server: Migrate from lldap_readonly to lldap_strict_readonly

This commit is contained in:
Valentin Tolmer 2022-07-08 17:34:22 +02:00 committed by nitnelave
parent 6701027002
commit 500a441df7
4 changed files with 89 additions and 57 deletions

38
Cargo.lock generated
View File

@ -1959,7 +1959,7 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
[[package]]
name = "lldap"
version = "0.3.0-rc.1"
version = "0.3.0"
dependencies = [
"actix",
"actix-files",
@ -2022,7 +2022,7 @@ dependencies = [
[[package]]
name = "lldap_app"
version = "0.3.0-alpha.1"
version = "0.3.0"
dependencies = [
"anyhow",
"chrono",
@ -2035,7 +2035,7 @@ dependencies = [
"serde",
"serde_json",
"validator",
"validator_derive 0.15.0",
"validator_derive",
"wasm-bindgen",
"web-sys",
"yew",
@ -3973,7 +3973,7 @@ dependencies = [
"serde_derive",
"serde_json",
"url",
"validator_types 0.14.0",
"validator_types",
]
[[package]]
@ -3989,23 +3989,7 @@ dependencies = [
"quote",
"regex",
"syn",
"validator_types 0.14.0",
]
[[package]]
name = "validator_derive"
version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ea7ed5e8cf2b6bdd64a6c4ce851da25388a89327b17b88424ceced6bd5017923"
dependencies = [
"if_chain",
"lazy_static",
"proc-macro-error",
"proc-macro2",
"quote",
"regex",
"syn",
"validator_types 0.15.0",
"validator_types",
]
[[package]]
@ -4018,16 +4002,6 @@ dependencies = [
"syn",
]
[[package]]
name = "validator_types"
version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2ddf34293296847abfc1493b15c6e2f5d3cd19f57ad7d22673bf4c6278da329"
dependencies = [
"proc-macro2",
"syn",
]
[[package]]
name = "valuable"
version = "0.1.0"
@ -4346,7 +4320,7 @@ version = "0.1.8"
source = "git+https://github.com/sassman/yew_form/?rev=67050812695b7a8a90b81b0637e347fc6629daed#67050812695b7a8a90b81b0637e347fc6629daed"
dependencies = [
"validator",
"validator_derive 0.14.0",
"validator_derive",
"yew",
]

View File

@ -463,24 +463,7 @@ impl BackendHandler for SqlBackendHandler {
#[instrument(skip_all, level = "debug", ret, err)]
async fn create_group(&self, group_name: &str) -> Result<GroupId> {
debug!(?group_name);
let now = chrono::Utc::now();
let (query, values) = Query::insert()
.into_table(Groups::Table)
.columns(vec![
Groups::DisplayName,
Groups::CreationDate,
Groups::Uuid,
])
.values_panic(vec![
group_name.into(),
now.naive_utc().into(),
Uuid::from_name_and_date(group_name, &now).into(),
])
.build_sqlx(DbQueryBuilder {});
debug!(%query);
query_with(query.as_str(), values)
.execute(&self.sql_pool)
.await?;
crate::domain::sql_tables::create_group(group_name, &self.sql_pool).await?;
let (query, values) = Query::select()
.column(Groups::GroupId)
.from(Groups::Table)

View File

@ -1,7 +1,8 @@
use super::handler::{GroupId, UserId, Uuid};
use sea_query::*;
use sea_query_binder::SqlxBinder;
use sqlx::Row;
use tracing::warn;
use tracing::{debug, warn};
pub type Pool = sqlx::sqlite::SqlitePool;
pub type PoolOptions = sqlx::sqlite::SqlitePoolOptions;
@ -83,6 +84,28 @@ async fn column_exists(pool: &Pool, table_name: &str, column_name: &str) -> sqlx
> 0)
}
pub async fn create_group(group_name: &str, pool: &Pool) -> sqlx::Result<()> {
let now = chrono::Utc::now();
let (query, values) = Query::insert()
.into_table(Groups::Table)
.columns(vec![
Groups::DisplayName,
Groups::CreationDate,
Groups::Uuid,
])
.values_panic(vec![
group_name.into(),
now.naive_utc().into(),
Uuid::from_name_and_date(group_name, &now).into(),
])
.build_sqlx(DbQueryBuilder {});
debug!(%query);
sqlx::query_with(query.as_str(), values)
.execute(pool)
.await
.map(|_| ())
}
pub async fn init_table(pool: &Pool) -> sqlx::Result<()> {
// SQLite needs this pragma to be turned on. Other DB might not understand this, so ignore the
// error.
@ -298,6 +321,29 @@ pub async fn init_table(pool: &Pool) -> sqlx::Result<()> {
.execute(pool)
.await?;
if sqlx::query(
&Query::select()
.from(Groups::Table)
.column(Groups::DisplayName)
.cond_where(Expr::col(Groups::DisplayName).eq("lldap_readonly"))
.to_string(DbQueryBuilder {}),
)
.fetch_one(pool)
.await
.is_ok()
{
sqlx::query(
&Query::update()
.table(Groups::Table)
.values(vec![(Groups::DisplayName, "lldap_password_manager".into())])
.cond_where(Expr::col(Groups::DisplayName).eq("lldap_readonly"))
.to_string(DbQueryBuilder {}),
)
.execute(pool)
.await?;
create_group("lldap_strict_readonly", pool).await?
}
Ok(())
}
@ -349,14 +395,21 @@ mod tests {
.execute(&sql_pool)
.await
.unwrap();
sqlx::query(r#"CREATE TABLE groups ( group_id int, display_name TEXT );"#)
sqlx::query(r#"CREATE TABLE groups ( group_id INTEGER PRIMARY KEY, display_name TEXT );"#)
.execute(&sql_pool)
.await
.unwrap();
sqlx::query(
r#"INSERT INTO groups (display_name)
VALUES ("lldap_admin"), ("lldap_readonly")"#,
)
.execute(&sql_pool)
.await
.unwrap();
init_table(&sql_pool).await.unwrap();
sqlx::query(
r#"INSERT INTO groups (group_id, display_name, creation_date, uuid)
VALUES (3, "test", "1970-01-01 00:00:00", "abc")"#,
r#"INSERT INTO groups (display_name, creation_date, uuid)
VALUES ("test", "1970-01-01 00:00:00", "abc")"#,
)
.execute(&sql_pool)
.await
@ -371,5 +424,23 @@ mod tests {
.collect::<Vec<_>>(),
vec![crate::uuid!("a02eaf13-48a7-30f6-a3d4-040ff7c52b04")]
);
assert_eq!(
sqlx::query(r#"SELECT group_id, display_name FROM groups"#)
.fetch_all(&sql_pool)
.await
.unwrap()
.into_iter()
.map(|row| (
row.get::<GroupId, _>("group_id"),
row.get::<String, _>("display_name")
))
.collect::<Vec<_>>(),
vec![
(GroupId(1), "lldap_admin".to_string()),
(GroupId(2), "lldap_password_manager".to_string()),
(GroupId(3), "lldap_strict_readonly".to_string()),
(GroupId(4), "test".to_string())
]
);
}
}

View File

@ -68,14 +68,18 @@ async fn set_up_server(config: Configuration) -> Result<ServerBuilder> {
}
if backend_handler
.list_groups(Some(GroupRequestFilter::DisplayName(
"lldap_readonly".to_string(),
"lldap_password_manager".to_string(),
)))
.await?
.is_empty()
{
warn!("Could not find readonly group, trying to create it");
warn!("Could not find password_manager group, trying to create it");
backend_handler
.create_group("lldap_readonly")
.create_group("lldap_password_manager")
.await
.context("while creating password_manager group")?;
backend_handler
.create_group("lldap_strict_readonly")
.await
.context("while creating readonly group")?;
}