server: Migrate from lldap_readonly to lldap_strict_readonly

2023-04-12 14:25:13 +00:00 · 2022-07-08 17:34:22 +02:00 · 2022-07-08 17:34:22 +02:00 · 500a441df7
commit 500a441df7
parent 6701027002
4 changed files with 89 additions and 57 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1959,7 +1959,7 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"

 [[package]]
 name = "lldap"
-version = "0.3.0-rc.1"
+version = "0.3.0"
 dependencies = [
 "actix",
 "actix-files",
@ -2022,7 +2022,7 @@ dependencies = [

 [[package]]
 name = "lldap_app"
-version = "0.3.0-alpha.1"
+version = "0.3.0"
 dependencies = [
 "anyhow",
 "chrono",
@ -2035,7 +2035,7 @@ dependencies = [
 "serde",
 "serde_json",
 "validator",
- "validator_derive 0.15.0",
+ "validator_derive",
 "wasm-bindgen",
 "web-sys",
 "yew",
@ -3973,7 +3973,7 @@ dependencies = [
 "serde_derive",
 "serde_json",
 "url",
- "validator_types 0.14.0",
+ "validator_types",
 ]

 [[package]]
@ -3989,23 +3989,7 @@ dependencies = [
 "quote",
 "regex",
 "syn",
- "validator_types 0.14.0",
-]
-
-[[package]]
-name = "validator_derive"
-version = "0.15.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea7ed5e8cf2b6bdd64a6c4ce851da25388a89327b17b88424ceced6bd5017923"
-dependencies = [
- "if_chain",
- "lazy_static",
- "proc-macro-error",
- "proc-macro2",
- "quote",
- "regex",
- "syn",
- "validator_types 0.15.0",
+ "validator_types",
 ]

 [[package]]
@ -4018,16 +4002,6 @@ dependencies = [
 "syn",
 ]

-[[package]]
-name = "validator_types"
-version = "0.15.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2ddf34293296847abfc1493b15c6e2f5d3cd19f57ad7d22673bf4c6278da329"
-dependencies = [
- "proc-macro2",
- "syn",
-]
-
 [[package]]
 name = "valuable"
 version = "0.1.0"
@ -4346,7 +4320,7 @@ version = "0.1.8"
 source = "git+https://github.com/sassman/yew_form/?rev=67050812695b7a8a90b81b0637e347fc6629daed#67050812695b7a8a90b81b0637e347fc6629daed"
 dependencies = [
 "validator",
- "validator_derive 0.14.0",
+ "validator_derive",
 "yew",
 ]

--- a/server/src/domain/sql_backend_handler.rs
+++ b/server/src/domain/sql_backend_handler.rs
@ -463,24 +463,7 @@ impl BackendHandler for SqlBackendHandler {
    #[instrument(skip_all, level = "debug", ret, err)]
    async fn create_group(&self, group_name: &str) -> Result<GroupId> {
        debug!(?group_name);
-        let now = chrono::Utc::now();
-        let (query, values) = Query::insert()
-            .into_table(Groups::Table)
-            .columns(vec![
-                Groups::DisplayName,
-                Groups::CreationDate,
-                Groups::Uuid,
-            ])
-            .values_panic(vec![
-                group_name.into(),
-                now.naive_utc().into(),
-                Uuid::from_name_and_date(group_name, &now).into(),
-            ])
-            .build_sqlx(DbQueryBuilder {});
-        debug!(%query);
-        query_with(query.as_str(), values)
-            .execute(&self.sql_pool)
-            .await?;
+        crate::domain::sql_tables::create_group(group_name, &self.sql_pool).await?;
        let (query, values) = Query::select()
            .column(Groups::GroupId)
            .from(Groups::Table)
--- a/server/src/domain/sql_tables.rs
+++ b/server/src/domain/sql_tables.rs
@ -1,7 +1,8 @@
 use super::handler::{GroupId, UserId, Uuid};
 use sea_query::*;
+use sea_query_binder::SqlxBinder;
 use sqlx::Row;
-use tracing::warn;
+use tracing::{debug, warn};

 pub type Pool = sqlx::sqlite::SqlitePool;
 pub type PoolOptions = sqlx::sqlite::SqlitePoolOptions;
@ -83,6 +84,28 @@ async fn column_exists(pool: &Pool, table_name: &str, column_name: &str) -> sqlx
        > 0)
 }

+pub async fn create_group(group_name: &str, pool: &Pool) -> sqlx::Result<()> {
+    let now = chrono::Utc::now();
+    let (query, values) = Query::insert()
+        .into_table(Groups::Table)
+        .columns(vec![
+            Groups::DisplayName,
+            Groups::CreationDate,
+            Groups::Uuid,
+        ])
+        .values_panic(vec![
+            group_name.into(),
+            now.naive_utc().into(),
+            Uuid::from_name_and_date(group_name, &now).into(),
+        ])
+        .build_sqlx(DbQueryBuilder {});
+    debug!(%query);
+    sqlx::query_with(query.as_str(), values)
+        .execute(pool)
+        .await
+        .map(|_| ())
+}
+
 pub async fn init_table(pool: &Pool) -> sqlx::Result<()> {
    // SQLite needs this pragma to be turned on. Other DB might not understand this, so ignore the
    // error.
@ -298,6 +321,29 @@ pub async fn init_table(pool: &Pool) -> sqlx::Result<()> {
    .execute(pool)
    .await?;

+    if sqlx::query(
+        &Query::select()
+            .from(Groups::Table)
+            .column(Groups::DisplayName)
+            .cond_where(Expr::col(Groups::DisplayName).eq("lldap_readonly"))
+            .to_string(DbQueryBuilder {}),
+    )
+    .fetch_one(pool)
+    .await
+    .is_ok()
+    {
+        sqlx::query(
+            &Query::update()
+                .table(Groups::Table)
+                .values(vec![(Groups::DisplayName, "lldap_password_manager".into())])
+                .cond_where(Expr::col(Groups::DisplayName).eq("lldap_readonly"))
+                .to_string(DbQueryBuilder {}),
+        )
+        .execute(pool)
+        .await?;
+        create_group("lldap_strict_readonly", pool).await?
+    }
+
    Ok(())
 }

@ -349,14 +395,21 @@ mod tests {
        .execute(&sql_pool)
        .await
        .unwrap();
-        sqlx::query(r#"CREATE TABLE groups ( group_id int, display_name TEXT );"#)
+        sqlx::query(r#"CREATE TABLE groups ( group_id INTEGER PRIMARY KEY, display_name TEXT );"#)
            .execute(&sql_pool)
            .await
            .unwrap();
+        sqlx::query(
+            r#"INSERT INTO groups (display_name)
+                      VALUES ("lldap_admin"), ("lldap_readonly")"#,
+        )
+        .execute(&sql_pool)
+        .await
+        .unwrap();
        init_table(&sql_pool).await.unwrap();
        sqlx::query(
-            r#"INSERT INTO groups (group_id, display_name, creation_date, uuid)
-                      VALUES (3, "test", "1970-01-01 00:00:00", "abc")"#,
+            r#"INSERT INTO groups (display_name, creation_date, uuid)
+                      VALUES ("test", "1970-01-01 00:00:00", "abc")"#,
        )
        .execute(&sql_pool)
        .await
@ -371,5 +424,23 @@ mod tests {
                .collect::<Vec<_>>(),
            vec![crate::uuid!("a02eaf13-48a7-30f6-a3d4-040ff7c52b04")]
        );
+        assert_eq!(
+            sqlx::query(r#"SELECT group_id, display_name FROM groups"#)
+                .fetch_all(&sql_pool)
+                .await
+                .unwrap()
+                .into_iter()
+                .map(|row| (
+                    row.get::<GroupId, _>("group_id"),
+                    row.get::<String, _>("display_name")
+                ))
+                .collect::<Vec<_>>(),
+            vec![
+                (GroupId(1), "lldap_admin".to_string()),
+                (GroupId(2), "lldap_password_manager".to_string()),
+                (GroupId(3), "lldap_strict_readonly".to_string()),
+                (GroupId(4), "test".to_string())
+            ]
+        );
    }
 }
--- a/server/src/main.rs
+++ b/server/src/main.rs
@ -68,14 +68,18 @@ async fn set_up_server(config: Configuration) -> Result<ServerBuilder> {
    }
    if backend_handler
        .list_groups(Some(GroupRequestFilter::DisplayName(
-            "lldap_readonly".to_string(),
+            "lldap_password_manager".to_string(),
        )))
        .await?
        .is_empty()
    {
-        warn!("Could not find readonly group, trying to create it");
+        warn!("Could not find password_manager group, trying to create it");
        backend_handler
-            .create_group("lldap_readonly")
+            .create_group("lldap_password_manager")
+            .await
+            .context("while creating password_manager group")?;
+        backend_handler
+            .create_group("lldap_strict_readonly")
            .await
            .context("while creating readonly group")?;
    }