mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
server: Send an email for password resets
This commit is contained in:
parent
db2b5cbae0
commit
789c8f367e
@ -23,6 +23,7 @@ use futures_util::{FutureExt, TryFutureExt};
|
|||||||
use hmac::Hmac;
|
use hmac::Hmac;
|
||||||
use jwt::{SignWithKey, VerifyWithKey};
|
use jwt::{SignWithKey, VerifyWithKey};
|
||||||
use lldap_auth::{login, registration, JWTClaims};
|
use lldap_auth::{login, registration, JWTClaims};
|
||||||
|
use log::*;
|
||||||
use sha2::Sha512;
|
use sha2::Sha512;
|
||||||
use std::collections::{hash_map::DefaultHasher, HashSet};
|
use std::collections::{hash_map::DefaultHasher, HashSet};
|
||||||
use std::hash::{Hash, Hasher};
|
use std::hash::{Hash, Hasher};
|
||||||
@ -123,12 +124,27 @@ where
|
|||||||
None => return HttpResponse::BadRequest().body("Missing user ID"),
|
None => return HttpResponse::BadRequest().body("Missing user ID"),
|
||||||
Some(id) => id,
|
Some(id) => id,
|
||||||
};
|
};
|
||||||
let _token = match data.backend_handler.start_password_reset(user_id).await {
|
let token = match data.backend_handler.start_password_reset(user_id).await {
|
||||||
Err(e) => return HttpResponse::InternalServerError().body(e.to_string()),
|
Err(e) => return HttpResponse::InternalServerError().body(e.to_string()),
|
||||||
Ok(None) => return HttpResponse::Ok().finish(),
|
Ok(None) => return HttpResponse::Ok().finish(),
|
||||||
Ok(Some(token)) => token,
|
Ok(Some(token)) => token,
|
||||||
};
|
};
|
||||||
// TODO: Send email.
|
let user = match data.backend_handler.get_user_details(user_id).await {
|
||||||
|
Err(e) => {
|
||||||
|
warn!("Error getting used details: {:#?}", e);
|
||||||
|
return HttpResponse::Ok().finish();
|
||||||
|
}
|
||||||
|
Ok(u) => u,
|
||||||
|
};
|
||||||
|
if let Err(e) = super::mail::send_password_reset_email(
|
||||||
|
&user.display_name,
|
||||||
|
&user.email,
|
||||||
|
&token,
|
||||||
|
&data.server_url,
|
||||||
|
&data.mail_options,
|
||||||
|
) {
|
||||||
|
warn!("Error sending email: {:#?}", e);
|
||||||
|
}
|
||||||
HttpResponse::Ok().finish()
|
HttpResponse::Ok().finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ use lettre::{
|
|||||||
};
|
};
|
||||||
use log::debug;
|
use log::debug;
|
||||||
|
|
||||||
pub fn send_test_email(to: Mailbox, options: &MailOptions) -> Result<()> {
|
fn send_email(to: Mailbox, subject: &str, body: String, options: &MailOptions) -> Result<()> {
|
||||||
let from = options
|
let from = options
|
||||||
.from
|
.from
|
||||||
.clone()
|
.clone()
|
||||||
@ -20,8 +20,8 @@ pub fn send_test_email(to: Mailbox, options: &MailOptions) -> Result<()> {
|
|||||||
.from(from)
|
.from(from)
|
||||||
.reply_to(reply_to)
|
.reply_to(reply_to)
|
||||||
.to(to)
|
.to(to)
|
||||||
.subject("LLDAP test email")
|
.subject(subject)
|
||||||
.body("The test is successful! You can send emails from LLDAP".to_string())?;
|
.body(body)?;
|
||||||
let creds = Credentials::new(
|
let creds = Credentials::new(
|
||||||
options.user.clone(),
|
options.user.clone(),
|
||||||
options.password.unsecure().to_string(),
|
options.password.unsecure().to_string(),
|
||||||
@ -32,3 +32,34 @@ pub fn send_test_email(to: Mailbox, options: &MailOptions) -> Result<()> {
|
|||||||
mailer.send(&email)?;
|
mailer.send(&email)?;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn send_password_reset_email(
|
||||||
|
username: &str,
|
||||||
|
to: &str,
|
||||||
|
token: &str,
|
||||||
|
domain: &str,
|
||||||
|
options: &MailOptions,
|
||||||
|
) -> Result<()> {
|
||||||
|
let to = to.parse()?;
|
||||||
|
let body = format!(
|
||||||
|
"Hello {},
|
||||||
|
This email has been sent to you in order to validate your identity.
|
||||||
|
If you did not initiate the process your credentials might have been
|
||||||
|
compromised. You should reset your password and contact an administrator.
|
||||||
|
|
||||||
|
To reset your password please visit the following URL: {}/reset-password/step2/{}
|
||||||
|
|
||||||
|
Please contact an administrator if you did not initiate the process.",
|
||||||
|
username, domain, token
|
||||||
|
);
|
||||||
|
send_email(to, "[LLDAP] Password reset requested", body, options)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn send_test_email(to: Mailbox, options: &MailOptions) -> Result<()> {
|
||||||
|
send_email(
|
||||||
|
to,
|
||||||
|
"LLDAP test email",
|
||||||
|
"The test is successful! You can send emails from LLDAP".to_string(),
|
||||||
|
options,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
@ -4,7 +4,11 @@ use crate::{
|
|||||||
handler::{BackendHandler, LoginHandler},
|
handler::{BackendHandler, LoginHandler},
|
||||||
opaque_handler::OpaqueHandler,
|
opaque_handler::OpaqueHandler,
|
||||||
},
|
},
|
||||||
infra::{auth_service, configuration::Configuration, tcp_backend_handler::*},
|
infra::{
|
||||||
|
auth_service,
|
||||||
|
configuration::{Configuration, MailOptions},
|
||||||
|
tcp_backend_handler::*,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
use actix_files::{Files, NamedFile};
|
use actix_files::{Files, NamedFile};
|
||||||
use actix_http::HttpServiceBuilder;
|
use actix_http::HttpServiceBuilder;
|
||||||
@ -46,6 +50,8 @@ fn http_config<Backend>(
|
|||||||
backend_handler: Backend,
|
backend_handler: Backend,
|
||||||
jwt_secret: secstr::SecUtf8,
|
jwt_secret: secstr::SecUtf8,
|
||||||
jwt_blacklist: HashSet<u64>,
|
jwt_blacklist: HashSet<u64>,
|
||||||
|
server_url: String,
|
||||||
|
mail_options: MailOptions,
|
||||||
) where
|
) where
|
||||||
Backend: TcpBackendHandler + BackendHandler + LoginHandler + OpaqueHandler + Sync + 'static,
|
Backend: TcpBackendHandler + BackendHandler + LoginHandler + OpaqueHandler + Sync + 'static,
|
||||||
{
|
{
|
||||||
@ -53,6 +59,8 @@ fn http_config<Backend>(
|
|||||||
backend_handler,
|
backend_handler,
|
||||||
jwt_key: Hmac::new_varkey(jwt_secret.unsecure().as_bytes()).unwrap(),
|
jwt_key: Hmac::new_varkey(jwt_secret.unsecure().as_bytes()).unwrap(),
|
||||||
jwt_blacklist: RwLock::new(jwt_blacklist),
|
jwt_blacklist: RwLock::new(jwt_blacklist),
|
||||||
|
server_url,
|
||||||
|
mail_options,
|
||||||
}))
|
}))
|
||||||
// Serve index.html and main.js, and default to index.html.
|
// Serve index.html and main.js, and default to index.html.
|
||||||
.route(
|
.route(
|
||||||
@ -76,6 +84,8 @@ pub(crate) struct AppState<Backend> {
|
|||||||
pub backend_handler: Backend,
|
pub backend_handler: Backend,
|
||||||
pub jwt_key: Hmac<Sha512>,
|
pub jwt_key: Hmac<Sha512>,
|
||||||
pub jwt_blacklist: RwLock<HashSet<u64>>,
|
pub jwt_blacklist: RwLock<HashSet<u64>>,
|
||||||
|
pub server_url: String,
|
||||||
|
pub mail_options: MailOptions,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn build_tcp_server<Backend>(
|
pub async fn build_tcp_server<Backend>(
|
||||||
@ -91,15 +101,26 @@ where
|
|||||||
.get_jwt_blacklist()
|
.get_jwt_blacklist()
|
||||||
.await
|
.await
|
||||||
.context("while getting the jwt blacklist")?;
|
.context("while getting the jwt blacklist")?;
|
||||||
|
let server_url = config.http_url.clone();
|
||||||
|
let mail_options = config.smtp_options.clone();
|
||||||
server_builder
|
server_builder
|
||||||
.bind("http", ("0.0.0.0", config.http_port), move || {
|
.bind("http", ("0.0.0.0", config.http_port), move || {
|
||||||
let backend_handler = backend_handler.clone();
|
let backend_handler = backend_handler.clone();
|
||||||
let jwt_secret = jwt_secret.clone();
|
let jwt_secret = jwt_secret.clone();
|
||||||
let jwt_blacklist = jwt_blacklist.clone();
|
let jwt_blacklist = jwt_blacklist.clone();
|
||||||
|
let server_url = server_url.clone();
|
||||||
|
let mail_options = mail_options.clone();
|
||||||
HttpServiceBuilder::new()
|
HttpServiceBuilder::new()
|
||||||
.finish(map_config(
|
.finish(map_config(
|
||||||
App::new().configure(move |cfg| {
|
App::new().configure(move |cfg| {
|
||||||
http_config(cfg, backend_handler, jwt_secret, jwt_blacklist)
|
http_config(
|
||||||
|
cfg,
|
||||||
|
backend_handler,
|
||||||
|
jwt_secret,
|
||||||
|
jwt_blacklist,
|
||||||
|
server_url,
|
||||||
|
mail_options,
|
||||||
|
)
|
||||||
}),
|
}),
|
||||||
|_| AppConfig::default(),
|
|_| AppConfig::default(),
|
||||||
))
|
))
|
||||||
|
Loading…
Reference in New Issue
Block a user