0a3450 100644
--- a/.env.template
+++ b/.env.template
@@ -157,3 +157,13 @@
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_AUTH_MECHANISM="Plain"
+
+## LDAP Connection info
+# BITWARDEN_URL = "http://bitwarden:80"
+# BITWARDEN_ADMIN_TOKEN = "admin"
+# LDAP_HOST = "ldap"
+# LDAP_BIND_DN = "cn=admin,dc=example,dc=org"
+# LDAP_BIND_PASSWORD = "admin"
+# LDAP_SEARCH_BASE_DN = "dc=example,dc=org"
+# LDAP_SEARCH_FILTER = "(&(objectClass=*)(uid=*))"
+# LDAP_SYNC_INTERVAL_SECONDS = 10
\ No newline at end of file
diff --git a/Cargo.toml b/Cargo.toml
index 49aa6d61..3ae721d7 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -112,6 +112,9 @@ openssl = { version = "0.10.25", optional = true }
 # URL encoding library
 percent-encoding = "2.1.0"
 
+# LDAP
+ldap3 = "0.6.1"
+
 [patch.crates-io]
 # Add support for Timestamp type
 rmp = { git = 'https://github.com/3Hren/msgpack-rust', rev = 'd6c6c672e470341207ed9feb69b56322b5597a11' }
diff --git a/src/api/identity.rs b/src/api/identity.rs
index 7a2ef137..e9bf2f71 100644
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -14,6 +14,8 @@ use crate::mail;
 use crate::util;
 use crate::CONFIG;
 
+use ldap3::{DerefAliases, LdapConn, Scope, SearchEntry, SearchOptions};
+
 pub fn routes() -> Vec<Route> {
     routes![login]
 }
@@ -77,6 +79,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
         err!("Scope not supported")
     }
 
+    
     // Get the user
     let username = data.username.as_ref().unwrap();
     let user = match User::find_by_mail(username, &conn) {
@@ -87,6 +90,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
         ),
     };
 
+    /*
     // Check password
     let password = data.password.as_ref().unwrap();
     if !user.check_valid_password(password) {
@@ -95,6 +99,19 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
             format!("IP: {}. Username: {}.", ip.ip, username)
         )
     }
+    */
+
+    let ldap = LdapConn::new(CONFIG.ldap_host.as_str())?;
+    match ldap.simple_bind(data.username, data.password) {
+        _ => {}
+    };
+
+    if ldap.is_err() {
+        err!(
+            "Username or password is incorrect. Try again",
+            format!("IP: {}. Username: {}.", ip.ip, username)
+        );
+    }
 
     let (mut device, new_device) = get_device(&data, &conn, &user);
 
diff --git a/src/main.rs b/src/main.rs
index c6134da2..d95aa35b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -22,6 +22,8 @@ extern crate derive_more;
 #[macro_use]
 extern crate num_derive;
 
+extern crate ldap3;
+
 use std::{
     path::Path,
     process::{exit, Command},