mirror/lldap
1
0
Fork 0
mirror of https://github.com/nitnelave/lldap.git synced 2023-04-12 14:25:13 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:main
Branches Tags
mirror:main
mirror:random
mirror:feature/integration
mirror:urldecode
mirror:haveibeenpwned
mirror:v1
mirror:v0.4.3
mirror:v0.4.2
mirror:v0.4.1
mirror:v0.4.0
mirror:v0.3.0
mirror:v0.2.0
mirror:v0.0.1
..
compare: mirror:v0.4.0
Branches Tags
mirror:random
mirror:main
mirror:feature/integration
mirror:urldecode
mirror:haveibeenpwned
mirror:v1
mirror:v0.4.3
mirror:v0.4.2
mirror:v0.4.1
mirror:v0.4.0
mirror:v0.3.0
mirror:v0.2.0
mirror:v0.0.1

No commits in common. "main" and "v0.4.0" have entirely different histories.
main ... v0.4.0

147 changed files with 6099 additions and 11715 deletions
Show Stats Expand all files Collapse all files

2
.config/nextest.toml
View File

@ -1,2 +0,0 @@
[profile.default]
fail-fast = false

24
.devcontainer/Dockerfile
View File

@ -1,24 +0,0 @@
FROM rust:1.66
ARG USERNAME=lldapdev
ARG USER_UID=1000
ARG USER_GID=$USER_UID
# Create the user
RUN groupadd --gid $USER_GID $USERNAME \
&& useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
&& apt-get update \
&& apt-get install -y sudo \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME
RUN apt update && \
apt install -y --no-install-recommends libssl-dev musl-dev make perl curl gzip && \
rm -rf /var/lib/apt/lists/*
RUN RUSTFLAGS=-Ctarget-feature=-crt-static cargo install wasm-pack \
&& rustup target add wasm32-unknown-unknown
USER $USERNAME
ENV CARGO_HOME=/home/$USERNAME/.cargo
ENV SHELL=/bin/bash

8
.devcontainer/devcontainer.json
View File

@ -1,8 +0,0 @@
{
"name": "LLDAP dev",
"build": { "dockerfile": "Dockerfile" },
"forwardPorts": [
3890,
17170
]
}

6
.dockerignore
View File

@ -2,7 +2,6 @@
.git/* .git/*
.github/* .github/*
.gitignore .gitignore
.gitattributes
# Don't track cargo generated files # Don't track cargo generated files
target/* target/*
@ -18,7 +17,6 @@ Dockerfile
*.md *.md
LICENSE LICENSE
CHANGELOG.md CHANGELOG.md
README.md
docs/* docs/*
example_configs/* example_configs/*
@ -30,10 +28,6 @@ package.json
# Pre-build binaries # Pre-build binaries
*.tar.gz *.tar.gz
# VSCode dirs
.vscode
.devcontainer
# Various config files that shouldn't be tracked # Various config files that shouldn't be tracked
.env .env
lldap_config.toml lldap_config.toml

10
.gitattributes vendored
View File

@ -1,10 +0,0 @@
example-configs/** linguist-documentation
docs/** linguist-documentation
*.md linguist-documentation
lldap_config.docker_template.toml linguist-documentation
schema.graphql linguist-generated
.github/** -linguist-detectable
.devcontainer/** -linguist-detectable
.config/** -linguist-detectable

1
.github/CODEOWNERS vendored
View File

@ -1 +0,0 @@
* @nitnelave

2
.github/codecov.yml vendored
View File

@ -10,5 +10,3 @@ ignore:
- "docs" - "docs"
- "example_configs" - "example_configs"
- "migration-tool" - "migration-tool"
- "scripts"
- "set-password"

35
.github/workflows/Dockerfile.ci.debian → .github/workflows/Dockerfile.ci vendored
View File

@ -10,34 +10,28 @@ RUN mkdir -p target/
RUN mkdir -p /lldap/app RUN mkdir -p /lldap/app
RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \
mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ mv bin/amd64-bin/lldap target/lldap && \
mv bin/x86_64-unknown-linux-musl-migration-tool-bin/migration-tool target/migration-tool && \ mv bin/amd64-bin/migration-tool target/migration-tool && \
mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \
chmod +x target/lldap && \ chmod +x target/lldap && \
chmod +x target/migration-tool && \ chmod +x target/migration-tool && \
chmod +x target/lldap_set_password && \
ls -la target/ . && \ ls -la target/ . && \
pwd \ pwd \
; fi ; fi
RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \
mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ mv bin/aarch64-bin/lldap target/lldap && \
mv bin/aarch64-unknown-linux-musl-migration-tool-bin/migration-tool target/migration-tool && \ mv bin/aarch64-bin/migration-tool target/migration-tool && \
mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \
chmod +x target/lldap && \ chmod +x target/lldap && \
chmod +x target/migration-tool && \ chmod +x target/migration-tool && \
chmod +x target/lldap_set_password && \
ls -la target/ . && \ ls -la target/ . && \
pwd \ pwd \
; fi ; fi
RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \
mv bin/armv7-unknown-linux-gnueabihf-lldap-bin/lldap target/lldap && \ mv bin/armhf-bin/lldap target/lldap && \
mv bin/armv7-unknown-linux-gnueabihf-migration-tool-bin/migration-tool target/migration-tool && \ mv bin/armhf-bin/migration-tool target/migration-tool && \
mv bin/armv7-unknown-linux-gnueabihf-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \
chmod +x target/lldap && \ chmod +x target/lldap && \
chmod +x target/migration-tool && \ chmod +x target/migration-tool && \
chmod +x target/lldap_set_password && \
ls -la target/ . && \ ls -la target/ . && \
pwd \ pwd \
; fi ; fi
@ -45,35 +39,30 @@ RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \
# Web and App dir # Web and App dir
COPY docker-entrypoint.sh /docker-entrypoint.sh COPY docker-entrypoint.sh /docker-entrypoint.sh
COPY lldap_config.docker_template.toml /lldap/ COPY lldap_config.docker_template.toml /lldap/
COPY web/index_local.html web/index.html
RUN cp target/lldap /lldap/ && \ RUN cp target/lldap /lldap/ && \
cp target/migration-tool /lldap/ && \ cp target/migration-tool /lldap/ && \
cp target/lldap_set_password /lldap/ && \
cp -R web/index.html \ cp -R web/index.html \
web/pkg \ web/pkg \
web/static \ web/static \
/lldap/app/ /lldap/app/
WORKDIR /lldap
RUN set -x \ RUN set -x \
&& for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \
&& for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \
&& chmod a+r -R . && chmod a+r -R .
FROM debian:bullseye-slim FROM debian:bullseye
ENV UID=1000 ENV UID=1000
ENV GID=1000 ENV GID=1000
ENV USER=lldap ENV USER=lldap
RUN apt update && \ RUN apt update && \
apt install -y --no-install-recommends tini openssl ca-certificates gosu tzdata && \ apt install -y --no-install-recommends tini ca-certificates && \
apt clean && \ apt clean && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER && \ groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER
mkdir -p /data && chown $USER:$USER /data COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /lldap /app
COPY --from=lldap --chown=$USER:$USER /lldap /app COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /docker-entrypoint.sh /docker-entrypoint.sh
COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh
VOLUME ["/data"]
WORKDIR /app WORKDIR /app
USER $USER
ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
CMD ["run", "--config-file", "/data/lldap_config.toml"] CMD ["run", "--config-file", "/data/lldap_config.toml"]
HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"]

114
.github/workflows/Dockerfile.ci.alpine vendored
View File

@ -1,114 +0,0 @@
FROM debian:bullseye AS lldap
ARG DEBIAN_FRONTEND=noninteractive
ARG TARGETPLATFORM
RUN apt update && apt install -y wget
WORKDIR /dim
COPY bin/ bin/
COPY web/ web/
RUN mkdir -p target/
RUN mkdir -p /lldap/app
RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \
mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap target/lldap && \
mv bin/x86_64-unknown-linux-musl-migration-tool-bin/migration-tool target/migration-tool && \
mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \
chmod +x target/lldap && \
chmod +x target/migration-tool && \
chmod +x target/lldap_set_password && \
ls -la target/ . && \
pwd \
; fi
RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \
mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap target/lldap && \
mv bin/aarch64-unknown-linux-musl-migration-tool-bin/migration-tool target/migration-tool && \
mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \
chmod +x target/lldap && \
chmod +x target/migration-tool && \
chmod +x target/lldap_set_password && \
ls -la target/ . && \
pwd \
; fi
RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \
mv bin/armv7-unknown-linux-gnueabihf-lldap-bin/lldap target/lldap && \
mv bin/armv7-unknown-linux-gnueabihf-migration-tool-bin/migration-tool target/migration-tool && \
mv bin/armv7-unknown-linux-gnueabihf-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \
chmod +x target/lldap && \
chmod +x target/migration-tool && \
chmod +x target/lldap_set_password && \
ls -la target/ . && \
pwd \
; fi
# Web and App dir
COPY docker-entrypoint.sh /docker-entrypoint.sh
COPY lldap_config.docker_template.toml /lldap/
COPY web/index_local.html web/index.html
RUN cp target/lldap /lldap/ && \
cp target/migration-tool /lldap/ && \
cp target/lldap_set_password /lldap/ && \
cp -R web/index.html \
web/pkg \
web/static \
/lldap/app/
WORKDIR /lldap
RUN set -x \
&& for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \
&& for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \
&& chmod a+r -R .
FROM alpine:3.16
WORKDIR /app
ENV UID=1000
ENV GID=1000
ENV USER=lldap
ENV GOSU_VERSION 1.14
# Fetch gosu from git
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf && gpgconf --kill all || :; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN apk add --no-cache tini ca-certificates bash tzdata && \
addgroup -g $GID $USER && \
adduser \
--disabled-password \
--gecos "" \
--home "$(pwd)" \
--ingroup "$USER" \
--no-create-home \
--uid "$UID" \
"$USER" && \
mkdir -p /data && \
chown $USER:$USER /data
COPY --from=lldap --chown=$USER:$USER /lldap /app
COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh
VOLUME ["/data"]
WORKDIR /app
ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
CMD ["run", "--config-file", "/data/lldap_config.toml"]
HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"]

45
.github/workflows/Dockerfile.dev vendored
View File

@ -1,45 +0,0 @@
# Keep tracking base image
FROM rust:1.66-slim-bullseye
# Set needed env path
ENV PATH="/opt/aarch64-linux-musl-cross/:/opt/aarch64-linux-musl-cross/bin/:/opt/x86_64-linux-musl-cross/:/opt/x86_64-linux-musl-cross/bin/:$PATH"
### Install build deps x86_64
RUN apt update && \
apt install -y --no-install-recommends curl git wget build-essential make perl pkg-config curl tar jq musl-tools gzip && \
curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - && \
apt update && \
apt install -y --no-install-recommends nodejs && \
apt clean && \
rm -rf /var/lib/apt/lists/*
### Install build deps aarch64 build
RUN dpkg --add-architecture arm64 && \
apt update && \
apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross gzip && \
apt clean && \
rm -rf /var/lib/apt/lists/* && \
rustup target add aarch64-unknown-linux-gnu
### armhf deps
RUN dpkg --add-architecture armhf && \
apt update && \
apt install -y gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf libc6-armhf-cross libc6-dev-armhf-cross gzip && \
apt clean && \
rm -rf /var/lib/apt/lists/* && \
rustup target add armv7-unknown-linux-gnueabihf
### Add musl-gcc aarch64 and x86_64
RUN wget -c https://musl.cc/x86_64-linux-musl-cross.tgz && \
tar zxf ./x86_64-linux-musl-cross.tgz -C /opt && \
wget -c https://musl.cc/aarch64-linux-musl-cross.tgz && \
tar zxf ./aarch64-linux-musl-cross.tgz -C /opt && \
rm ./x86_64-linux-musl-cross.tgz && \
rm ./aarch64-linux-musl-cross.tgz
### Add musl target
RUN rustup target add x86_64-unknown-linux-musl && \
rustup target add aarch64-unknown-linux-musl
CMD ["bash"]

659
.github/workflows/docker-build-static.yml vendored
View File

@ -1,659 +0,0 @@
name: Docker Static
on:
push:
branches:
- 'main'
paths-ignore:
- 'docs/**'
- 'example_configs/**'
release:
types:
- 'published'
pull_request:
branches:
- 'main'
paths-ignore:
- 'docs/**'
- 'example_configs/**'
workflow_dispatch:
inputs:
msg:
description: "Set message"
default: "Manual trigger"
env:
CARGO_TERM_COLOR: always
### CI Docs
# build-ui , create/compile the web
### install wasm
### install rollup
### run app/build.sh
### upload artifacts
# build-bin
## build-armhf, build-aarch64, build-amd64 , create binary for respective arch
#######################################################################################
# GitHub actions randomly timeout when downloading musl-gcc, using custom dev image #
# Look into .github/workflows/Dockerfile.dev for development image details #
# Using lldap dev image based on https://hub.docker.com/_/rust and musl-gcc bundled #
#######################################################################################
### Cargo build
### aarch64 and amd64 is musl based
### armv7 is glibc based, musl had issue with time_t when cross compile https://github.com/rust-lang/libc/issues/1848
# build-ui,builds-armhf, build-aarch64, build-amd64 will upload artifacts will be used next job
# lldap-test
### will run lldap with postgres, mariadb and sqlite backend, do selfcheck command.
# Build docker image
### Triplet docker image arch with debian base
### amd64 & aarch64 with alpine base
# build-docker-image job will fetch artifacts and run Dockerfile.ci then push the image.
### Look into .github/workflows/Dockerfile.ci.debian or .github/workflowds/Dockerfile.ci.alpine
# create release artifacts
### Fetch artifacts
### Clean up web artifact
### Setup folder structure
### Compress
### Upload
# cache based on Cargo.lock per cargo target
jobs:
pre_job:
continue-on-error: true
runs-on: ubuntu-latest
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'outdated_runs'
skip_after_successful_duplicate: ${{ github.ref != 'refs/heads/main' }}
paths_ignore: '["**/*.md", "**/docs/**", "example_configs/**", "*.sh", ".gitignore", "lldap_config.docker_template.toml"]'
do_not_skip: '["workflow_dispatch", "schedule"]'
cancel_others: true
build-ui:
runs-on: ubuntu-latest
needs: pre_job
if: ${{ needs.pre_job.outputs.should_skip != 'true' || github.event_name == 'release' }}
container:
image: nitnelave/rust-dev:latest
steps:
- name: Checkout repository
uses: actions/checkout@v3.5.0
- uses: actions/cache@v3
with:
path: |
/usr/local/cargo/bin
/usr/local/cargo/registry/index
/usr/local/cargo/registry/cache
/usr/local/cargo/git/db
target
key: lldap-ui-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
lldap-ui-
- name: Install rollup (nodejs)
run: npm install -g rollup
- name: Add wasm target (rust)
run: rustup target add wasm32-unknown-unknown
- name: Install wasm-pack with cargo
run: cargo install wasm-pack || true
env:
RUSTFLAGS: ""
- name: Build frontend
run: ./app/build.sh
- name: Check build path
run: ls -al app/
- name: Upload ui artifacts
uses: actions/upload-artifact@v3
with:
name: ui
path: app/
build-bin:
runs-on: ubuntu-latest
needs: pre_job
if: ${{ needs.pre_job.outputs.should_skip != 'true' || github.event_name == 'release' }}
strategy:
matrix:
target: [armv7-unknown-linux-gnueabihf, aarch64-unknown-linux-musl, x86_64-unknown-linux-musl]
container:
image: nitnelave/rust-dev:latest
env:
CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER: aarch64-linux-musl-gcc
CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER: x86_64-linux-musl-gcc
CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=+crt-static
CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo
steps:
- name: Checkout repository
uses: actions/checkout@v3.5.0
- uses: actions/cache@v3
with:
path: |
.cargo/bin
.cargo/registry/index
.cargo/registry/cache
.cargo/git/db
target
key: lldap-bin-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
lldap-bin-${{ matrix.target }}-
- name: Compile ${{ matrix.target }} lldap and tools
run: cargo build --target=${{ matrix.target }} --release -p lldap -p migration-tool -p lldap_set_password
- name: Check path
run: ls -al target/release
- name: Upload ${{ matrix.target}} lldap artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.target}}-lldap-bin
path: target/${{ matrix.target }}/release/lldap
- name: Upload ${{ matrix.target }} migration tool artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.target }}-migration-tool-bin
path: target/${{ matrix.target }}/release/migration-tool
- name: Upload ${{ matrix.target }} password tool artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.target }}-lldap_set_password-bin
path: target/${{ matrix.target }}/release/lldap_set_password
lldap-database-init-test:
needs: [build-ui,build-bin]
name: LLDAP database init test
runs-on: ubuntu-latest
services:
mariadb:
image: mariadb:latest
ports:
- 3306:3306
env:
MARIADB_USER: lldapuser
MARIADB_PASSWORD: lldappass
MARIADB_DATABASE: lldap
MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: 1
options: >-
--name mariadb
--health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
postgresql:
image: postgres:latest
ports:
- 5432:5432
env:
POSTGRES_USER: lldapuser
POSTGRES_PASSWORD: lldappass
POSTGRES_DB: lldap
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--name postgresql
steps:
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: x86_64-unknown-linux-musl-lldap-bin
path: bin/
- name: Set executables to LLDAP
run: chmod +x bin/lldap
- name: Run lldap with postgres DB and healthcheck
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: postgres://lldapuser:lldappass@localhost/lldap
LLDAP_ldap_port: 3890
LLDAP_http_port: 17170
- name: Run lldap with mariadb DB (MySQL Compatible) and healthcheck
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: mysql://lldapuser:lldappass@localhost/lldap
LLDAP_ldap_port: 3891
LLDAP_http_port: 17171
- name: Run lldap with sqlite DB and healthcheck
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: sqlite://users.db?mode=rwc
LLDAP_ldap_port: 3892
LLDAP_http_port: 17172
- name: Check DB container logs
run: |
docker logs -n 20 mariadb
docker logs -n 20 postgresql
lldap-database-migration-test:
needs: [build-ui,build-bin]
name: LLDAP database migration test
runs-on: ubuntu-latest
services:
postgresql:
image: postgres:latest
ports:
- 5432:5432
env:
POSTGRES_USER: lldapuser
POSTGRES_PASSWORD: lldappass
POSTGRES_DB: lldap
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--name postgresql
mariadb:
image: mariadb:latest
ports:
- 3306:3306
env:
MARIADB_USER: lldapuser
MARIADB_PASSWORD: lldappass
MARIADB_DATABASE: lldap
MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: 1
options: >-
--name mariadb
--health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
mysql:
image: mysql:latest
ports:
- 3307:3306
env:
MYSQL_USER: lldapuser
MYSQL_PASSWORD: lldappass
MYSQL_DATABASE: lldap
MYSQL_ALLOW_EMPTY_PASSWORD: 1
options: >-
--name mysql
--health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
steps:
- name: Download LLDAP artifacts
uses: actions/download-artifact@v3
with:
name: x86_64-unknown-linux-musl-lldap-bin
path: bin/
- name: Download LLDAP set password
uses: actions/download-artifact@v3
with:
name: x86_64-unknown-linux-musl-lldap_set_password-bin
path: bin/
- name: Set executables to LLDAP and LLDAP set password
run: |
chmod +x bin/lldap
chmod +x bin/lldap_set_password
- name: Install sqlite3 and ldap-utils for exporting and searching dummy user
run: sudo apt update && sudo apt install -y sqlite3 ldap-utils
- name: Run lldap with sqlite DB and healthcheck
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: sqlite://users.db?mode=rwc
LLDAP_ldap_port: 3890
LLDAP_http_port: 17170
LLDAP_LDAP_USER_PASS: ldappass
LLDAP_JWT_SECRET: somejwtsecret
- name: Create dummy user
run: |
TOKEN=$(curl -X POST -H "Content-Type: application/json" -d '{"username": "admin", "password": "ldappass"}' http://localhost:17170/auth/simple/login | jq -r .token)
echo "$TOKEN"
curl 'http://localhost:17170/api/graphql' -H 'Content-Type: application/json' -H "Authorization: Bearer ${TOKEN//[$'\t\r\n ']}" --data-binary '{"query":"mutation{\n createUser(user:\n {\n id: \"dummyuser\",\n email: \"dummyuser@example.com\"\n }\n )\n {\n id\n email\n }\n}\n\n\n"}' --compressed
bin/lldap_set_password --base-url http://localhost:17170 --admin-username admin --admin-password ldappass --token $TOKEN --username dummyuser --password dummypassword
- name: Test Dummy User, This will be checked again after importing
run: |
ldapsearch -H ldap://localhost:3890 -LLL -D "uid=dummyuser,ou=people,dc=example,dc=com" -w 'dummypassword' -s "One" -b "ou=people,dc=example,dc=com"
- name: Stop LLDAP sqlite
run: pkill lldap
- name: Export and Converting to Postgress
run: |
curl -L https://raw.githubusercontent.com/lldap/lldap/main/scripts/sqlite_dump_commands.sh -o helper.sh
chmod +x ./helper.sh
./helper.sh | sqlite3 ./users.db > ./dump.sql
sed -i -r -e "s/X'([[:xdigit:]]+'[^'])/'\\\x\\1/g" -e '1s/^/BEGIN;\n/' -e '$aCOMMIT;' ./dump.sql
- name: Create schema on postgres
run: |
bin/lldap create_schema -d postgres://lldapuser:lldappass@localhost:5432/lldap
- name: Copy converted db to postgress and import
run: |
docker ps -a
docker cp ./dump.sql postgresql:/tmp/dump.sql
docker exec postgresql bash -c "psql -U lldapuser -d lldap < /tmp/dump.sql"
rm ./dump.sql
- name: Export and Converting to mariadb
run: |
curl -L https://raw.githubusercontent.com/lldap/lldap/main/scripts/sqlite_dump_commands.sh -o helper.sh
chmod +x ./helper.sh
./helper.sh | sqlite3 ./users.db > ./dump.sql
cp ./dump.sql ./dump-no-sed.sql
sed -i -r -e "s/([^']'[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{9})\+00:00'([^'])/\1'\2/g" \-e 's/^INSERT INTO "?([a-zA-Z0-9_]+)"?/INSERT INTO `\1`/' -e '1s/^/START TRANSACTION;\n/' -e '$aCOMMIT;' ./dump.sql
sed -i '1 i\SET FOREIGN_KEY_CHECKS = 0;' ./dump.sql
- name: Create schema on mariadb
run: bin/lldap create_schema -d mysql://lldapuser:lldappass@localhost:3306/lldap
- name: Copy converted db to mariadb and import
run: |
docker ps -a
docker cp ./dump.sql mariadb:/tmp/dump.sql
docker exec mariadb bash -c "mariadb -ulldapuser -plldappass -f lldap < /tmp/dump.sql"
rm ./dump.sql
- name: Export and Converting to mysql
run: |
curl -L https://raw.githubusercontent.com/lldap/lldap/main/scripts/sqlite_dump_commands.sh -o helper.sh
chmod +x ./helper.sh
./helper.sh | sqlite3 ./users.db > ./dump.sql
sed -i -r -e 's/^INSERT INTO "?([a-zA-Z0-9_]+)"?/INSERT INTO `\1`/' -e '1s/^/START TRANSACTION;\n/' -e '$aCOMMIT;' ./dump.sql
sed -i '1 i\SET FOREIGN_KEY_CHECKS = 0;' ./dump.sql
- name: Create schema on mysql
run: bin/lldap create_schema -d mysql://lldapuser:lldappass@localhost:3307/lldap
- name: Copy converted db to mysql and import
run: |
docker ps -a
docker cp ./dump.sql mysql:/tmp/dump.sql
docker exec mysql bash -c "mysql -ulldapuser -plldappass -f lldap < /tmp/dump.sql"
rm ./dump.sql
- name: Run lldap with postgres DB and healthcheck again
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: postgres://lldapuser:lldappass@localhost:5432/lldap
LLDAP_ldap_port: 3891
LLDAP_http_port: 17171
LLDAP_LDAP_USER_PASS: ldappass
LLDAP_JWT_SECRET: somejwtsecret
- name: Run lldap with mariaDB and healthcheck again
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: mysql://lldapuser:lldappass@localhost:3306/lldap
LLDAP_ldap_port: 3892
LLDAP_http_port: 17172
LLDAP_JWT_SECRET: somejwtsecret
- name: Run lldap with mysql and healthcheck again
run: |
bin/lldap run &
sleep 10s
bin/lldap healthcheck
env:
LLDAP_database_url: mysql://lldapuser:lldappass@localhost:3307/lldap
LLDAP_ldap_port: 3893
LLDAP_http_port: 17173
LLDAP_JWT_SECRET: somejwtsecret
- name: Test Dummy User
run: |
ldapsearch -H ldap://localhost:3891 -LLL -D "uid=dummyuser,ou=people,dc=example,dc=com" -w 'dummypassword' -s "One" -b "ou=people,dc=example,dc=com"
ldapsearch -H ldap://localhost:3892 -LLL -D "uid=dummyuser,ou=people,dc=example,dc=com" -w 'dummypassword' -s "One" -b "ou=people,dc=example,dc=com"
ldapsearch -H ldap://localhost:3893 -LLL -D "uid=dummyuser,ou=people,dc=example,dc=com" -w 'dummypassword' -s "One" -b "ou=people,dc=example,dc=com"
build-docker-image:
needs: [build-ui, build-bin]
name: Build Docker image
runs-on: ubuntu-latest
strategy:
matrix:
container: ["debian","alpine"]
include:
- container: alpine
platforms: linux/amd64,linux/arm64
tags: |
type=ref,event=pr
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{version}},suffix=
type=semver,pattern=v{{major}},suffix=
type=semver,pattern=v{{major}}.{{minor}},suffix=
type=raw,value=latest,enable={{ is_default_branch }}
type=raw,value=stable,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
type=raw,value=stable,enable=${{ startsWith(github.ref, 'refs/tags/v') }},suffix=
type=raw,value=latest,enable={{ is_default_branch }},suffix=
- container: debian
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
type=ref,event=pr
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}
type=semver,pattern=v{{major}}.{{minor}}
type=raw,value=latest,enable={{ is_default_branch }}
type=raw,value=stable,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3.5.0
- name: Download all artifacts
uses: actions/download-artifact@v3
with:
path: bin
- name: Download llap ui artifacts
uses: actions/download-artifact@v3
with:
name: ui
path: web
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: Docker ${{ matrix.container }} meta
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
nitnelave/lldap
lldap/lldap
ghcr.io/lldap/lldap
# Wanted Docker tags
# vX-alpine
# vX.Y-alpine
# vX.Y.Z-alpine
# latest
# latest-alpine
# stable
# stable-alpine
#################
# vX-debian
# vX.Y-debian
# vX.Y.Z-debian
# latest-debian
# stable-debian
#################
# Check matrix for tag list definition
flavor: |
latest=false
suffix=-${{ matrix.container }}
tags: ${{ matrix.tags }}
# Docker login to nitnelave/lldap and lldap/lldap
- name: Login to Nitnelave/LLDAP Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: nitnelave
password: ${{ secrets.GITHUB_TOKEN }}
########################################
#### docker image build ####
########################################
- name: Build ${{ matrix.container }} Docker Image
uses: docker/build-push-action@v4
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
platforms: ${{ matrix.platforms }}
file: ./.github/workflows/Dockerfile.ci.${{ matrix.container }}
tags: |
${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha,mode=max
cache-to: type=gha,mode=max
- name: Update repo description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: nitnelave/lldap
- name: Update lldap repo description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: lldap/lldap
###############################################################
### Download artifacts, clean up ui, upload to release page ###
###############################################################
create-release-artifacts:
needs: [build-ui, build-bin]
name: Create release artifacts
if: github.event_name == 'release'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download all artifacts
uses: actions/download-artifact@v3
with:
path: bin/
- name: Check file
run: ls -alR bin/
- name: Fixing Filename
run: |
mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap bin/aarch64-lldap
mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap bin/amd64-lldap
mv bin/armv7-unknown-linux-gnueabihf-lldap-bin/lldap bin/armhf-lldap
mv bin/aarch64-unknown-linux-musl-migration-tool-bin/migration-tool bin/aarch64-migration-tool
mv bin/x86_64-unknown-linux-musl-migration-tool-bin/migration-tool bin/amd64-migration-tool
mv bin/armv7-unknown-linux-gnueabihf-migration-tool-bin/migration-tool bin/armhf-migration-tool
mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password bin/aarch64-lldap_set_password
mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password bin/amd64-lldap_set_password
mv bin/armv7-unknown-linux-gnueabihf-lldap_set_password-bin/lldap_set_password bin/armhf-lldap_set_password
chmod +x bin/*-lldap
chmod +x bin/*-migration-tool
chmod +x bin/*-lldap_set_password
- name: Download llap ui artifacts
uses: actions/download-artifact@v3
with:
name: ui
path: web
- name: UI (web) artifacts cleanup
run: mkdir app && mv web/index.html app/index.html && mv web/static app/static && mv web/pkg app/pkg
- name: Fetch web components
run: |
sudo apt update
sudo apt install wget
for file in $(cat app/static/libraries.txt); do wget -P app/static "$file"; done
for file in $(cat app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done
chmod a+r -R .
- name: Setup LLDAP dir for packing
run: |
mkdir aarch64-lldap
mkdir amd64-lldap
mkdir armhf-lldap
mv bin/aarch64-lldap aarch64-lldap/lldap
mv bin/amd64-lldap amd64-lldap/lldap
mv bin/armhf-lldap armhf-lldap/lldap
mv bin/aarch64-migration-tool aarch64-lldap/migration-tool
mv bin/amd64-migration-tool amd64-lldap/migration-tool
mv bin/armhf-migration-tool armhf-lldap/migration-tool
mv bin/aarch64-lldap_set_password aarch64-lldap/lldap_set_password
mv bin/amd64-lldap_set_password amd64-lldap/lldap_set_password
mv bin/armhf-lldap_set_password armhf-lldap/lldap_set_password
cp -r app aarch64-lldap/
cp -r app amd64-lldap/
cp -r app armhf-lldap/
ls -alR aarch64-lldap/
ls -alR amd64-lldap/
ls -alR armhf-lldap/
- name: Packing LLDAP and Web UI
run: |
tar -czvf aarch64-lldap.tar.gz aarch64-lldap/
tar -czvf amd64-lldap.tar.gz amd64-lldap/
tar -czvf armhf-lldap.tar.gz armhf-lldap/
- name: Upload compressed release
uses: ncipollo/release-action@v1
id: create_release
with:
allowUpdates: true
artifacts: aarch64-lldap.tar.gz,
amd64-lldap.tar.gz,
armhf-lldap.tar.gz
env:
GITHUB_TOKEN: ${{ github.token }}

410
.github/workflows/docker-build.yml vendored Normal file
View File

@ -0,0 +1,410 @@
name: Docker
on:
push:
branches:
- 'main'
release:
types:
- 'published'
pull_request:
branches:
- 'main'
workflow_dispatch:
inputs:
msg:
description: "Set message"
default: "Manual trigger"
env:
CARGO_TERM_COLOR: always
RUSTC_WRAPPER: sccache
SCCACHE_DIR: $GITHUB_WORKSPACE/.sccache
SCCACHE_VERSION: v0.3.0
LINK: https://github.com/mozilla/sccache/releases/download
# In total 5 jobs, all of the jobs are containerized
# ---
# build-ui , create/compile the web
## Use rustlang/rust:nighlty image
### Install nodejs from nodesource repo
### install wasm
### install rollup
### run app/build.sh
### upload artifacts
# builds-armhf, build-aarch64, build-amd64 create binary for respective arch
## Use rustlang/rust:nightly image
### Add non native architecture dpkg --add-architecture XXX
### Install dev tool gcc g++, etc per respective arch
### Cargo build
### Upload artifacts
## the CARGO_ env
#CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc
#OPENSSL_INCLUDE_DIR: "/usr/include/openssl/"
#OPENSSL_LIB_DIR: "/usr/lib/arm-linux-gnueabihf/"
# This will determine which architecture lib will be used.
# build-ui,builds-armhf, build-aarch64, build-amd64 will upload artifacts will be used next job
# build-docker-image job will fetch artifacts and run Dockerfile.ci then push the image.
# On current https://hub.docker.com/_/rust
# 1-bullseye, 1.61-bullseye, 1.61.0-bullseye, bullseye, 1, 1.61, 1.61.0, latest
# cache
## .sccache
## cargo
## target
jobs:
build-ui:
runs-on: ubuntu-latest
container:
image: rust:1.61
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=-crt-static
steps:
- name: install runtime
run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev libssl-dev
- name: setup node repo LTS
run: curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
- name: install nodejs
run: apt install -y nodejs && npm -g install npm
- name: smoke test
run: rustc --version
- name: Install sccache (ubuntu-latest)
run: |
SCCACHE_FILE=sccache-$SCCACHE_VERSION-x86_64-unknown-linux-musl
mkdir -p $HOME/.local/bin
curl -L "$LINK/$SCCACHE_VERSION/$SCCACHE_FILE.tar.gz" | tar xz
mv -f $SCCACHE_FILE/sccache $HOME/.local/bin/sccache
chmod +x $HOME/.local/bin/sccache
echo "$HOME/.local/bin" >> $GITHUB_PATH
- uses: actions/cache@v3
with:
path: |
.sccache
/usr/local/cargo
target
key: lldap-ui-${{ github.sha }}
restore-keys: |
lldap-ui-
- name: Checkout repository
uses: actions/checkout@v2
- name: install cargo wasm
run: cargo install wasm-pack
- name: install rollup nodejs
run: npm install -g rollup
- name: build frontend
run: ./app/build.sh
- name: check path
run: ls -al app/
- name: upload ui artifacts
uses: actions/upload-artifact@v3
with:
name: ui
path: app/
build-armhf:
runs-on: ubuntu-latest
container:
image: rust:1.61
env:
CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc
OPENSSL_INCLUDE_DIR: "/usr/include/openssl/"
OPENSSL_LIB_DIR: "/usr/lib/arm-linux-gnueabihf/"
CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=-crt-static
steps:
- name: add armhf architecture
run: dpkg --add-architecture armhf
- name: install runtime
run: apt update && apt install -y gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf libc6-armhf-cross libc6-dev-armhf-cross libssl-dev:armhf tar
- name: smoke test
run: rustc --version
- name: add armhf target
run: rustup target add armv7-unknown-linux-gnueabihf
- name: smoke test
run: rustc --version
- name: Install sccache (ubuntu-latest)
run: |
SCCACHE_FILE=sccache-$SCCACHE_VERSION-x86_64-unknown-linux-musl
mkdir -p $HOME/.local/bin
curl -L "$LINK/$SCCACHE_VERSION/$SCCACHE_FILE.tar.gz" | tar xz
mv -f $SCCACHE_FILE/sccache $HOME/.local/bin/sccache
chmod +x $HOME/.local/bin/sccache
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Checkout repository
uses: actions/checkout@v2
- uses: actions/cache@v3
with:
path: |
.sccache
/usr/local/cargo
target
key: lldap-bin-armhf-${{ github.sha }}
restore-keys: |
lldap-bin-armhf-
- name: compile armhf
run: cargo build --target=armv7-unknown-linux-gnueabihf --release -p lldap -p migration-tool
- name: check path
run: ls -al target/release
- name: upload armhf lldap artifacts
uses: actions/upload-artifact@v3
with:
name: armhf-lldap-bin
path: target/armv7-unknown-linux-gnueabihf/release/lldap
- name: upload armhfmigration-tool artifacts
uses: actions/upload-artifact@v3
with:
name: armhf-migration-tool-bin
path: target/armv7-unknown-linux-gnueabihf/release/migration-tool
build-aarch64:
runs-on: ubuntu-latest
container:
image: rust:1.61
env:
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
OPENSSL_INCLUDE_DIR: "/usr/include/openssl/"
OPENSSL_LIB_DIR: "/usr/lib/aarch64-linux-gnu/"
CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=-crt-static
steps:
- name: add arm64 architecture
run: dpkg --add-architecture arm64
- name: install runtime
run: apt update && apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross libssl-dev:arm64 tar
- name: smoke test
run: rustc --version
- name: Checkout repository
uses: actions/checkout@v2
- name: add arm64 target
run: rustup target add aarch64-unknown-linux-gnu
- name: smoke test
run: rustc --version
- name: Install sccache (ubuntu-latest)
run: |
SCCACHE_FILE=sccache-$SCCACHE_VERSION-x86_64-unknown-linux-musl
mkdir -p $HOME/.local/bin
curl -L "$LINK/$SCCACHE_VERSION/$SCCACHE_FILE.tar.gz" | tar xz
mv -f $SCCACHE_FILE/sccache $HOME/.local/bin/sccache
chmod +x $HOME/.local/bin/sccache
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Checkout repository
uses: actions/checkout@v2
- uses: actions/cache@v3
with:
path: |
.sccache
/usr/local/cargo
target
key: lldap-bin-aarch64-${{ github.sha }}
restore-keys: |
lldap-bin-aarch64-
- name: compile aarch64
run: cargo build --target=aarch64-unknown-linux-gnu --release -p lldap -p migration-tool
- name: check path
run: ls -al target/aarch64-unknown-linux-gnu/release/
- name: upload aarch64 lldap artifacts
uses: actions/upload-artifact@v3
with:
name: aarch64-lldap-bin
path: target/aarch64-unknown-linux-gnu/release/lldap
- name: upload aarch64 migration-tool artifacts
uses: actions/upload-artifact@v3
with:
name: aarch64-migration-tool-bin
path: target/aarch64-unknown-linux-gnu/release/migration-tool
build-amd64:
runs-on: ubuntu-latest
container:
image: rust:1.61
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=-crt-static
steps:
- name: install runtime
run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev libssl-dev tar
- name: smoke test
run: rustc --version
- name: Install sccache (ubuntu-latest)
run: |
SCCACHE_FILE=sccache-$SCCACHE_VERSION-x86_64-unknown-linux-musl
mkdir -p $HOME/.local/bin
curl -L "$LINK/$SCCACHE_VERSION/$SCCACHE_FILE.tar.gz" | tar xz
mv -f $SCCACHE_FILE/sccache $HOME/.local/bin/sccache
chmod +x $HOME/.local/bin/sccache
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Checkout repository
uses: actions/checkout@v2
- name: cargo & sscache cache
uses: actions/cache@v3
with:
path: |
.sccache
/usr/local/cargo
target
key: lldap-bin-amd64-${{ github.sha }}
restore-keys: |
lldap-bin-amd64-
#- name: add cargo chef
# run: cargo install cargo-chef
#- name: chef prepare
# run: cargo chef prepare --recipe-path recipe.json
#- name: cook?
# run: cargo chef cook --release --recipe-path recipe.json
- name: compile amd64
run: cargo build --target=x86_64-unknown-linux-gnu --release -p lldap -p migration-tool
- name: check path
run: ls -al target/x86_64-unknown-linux-gnu/release/
- name: upload amd64 lldap artifacts
uses: actions/upload-artifact@v3
with:
name: amd64-lldap-bin
path: target/x86_64-unknown-linux-gnu/release/lldap
- name: upload amd64 migration-tool artifacts
uses: actions/upload-artifact@v3
with:
name: amd64-migration-tool-bin
path: target/x86_64-unknown-linux-gnu/release/migration-tool
build-docker-image:
needs: [build-ui,build-armhf,build-aarch64,build-amd64]
name: Build Docker image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: fetch repo
uses: actions/checkout@v2
- name: Download armhf lldap artifacts
uses: actions/download-artifact@v3
with:
name: armhf-lldap-bin
path: bin/armhf-bin
- name: Download armhf migration-tool artifacts
uses: actions/download-artifact@v3
with:
name: armhf-migration-tool-bin
path: bin/armhf-bin
- name: Download aarch64 lldap artifacts
uses: actions/download-artifact@v3
with:
name: aarch64-lldap-bin
path: bin/aarch64-bin
- name: Download aarch64 migration-tool artifacts
uses: actions/download-artifact@v3
with:
name: aarch64-migration-tool-bin
path: bin/aarch64-bin
- name: Download amd64 lldap artifacts
uses: actions/download-artifact@v3
with:
name: amd64-lldap-bin
path: bin/amd64-bin
- name: Download amd64 migration-tool artifacts
uses: actions/download-artifact@v3
with:
name: amd64-migration-tool-bin
path: bin/amd64-bin
- name: check bin path
run: ls -al bin/
- name: Download llap ui artifacts
uses: actions/download-artifact@v3
with:
name: ui
path: web
- name: setup qemu
uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
nitnelave/lldap
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: parse tag
uses: gacts/github-slug@v1
id: slug
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push latest
if: github.event_name != 'release'
uses: docker/build-push-action@v3
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
file: ./.github/workflows/Dockerfile.ci
tags: nitnelave/lldap:latest
#cache-from: type=gha
#cache-to: type=gha,mode=max
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: Build and push release
if: github.event_name == 'release'
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
# Tag as latest, stable, semver, major, major.minor and major.minor.patch.
file: ./.github/workflows/Dockerfile.ci
tags: nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }}
#cache-from: type=gha
#cache-to: type=gha,mode=max
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Update repo description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: nitnelave/lldap

27
.github/workflows/rust.yml vendored
View File

@ -13,6 +13,7 @@ jobs:
pre_job: pre_job:
continue-on-error: true continue-on-error: true
runs-on: ubuntu-latest runs-on: ubuntu-latest
# Map a step output to a job output
outputs: outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }} should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps: steps:
@ -21,7 +22,7 @@ jobs:
with: with:
concurrent_skipping: 'outdated_runs' concurrent_skipping: 'outdated_runs'
skip_after_successful_duplicate: 'true' skip_after_successful_duplicate: 'true'
paths_ignore: '["**/*.md", "**/docs/**", "example_configs/**", "*.sh", ".dockerignore", ".gitignore", "lldap_config.docker_template.toml", "Dockerfile"]' paths_ignore: '["**/*.md", "**/docs/**", "example_configs/**", "*.sh"]'
do_not_skip: '["workflow_dispatch", "schedule"]' do_not_skip: '["workflow_dispatch", "schedule"]'
cancel_others: true cancel_others: true
@ -33,8 +34,8 @@ jobs:
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v3.5.0 uses: actions/checkout@v3
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v1
- name: Build - name: Build
run: cargo build --verbose --workspace run: cargo build --verbose --workspace
- name: Run tests - name: Run tests
@ -52,9 +53,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v3.5.0 uses: actions/checkout@v3
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v1
- name: Run cargo clippy - name: Run cargo clippy
uses: actions-rs/cargo@v1 uses: actions-rs/cargo@v1
@ -69,9 +70,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v3.5.0 uses: actions/checkout@v3
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v1
- name: Run cargo fmt - name: Run cargo fmt
uses: actions-rs/cargo@v1 uses: actions-rs/cargo@v1
@ -86,14 +87,14 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v3.5.0 uses: actions/checkout@v3
- name: Install Rust - name: Install Rust
run: rustup toolchain install nightly --component llvm-tools-preview && rustup component add llvm-tools-preview --toolchain stable-x86_64-unknown-linux-gnu run: rustup toolchain install nightly --component llvm-tools-preview && rustup component add llvm-tools-preview --toolchain stable-x86_64-unknown-linux-gnu
- uses: taiki-e/install-action@cargo-llvm-cov - uses: taiki-e/install-action@cargo-llvm-cov
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v1
- name: Generate code coverage for unit test - name: Generate code coverage for unit test
run: cargo llvm-cov --workspace --no-report run: cargo llvm-cov --workspace --no-report
@ -101,14 +102,6 @@ jobs:
run: cargo llvm-cov --no-run --lcov --output-path lcov.info run: cargo llvm-cov --no-run --lcov --output-path lcov.info
- name: Upload coverage to Codecov - name: Upload coverage to Codecov
uses: codecov/codecov-action@v3 uses: codecov/codecov-action@v3
if: github.ref != 'refs/heads/main' || github.event_name != 'push'
with: with:
files: lcov.info files: lcov.info
fail_ci_if_error: true fail_ci_if_error: true
- name: Upload coverage to Codecov (main)
uses: codecov/codecov-action@v3
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
with:
files: lcov.info
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}

1
.gitignore vendored
View File

@ -23,7 +23,6 @@ server_key
*.tar.gz *.tar.gz
# Misc # Misc
.vscode
.env .env
recipe.json recipe.json
lldap_config.toml lldap_config.toml

105
CHANGELOG.md
View File

@ -5,110 +5,7 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.4.3] 2023-04-11 ## [Unreleased]
The repository has changed from `nitnelave/lldap` to `lldap/lldap`, both on GitHub
and on DockerHub (although we will keep publishing the images to
`nitnelave/lldap` for the foreseeable future). All data on GitHub has been
migrated, and the new docker images are available both on DockerHub and on the
GHCR under `lldap/lldap`.
### Added
- EC private keys are not supported for LDAPS.
### Changed
- SMTP user no longer has a default value (and instead defaults to unauthenticated).
### Fixed
- WASM payload is now delivered uncompressed to Safari due to a Safari bug.
- Password reset no longer redirects to login page.
- NextCloud config should add the "mail" attribute.
- GraphQL parameters are now urldecoded, to support special characters in usernames.
- Healthcheck correctly checks the server certificate.
### New services
- Home Assistant
- Shaarli
## [0.4.2] - 2023-03-27
### Added
- Add support for MySQL/MariaDB/PostgreSQL, in addition to SQLite.
- Healthcheck command for docker setups.
- User creation through LDAP.
- IPv6 support.
- Dev container for VsCode.
- Add support for DN LDAP filters.
- Add support for SubString LDAP filters.
- Add support for LdapCompare operation.
- Add support for unencrypted/unauthenticated SMTP connection.
- Add a command to setup the database schema.
- Add a tool to set a user's password from the command line.
- Added consistent release artifacts.
### Changed
- Payload is now compressed, reducing the size to 700kb.
- entryUUID is returned in the default LDAP fields.
- Slightly improved support for LDAP browsing tools.
- Password reset can be identified by email (instead of just username).
- Various front-end improvements, and support for dark mode.
- Add content-type header to the password reset email, fixing rendering issues in some clients.
- Identify groups with "cn" instead of "uid" in memberOf field.
### Removed
- Removed dependency on nodejs/rollup.
### Fixed
- Email is now using the async API.
- Fix handling of empty/null names (display, first, last).
- Obscured old password field when changing password.
- Respect user setting to disable password resets.
- Fix handling of "present" filters with unknown attributes.
- Fix handling of filters that could lead to an ambiguous SQL query.
### New services
- Authentik
- Dell iDRAC
- Dex
- Kanboard
- NextCloud + OIDC or Authelia
- Nexus
- SUSE Rancher
- VaultWarden
- WeKan
- WikiJS
- ZendTo
### Dependencies (highlights)
- Upgraded Yew to 0.19
- Upgraded actix to 0.13
- Upgraded clap to 4
- Switched from sea-query to sea-orm 0.11
## [0.4.1] - 2022-10-10
### Added
- Added support for STARTTLS for SMTP.
- Added support for user profile pictures, including importing them from OpenLDAP.
- Added support for every config value to be specified in a file.
- Added support for PKCS1 keys.
### Changed
- The `dn` attribute is no longer returned as an attribute (it's still part of the response).
- Empty attributes are no longer returned.
- The docker image now uses the locally-downloaded assets.
## [0.4.0] - 2022-07-08 ## [0.4.0] - 2022-07-08

2729
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

21
Cargo.toml
View File

@ -3,21 +3,16 @@ members = [
"server", "server",
"auth", "auth",
"app", "app",
"migration-tool", "migration-tool"
"set-password",
] ]
default-members = ["server"] default-members = ["server"]
[profile.release] # TODO: remove when there's a new release.
lto = true [patch.crates-io.yew_form]
git = 'https://github.com/sassman/yew_form/'
rev = '67050812695b7a8a90b81b0637e347fc6629daed'
[profile.release.package.lldap_app] [patch.crates-io.yew_form_derive]
opt-level = 's' git = 'https://github.com/sassman/yew_form/'
rev = '67050812695b7a8a90b81b0637e347fc6629daed'
[patch.crates-io.opaque-ke]
git = 'https://github.com/nitnelave/opaque-ke/'
branch = 'zeroize_1.5'
[patch.crates-io.lber]
git = 'https://github.com/inejge/ldap3/'

47
Dockerfile
View File

@ -1,5 +1,5 @@
# Build image # Build image
FROM rust:alpine3.16 AS chef FROM rust:alpine3.14 AS chef
RUN set -x \ RUN set -x \
# Add user # Add user
@ -11,7 +11,7 @@ RUN set -x \
--uid 10001 \ --uid 10001 \
app \ app \
# Install required packages # Install required packages
&& apk add openssl-dev musl-dev make perl curl gzip && apk add npm openssl-dev musl-dev make perl curl
USER app USER app
WORKDIR /app WORKDIR /app
@ -19,6 +19,7 @@ WORKDIR /app
RUN set -x \ RUN set -x \
# Install build tools # Install build tools
&& RUSTFLAGS=-Ctarget-feature=-crt-static cargo install wasm-pack cargo-chef \ && RUSTFLAGS=-Ctarget-feature=-crt-static cargo install wasm-pack cargo-chef \
&& npm install rollup \
&& rustup target add wasm32-unknown-unknown && rustup target add wasm32-unknown-unknown
# Prepare the dependency list. # Prepare the dependency list.
@ -31,58 +32,27 @@ FROM chef AS builder
COPY --from=planner /tmp/recipe.json recipe.json COPY --from=planner /tmp/recipe.json recipe.json
RUN cargo chef cook --release -p lldap_app --target wasm32-unknown-unknown \ RUN cargo chef cook --release -p lldap_app --target wasm32-unknown-unknown \
&& cargo chef cook --release -p lldap \ && cargo chef cook --release -p lldap \
&& cargo chef cook --release -p migration-tool \ && cargo chef cook --release -p migration-tool
&& cargo chef cook --release -p lldap_set_password
# Copy the source and build the app and server. # Copy the source and build the app and server.
COPY --chown=app:app . . COPY --chown=app:app . .
RUN cargo build --release -p lldap -p migration-tool -p lldap_set_password \ RUN cargo build --release -p lldap -p migration-tool \
# Build the frontend. # Build the frontend.
&& ./app/build.sh && ./app/build.sh
# Final image # Final image
FROM alpine:3.16 FROM alpine:3.14
ENV GOSU_VERSION 1.14
# Fetch gosu from git
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf && gpgconf --kill all || :; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
WORKDIR /app WORKDIR /app
COPY --from=builder /app/app/index_local.html app/index.html COPY --from=builder /app/app/index_local.html app/index.html
COPY --from=builder /app/app/static app/static COPY --from=builder /app/app/static app/static
COPY --from=builder /app/app/pkg app/pkg COPY --from=builder /app/app/pkg app/pkg
COPY --from=builder /app/target/release/lldap /app/target/release/migration-tool /app/target/release/lldap_set_password ./ COPY --from=builder /app/target/release/lldap /app/target/release/migration-tool ./
COPY docker-entrypoint.sh lldap_config.docker_template.toml ./ COPY docker-entrypoint.sh lldap_config.docker_template.toml ./
RUN set -x \ RUN set -x \
&& apk add --no-cache bash tzdata \ && apk add --no-cache bash \
&& for file in $(cat app/static/libraries.txt); do wget -P app/static "$file"; done \ && for file in $(cat app/static/libraries.txt); do wget -P app/static "$file"; done \
&& for file in $(cat app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ && for file in $(cat app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \
&& chmod a+r -R . && chmod a+r -R .
@ -94,4 +64,3 @@ EXPOSE ${LDAP_PORT} ${HTTP_PORT}
ENTRYPOINT ["/app/docker-entrypoint.sh"] ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["run", "--config-file", "/data/lldap_config.toml"] CMD ["run", "--config-file", "/data/lldap_config.toml"]
HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"]

251
README.md
View File

@ -23,25 +23,25 @@
src="https://img.shields.io/badge/unsafe-forbidden-success.svg" src="https://img.shields.io/badge/unsafe-forbidden-success.svg"
alt="Unsafe forbidden"/> alt="Unsafe forbidden"/>
</a> </a>
<a href="https://app.codecov.io/gh/lldap/lldap"> <a href="https://app.codecov.io/gh/nitnelave/lldap">
<img alt="Codecov" src="https://img.shields.io/codecov/c/github/lldap/lldap" /> <img alt="Codecov" src="https://img.shields.io/codecov/c/github/nitnelave/lldap" />
</a> </a>
</p> </p>
- [About](#about) - [About](#About)
- [Installation](#installation) - [Installation](#Installation)
- [With Docker](#with-docker) - [With Docker](#With-Docker)
- [From source](#from-source) - [From source](#From-source)
- [Cross-compilation](#cross-compilation) - [Cross-compilation](#Cross-compilation)
- [Client configuration](#client-configuration) - [Client configuration](#Client-configuration)
- [Compatible services](#compatible-services) - [Compatible services](#compatible-services)
- [General configuration guide](#general-configuration-guide) - [General configuration guide](#general-configuration-guide)
- [Sample client configurations](#sample-client-configurations) - [Sample cient configurations](#Sample-client-configurations)
- [Comparisons with other services](#comparisons-with-other-services) - [Comparisons with other services](#Comparisons-with-other-services)
- [vs OpenLDAP](#vs-openldap) - [vs OpenLDAP](#vs-openldap)
- [vs FreeIPA](#vs-freeipa) - [vs FreeIPA](#vs-freeipa)
- [I can't log in!](#i-cant-log-in) - [I can't log in!](#i-cant-log-in)
- [Contributions](#contributions) - [Contributions](#Contributions)
## About ## About
@ -62,11 +62,10 @@ edit their own details or reset their password by email.
The goal is _not_ to provide a full LDAP server; if you're interested in that, The goal is _not_ to provide a full LDAP server; if you're interested in that,
check out OpenLDAP. This server is a user management system that is: check out OpenLDAP. This server is a user management system that is:
* simple to setup (no messing around with `slapd`),
- simple to setup (no messing around with `slapd`), * simple to manage (friendly web UI),
- simple to manage (friendly web UI), * low resources,
- low resources, * opinionated with basic defaults so you don't have to understand the
- opinionated with basic defaults so you don't have to understand the
subtleties of LDAP. subtleties of LDAP.
It mostly targets self-hosting servers, with open-source components like It mostly targets self-hosting servers, with open-source components like
@ -77,9 +76,6 @@ For more features (OAuth/OpenID support, reverse proxy, ...) you can install
other components (KeyCloak, Authelia, ...) using this server as the source of other components (KeyCloak, Authelia, ...) using this server as the source of
truth for users, via LDAP. truth for users, via LDAP.
By default, the data is stored in SQLite, but you can swap the backend with
MySQL/MariaDB or PostgreSQL.
## Installation ## Installation
### With Docker ### With Docker
@ -94,8 +90,6 @@ Configure the server by copying the `lldap_config.docker_template.toml` to
Environment variables should be prefixed with `LLDAP_` to override the Environment variables should be prefixed with `LLDAP_` to override the
configuration. configuration.
If the `lldap_config.toml` doesn't exist when starting up, LLDAP will use default one. The default admin password is `password`, you can change the password later using the web interface.
Secrets can also be set through a file. The filename should be specified by the Secrets can also be set through a file. The filename should be specified by the
variables `LLDAP_JWT_SECRET_FILE` or `LLDAP_LDAP_USER_PASS_FILE`, and the file variables `LLDAP_JWT_SECRET_FILE` or `LLDAP_LDAP_USER_PASS_FILE`, and the file
contents are loaded into the respective configuration parameters. Note that contents are loaded into the respective configuration parameters. Note that
@ -103,14 +97,7 @@ contents are loaded into the respective configuration parameters. Note that
Example for docker compose: Example for docker compose:
- You can use either the `:latest` tag image or `:stable` as used in this example.
- `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
- If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
- If no `TZ` is set, default `UTC` timezone will be used.
```yaml ```yaml
version: "3"
volumes: volumes:
lldap_data: lldap_data:
driver: local driver: local
@ -118,6 +105,8 @@ volumes:
services: services:
lldap: lldap:
image: nitnelave/lldap:stable image: nitnelave/lldap:stable
# Change this to the user:group you want.
user: "33:33"
ports: ports:
# For LDAP # For LDAP
- "3890:3890" - "3890:3890"
@ -128,65 +117,29 @@ services:
# Alternatively, you can mount a local folder # Alternatively, you can mount a local folder
# - "./lldap_data:/data" # - "./lldap_data:/data"
environment: environment:
- UID=####
- GID=####
- TZ=####/####
- LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM - LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
- LLDAP_LDAP_USER_PASS=REPLACE_WITH_PASSWORD - LLDAP_LDAP_USER_PASS=REPLACE_WITH_PASSWORD
- LLDAP_LDAP_BASE_DN=dc=example,dc=com - LLDAP_LDAP_BASE_DN=dc=example,dc=com
# You can also set a different database:
# - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database
# - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database
``` ```
Then the service will listen on two ports, one for LDAP and one for the web Then the service will listen on two ports, one for LDAP and one for the web
front-end. front-end.
### With Kubernetes
See https://github.com/Evantage-WS/lldap-kubernetes for a LLDAP deployment for Kubernetes
### From source ### From source
#### Backend
To compile the project, you'll need:
- curl and gzip: `sudo apt install curl gzip`
- Rust/Cargo: [rustup.rs](https://rustup.rs/)
Then you can compile the server (and the migration tool if you want):
```shell
cargo build --release -p lldap -p migration-tool
```
The resulting binaries will be in `./target/release/`. Alternatively, you can
just run `cargo run -- run` to run the server.
#### Frontend
To bring up the server, you'll need to compile the frontend. In addition to To bring up the server, you'll need to compile the frontend. In addition to
`cargo`, you'll need: cargo, you'll need:
- WASM-pack: `cargo install wasm-pack` * WASM-pack: `cargo install wasm-pack`
* rollup.js: `npm install rollup`
Then you can build the frontend files with Then you can build the frontend files with `./app/build.sh` (you'll need to run
this after every front-end change to update the WASM package served).
```shell To bring up the server, just run `cargo run`. The default config is in
./app/build.sh `src/infra/configuration.rs`, but you can override it by creating an
```` `lldap_config.toml`, setting environment variables or passing arguments to
`cargo run`.
(you'll need to run this after every front-end change to update the WASM
package served).
The default config is in `src/infra/configuration.rs`, but you can override it
by creating an `lldap_config.toml`, setting environment variables or passing
arguments to `cargo run`. Have a look at the docker template:
`lldap_config.docker_template.toml`.
You can also install it as a systemd service, see
[lldap.service](example_configs/lldap.service).
### Cross-compilation ### Cross-compilation
@ -223,15 +176,14 @@ the config).
### General configuration guide ### General configuration guide
To configure the services that will talk to LLDAP, here are the values: To configure the services that will talk to LLDAP, here are the values:
- The LDAP user DN is from the configuration. By default,
- The LDAP user DN is from the configuration. By default, `cn=admin,ou=people,dc=example,dc=com`.
`cn=admin,ou=people,dc=example,dc=com`. - The LDAP password is from the configuration (same as to log in to the web
- The LDAP password is from the configuration (same as to log in to the web UI).
UI). - The users are all located in `ou=people,` + the base DN, so by default user
- The users are all located in `ou=people,` + the base DN, so by default user `bob` is at `cn=bob,ou=people,dc=example,dc=com`.
`bob` is at `cn=bob,ou=people,dc=example,dc=com`. - Similarly, the groups are located in `ou=groups`, so the group `family`
- Similarly, the groups are located in `ou=groups`, so the group `family` will be at `cn=family,ou=groups,dc=example,dc=com`.
will be at `cn=family,ou=groups,dc=example,dc=com`.
Testing group membership through `memberOf` is supported, so you can have a Testing group membership through `memberOf` is supported, so you can have a
filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`. filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.
@ -246,110 +198,75 @@ administration access to many services.
Some specific clients have been tested to work and come with sample Some specific clients have been tested to work and come with sample
configuration files, or guides. See the [`example_configs`](example_configs) configuration files, or guides. See the [`example_configs`](example_configs)
folder for help with: folder for help with:
- [Apache Guacamole](example_configs/apacheguacamole.md)
- [Airsonic Advanced](example_configs/airsonic-advanced.md) - [Authelia](example_configs/authelia_config.yml)
- [Apache Guacamole](example_configs/apacheguacamole.md) - [Bookstack](example_configs/bookstack.env.example)
- [Authelia](example_configs/authelia_config.yml) - [Calibre-Web](example_configs/calibre_web.md)
- [Authentik](example_configs/authentik.md) - [Dolibarr](example_configs/dolibarr.md)
- [Bookstack](example_configs/bookstack.env.example) - [Emby](example_configs/emby.md)
- [Calibre-Web](example_configs/calibre_web.md) - [Gitea](example_configs/gitea.md)
- [Dell iDRAC](example_configs/dell_idrac.md) - [Grafana](example_configs/grafana_ldap_config.toml)
- [Dex](example_configs/dex_config.yml) - [Jellyfin](example_configs/jellyfin.md)
- [Dokuwiki](example_configs/dokuwiki.md) - [Jisti Meet](example_configs/jitsi_meet.conf)
- [Dolibarr](example_configs/dolibarr.md) - [KeyCloak](example_configs/keycloak.md)
- [Emby](example_configs/emby.md) - [Matrix](example_configs/matrix_synapse.yml)
- [Gitea](example_configs/gitea.md) - [Organizr](example_configs/Organizr.md)
- [Grafana](example_configs/grafana_ldap_config.toml) - [Portainer](example_configs/portainer.md)
- [Hedgedoc](example_configs/hedgedoc.md) - [Seafile](example_configs/seafile.md)
- [Jellyfin](example_configs/jellyfin.md) - [Syncthing](example_configs/syncthing.md)
- [Jitsi Meet](example_configs/jitsi_meet.conf) - [WG Portal](example_configs/wg_portal.env.example)
- [KeyCloak](example_configs/keycloak.md)
- [Matrix](example_configs/matrix_synapse.yml)
- [Nextcloud](example_configs/nextcloud.md)
- [Nexus](example_configs/nexus.md)
- [Organizr](example_configs/Organizr.md)
- [Portainer](example_configs/portainer.md)
- [Rancher](example_configs/rancher.md)
- [Seafile](example_configs/seafile.md)
- [Shaarli](example_configs/shaarli.md)
- [Syncthing](example_configs/syncthing.md)
- [Vaultwarden](example_configs/vaultwarden.md)
- [WeKan](example_configs/wekan.md)
- [WG Portal](example_configs/wg_portal.env.example)
- [WikiJS](example_configs/wikijs.md)
- [XBackBone](example_configs/xbackbone_config.php)
- [Zendto](example_configs/zendto.md)
## Migrating from SQLite
If you started with an SQLite database and would like to migrate to
MySQL/MariaDB or PostgreSQL, check out the [DB
migration docs](/docs/database_migration.md).
## Comparisons with other services ## Comparisons with other services
### vs OpenLDAP ### vs OpenLDAP
[OpenLDAP](https://www.openldap.org) is a monster of a service that implements OpenLDAP is a monster of a service that implements all of LDAP and all of its
all of LDAP and all of its extensions, plus some of its own. That said, if you extensions, plus some of its own. That said, if you need all that flexibility,
need all that flexibility, it might be what you need! Note that installation it might be what you need! Note that installation can be a bit painful
can be a bit painful (figuring out how to use `slapd`) and people have mixed (figuring out how to use `slapd`) and people have mixed experiences following
experiences following tutorials online. If you don't configure it properly, you tutorials online. If you don't configure it properly, you might end up storing
might end up storing passwords in clear, so a breach of your server would passwords in clear, so a breach of your server would reveal all the stored
reveal all the stored passwords! passwords!
OpenLDAP doesn't come with a UI: if you want a web interface, you'll have to OpenLDAP doesn't come with a UI: if you want a web interface, you'll have to
install one (not that many look nice) and configure it. install one (not that many that look nice) and configure it.
LLDAP is much simpler to setup, has a much smaller image (10x smaller, 20x if LLDAP is much simpler to setup, has a much smaller image (10x smaller, 20x if
you add PhpLdapAdmin), and comes packed with its own purpose-built web UI. you add PhpLdapAdmin), and comes packed with its own purpose-built wed UI.
However, it's not as flexible as OpenLDAP.
### vs FreeIPA ### vs FreeIPA
[FreeIPA](http://www.freeipa.org) is the one-stop shop for identity management: FreeIPA is the one-stop shop for identity management: LDAP, Kerberos, NTP, DNS,
LDAP, Kerberos, NTP, DNS, Samba, you name it, it has it. In addition to user Samba, you name it, it has it. In addition to user management, it also does
management, it also does security policies, single sign-on, certificate security policies, single sign-on, certificate management, linux account
management, linux account management and so on. management and so on.
If you need all of that, go for it! Keep in mind that a more complex system is If you need all of that, go for it! Keep in mind that a more complex system is
more complex to maintain, though. more complex to maintain, though.
LLDAP is much lighter to run (<10 MB RAM including the DB), easier to LLDAP is much lighter to run (<100 MB RAM including the DB), easier to
configure (no messing around with DNS or security policies) and simpler to configure (no messing around with DNS or security policies) and simpler to
use. It also comes conveniently packed in a docker container. use. It also comes conveniently packed in a docker container.
### vs Kanidm
[Kanidm](https://kanidm.com) is an up-and-coming Rust identity management
platform, covering all your bases: OAuth, Linux accounts, SSH keys, Radius,
WebAuthn. It comes with a (read-only) LDAPS server.
It's fairly easy to install and does much more; but their LDAP server is
read-only, and by having more moving parts it is inherently more complex. If
you don't need to modify the users through LDAP and you're planning on
installing something like [KeyCloak](https://www.keycloak.org) to provide
modern identity protocols, check out Kanidm.
## I can't log in! ## I can't log in!
If you just set up the server, can get to the login page but the password you If you just set up the server, can get to the login page but the password you
set isn't working, try the following: set isn't working, try the following:
- (For docker): Make sure that the `/data` folder is persistent, either to a - (For docker): Make sure that the `/data` folder is persistent, either to a
docker volume or mounted from the host filesystem. docker volume or mounted from the host filesystem.
- Check if there is a `lldap_config.toml` file (either in `/data` for docker - Check if there is a `lldap_config.toml` file (either in `/data` for docker
or in the current directory). If there isn't, copy or in the current directory). If there isn't, copy
`lldap_config.docker_template.toml` there, and fill in the various values `lldap_config.docker_template.toml` there, and fill in the various values
(passwords, secrets, ...). (passwords, secrets, ...).
- Check if there is a `users.db` file (either in `/data` for docker or where - Check if there is a `users.db` file (either in `/data` for docker or where
you specified the DB URL, which defaults to the current directory). If you specified the DB URL, which defaults to the current directory). If
there isn't, check that the user running the command (user with ID 10001 there isn't, check that the user running the command (user with ID 10001
for docker) has the rights to write to the `/data` folder. If in doubt, you for docker) has the rights to write to the `/data` folder. If in doubt, you
can `chmod 777 /data` (or whatever the folder) to make it world-writeable. can `chmod 777 /data` (or whatever the folder) to make it world-writeable.
- Make sure you restart the server. - Make sure you restart the server.
- If it's still not working, join the - If it's still not working, join the
[Discord server](https://discord.gg/h5PEdRMNyP) to ask for help. [Discord server](https://discord.gg/h5PEdRMNyP) to ask for help.
## Contributions ## Contributions

30
app/Cargo.toml
View File

@ -1,29 +1,25 @@
[package] [package]
name = "lldap_app" name = "lldap_app"
version = "0.4.4-alpha" version = "0.4.0"
authors = ["Valentin Tolmer <valentin@tolmer.fr>"] authors = ["Valentin Tolmer <valentin@tolmer.fr>"]
edition = "2021" edition = "2021"
include = ["src/**/*", "queries/**/*", "Cargo.toml", "../schema.graphql"]
[dependencies] [dependencies]
anyhow = "1" anyhow = "1"
base64 = "0.13"
gloo-console = "0.2.3"
gloo-file = "0.2.3"
gloo-net = "*"
graphql_client = "0.10" graphql_client = "0.10"
http = "0.2" http = "0.2"
jwt = "0.13" jwt = "0.13"
rand = "0.8" rand = "0.8"
serde = "1" serde = "1"
serde_json = "1" serde_json = "1"
url-escape = "0.1.1"
validator = "=0.14" validator = "=0.14"
validator_derive = "*" validator_derive = "*"
wasm-bindgen = "0.2" wasm-bindgen = "0.2"
wasm-bindgen-futures = "*" yew = "0.18"
yew = "0.19.3" yewtil = "*"
yew-router = "0.16" yew-router = "0.15"
yew_form = "0.1.8"
yew_form_derive = "*"
# Needed because of https://github.com/tkaitchuck/aHash/issues/95 # Needed because of https://github.com/tkaitchuck/aHash/issues/95
indexmap = "=1.6.2" indexmap = "=1.6.2"
@ -33,7 +29,6 @@ version = "0.3"
features = [ features = [
"Document", "Document",
"Element", "Element",
"FileReader",
"HtmlDocument", "HtmlDocument",
"HtmlInputElement", "HtmlInputElement",
"HtmlOptionElement", "HtmlOptionElement",
@ -52,18 +47,5 @@ features = [
path = "../auth" path = "../auth"
features = [ "opaque_client" ] features = [ "opaque_client" ]
[dependencies.image]
features = ["jpeg"]
default-features = false
version = "0.24"
[dependencies.yew_form]
git = "https://github.com/jfbilodeau/yew_form"
rev = "4b9fabffb63393ec7626a4477fd36de12a07fac9"
[dependencies.yew_form_derive]
git = "https://github.com/jfbilodeau/yew_form"
rev = "4b9fabffb63393ec7626a4477fd36de12a07fac9"
[lib] [lib]
crate-type = ["cdylib"] crate-type = ["cdylib"]

20
app/build.sh
View File

@ -6,12 +6,22 @@ then
>&2 echo '`wasm-pack` not found. Try running `cargo install wasm-pack`' >&2 echo '`wasm-pack` not found. Try running `cargo install wasm-pack`'
exit 1 exit 1
fi fi
if ! which gzip > /dev/null 2>&1
wasm-pack build --target web
ROLLUP_BIN=$(which rollup 2>/dev/null)
if [ -f ../node_modules/rollup/dist/bin/rollup ]
then then
>&2 echo '`gzip` not found.' ROLLUP_BIN=../node_modules/rollup/dist/bin/rollup
elif [ -f node_modules/rollup/dist/bin/rollup ]
then
ROLLUP_BIN=node_modules/rollup/dist/bin/rollup
fi
if [ -z "$ROLLUP_BIN" ]
then
>&2 echo '`rollup` not found. Try running `npm install rollup`'
exit 1 exit 1
fi fi
wasm-pack build --target web --release $ROLLUP_BIN ./main.js --format iife --file ./pkg/bundle.js --globals bootstrap:bootstrap
gzip -9 -k -f pkg/lldap_app_bg.wasm

15
app/index.html
View File

@ -4,21 +4,17 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>LLDAP Administration</title> <title>LLDAP Administration</title>
<script src="/static/main.js" type="module" defer></script> <script src="/pkg/bundle.js" defer></script>
<link <link
href="https://cdn.jsdelivr.net/npm/bootstrap-dark-5@1.1.3/dist/css/bootstrap-nightshade.min.css" href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/css/bootstrap.min.css"
rel="preload stylesheet" rel="preload stylesheet"
integrity="sha384-CvItGYrXmque42UjYhp+bjRR8tgQz78Nlwk42gYsNzBc6y0DuXNtdUaRzr1cl2uK" integrity="sha384-+0n0xVW2eSR5OomGNYDnhzAbDsOXxcvSN1TPprVMTNDbiYZCxYbOOl7+AMvyTG2x"
crossorigin="anonymous" crossorigin="anonymous"
as="style" /> as="style" />
<script <script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js" src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js"
integrity="sha384-/bQdsTh/da6pkI1MST/rWKFNjaCP5gBSY4sEBT38Q/9RBh9AH40zEOg7Hlq2THRZ" integrity="sha384-/bQdsTh/da6pkI1MST/rWKFNjaCP5gBSY4sEBT38Q/9RBh9AH40zEOg7Hlq2THRZ"
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap-dark-5@1.1.3/dist/js/darkmode.min.js"
integrity="sha384-A4SLs39X/aUfwRclRaXvNeXNBTLZdnZdHhhteqbYFS2jZTRD79tKeFeBn7SGXNpi"
crossorigin="anonymous"></script>
<link <link
rel="stylesheet" rel="stylesheet"
href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css"
@ -34,11 +30,6 @@
<link <link
rel="stylesheet" rel="stylesheet"
href="/static/style.css" /> href="/static/style.css" />
<script>
function inDarkMode(){
return darkmode.inDarkMode;
}
</script>
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
</head> </head>

14
app/index_local.html
View File

@ -4,18 +4,15 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>LLDAP Administration</title> <title>LLDAP Administration</title>
<script src="/static/main.js" type="module" defer></script> <script src="/pkg/bundle.js" defer></script>
<link <link
href="/static/bootstrap-nightshade.min.css" href="/static/bootstrap.min.css"
rel="preload stylesheet" rel="preload stylesheet"
integrity="sha384-CvItGYrXmque42UjYhp+bjRR8tgQz78Nlwk42gYsNzBc6y0DuXNtdUaRzr1cl2uK" integrity="sha384-+0n0xVW2eSR5OomGNYDnhzAbDsOXxcvSN1TPprVMTNDbiYZCxYbOOl7+AMvyTG2x"
as="style" /> as="style" />
<script <script
src="/static/bootstrap.bundle.min.js" src="/static/bootstrap.bundle.min.js"
integrity="sha384-/bQdsTh/da6pkI1MST/rWKFNjaCP5gBSY4sEBT38Q/9RBh9AH40zEOg7Hlq2THRZ"></script> integrity="sha384-/bQdsTh/da6pkI1MST/rWKFNjaCP5gBSY4sEBT38Q/9RBh9AH40zEOg7Hlq2THRZ"></script>
<script
src="/static/darkmode.min.js"
integrity="sha384-A4SLs39X/aUfwRclRaXvNeXNBTLZdnZdHhhteqbYFS2jZTRD79tKeFeBn7SGXNpi"></script>
<link <link
rel="stylesheet" rel="stylesheet"
href="/static/bootstrap-icons.css" href="/static/bootstrap-icons.css"
@ -31,11 +28,6 @@
<link <link
rel="stylesheet" rel="stylesheet"
href="/static/style.css" /> href="/static/style.css" />
<script>
function inDarkMode(){
return darkmode.inDarkMode;
}
</script>
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
</head> </head>

6
app/main.js Normal file
View File

@ -0,0 +1,6 @@
import init, { run_app } from './pkg/lldap_app.js';
async function main() {
await init('/pkg/lldap_app_bg.wasm');
run_app();
}
main()

2
app/queries/get_group_details.graphql
View File

@ -2,8 +2,6 @@ query GetGroupDetails($id: Int!) {
group(groupId: $id) { group(groupId: $id) {
id id
displayName displayName
creationDate
uuid
users { users {
id id
displayName displayName

1
app/queries/get_group_list.graphql
View File

@ -2,6 +2,5 @@ query GetGroupList {
groups { groups {
id id
displayName displayName
creationDate
} }
} }

2
app/queries/get_user_details.graphql
View File

@ -5,9 +5,7 @@ query GetUserDetails($id: String!) {
displayName displayName
firstName firstName
lastName lastName
avatar
creationDate creationDate
uuid
groups { groups {
id id
displayName displayName

59
app/src/components/add_group_member.rs
View File

@ -52,25 +52,23 @@ pub struct Props {
} }
impl CommonComponent<AddGroupMemberComponent> for AddGroupMemberComponent { impl CommonComponent<AddGroupMemberComponent> for AddGroupMemberComponent {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::UserListResponse(response) => { Msg::UserListResponse(response) => {
self.user_list = Some(response?.users); self.user_list = Some(response?.users);
self.common.cancel_task();
} }
Msg::SubmitAddMember => return self.submit_add_member(ctx), Msg::SubmitAddMember => return self.submit_add_member(),
Msg::AddMemberResponse(response) => { Msg::AddMemberResponse(response) => {
response?; response?;
self.common.cancel_task();
let user = self let user = self
.selected_user .selected_user
.as_ref() .as_ref()
.expect("Could not get selected user") .expect("Could not get selected user")
.clone(); .clone();
// Remove the user from the dropdown. // Remove the user from the dropdown.
ctx.props().on_user_added_to_group.emit(user); self.common.on_user_added_to_group.emit(user);
} }
Msg::SelectionChanged(option_props) => { Msg::SelectionChanged(option_props) => {
let was_some = self.selected_user.is_some(); let was_some = self.selected_user.is_some();
@ -90,25 +88,23 @@ impl CommonComponent<AddGroupMemberComponent> for AddGroupMemberComponent {
} }
impl AddGroupMemberComponent { impl AddGroupMemberComponent {
fn get_user_list(&mut self, ctx: &Context<Self>) { fn get_user_list(&mut self) {
self.common.call_graphql::<ListUserNames, _>( self.common.call_graphql::<ListUserNames, _>(
ctx,
list_user_names::Variables { filters: None }, list_user_names::Variables { filters: None },
Msg::UserListResponse, Msg::UserListResponse,
"Error trying to fetch user list", "Error trying to fetch user list",
); );
} }
fn submit_add_member(&mut self, ctx: &Context<Self>) -> Result<bool> { fn submit_add_member(&mut self) -> Result<bool> {
let user_id = match self.selected_user.clone() { let user_id = match self.selected_user.clone() {
None => return Ok(false), None => return Ok(false),
Some(user) => user.id, Some(user) => user.id,
}; };
self.common.call_graphql::<AddUserToGroup, _>( self.common.call_graphql::<AddUserToGroup, _>(
ctx,
add_user_to_group::Variables { add_user_to_group::Variables {
user: user_id, user: user_id,
group: ctx.props().group_id, group: self.common.group_id,
}, },
Msg::AddMemberResponse, Msg::AddMemberResponse,
"Error trying to initiate adding the user to a group", "Error trying to initiate adding the user to a group",
@ -116,8 +112,8 @@ impl AddGroupMemberComponent {
Ok(true) Ok(true)
} }
fn get_selectable_user_list(&self, ctx: &Context<Self>, user_list: &[User]) -> Vec<User> { fn get_selectable_user_list(&self, user_list: &[User]) -> Vec<User> {
let user_groups = ctx.props().users.iter().collect::<HashSet<_>>(); let user_groups = self.common.users.iter().collect::<HashSet<_>>();
user_list user_list
.iter() .iter()
.filter(|u| !user_groups.contains(u)) .filter(|u| !user_groups.contains(u))
@ -130,39 +126,41 @@ impl Component for AddGroupMemberComponent {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut res = Self { let mut res = Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
user_list: None, user_list: None,
selected_user: None, selected_user: None,
}; };
res.get_user_list(ctx); res.get_user_list();
res res
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update_and_report_error( CommonComponentParts::<Self>::update_and_report_error(
self, self,
ctx,
msg, msg,
ctx.props().on_error.clone(), self.common.on_error.clone(),
) )
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
if let Some(user_list) = &self.user_list { if let Some(user_list) = &self.user_list {
let to_add_user_list = self.get_selectable_user_list(ctx, user_list); let to_add_user_list = self.get_selectable_user_list(user_list);
#[allow(unused_braces)] #[allow(unused_braces)]
let make_select_option = |user: User| { let make_select_option = |user: User| {
html_nested! { html_nested! {
<SelectOption value={user.id.clone()} text={user.display_name.clone()} key={user.id} /> <SelectOption value=user.id.clone() text=user.display_name.clone() key=user.id />
} }
}; };
html! { html! {
<div class="row"> <div class="row">
<div class="col-sm-3"> <div class="col-sm-3">
<Select on_selection_change={link.callback(Msg::SelectionChanged)}> <Select on_selection_change=self.common.callback(Msg::SelectionChanged)>
{ {
to_add_user_list to_add_user_list
.into_iter() .into_iter()
@ -171,13 +169,12 @@ impl Component for AddGroupMemberComponent {
} }
</Select> </Select>
</div> </div>
<div class="col-3"> <div class="col-sm-1">
<button <button
class="btn btn-secondary" class="btn btn-success"
disabled={self.selected_user.is_none() || self.common.is_task_running()} disabled=self.selected_user.is_none() || self.common.is_task_running()
onclick={link.callback(|_| Msg::SubmitAddMember)}> onclick=self.common.callback(|_| Msg::SubmitAddMember)>
<i class="bi-person-plus me-2"></i> {"Add"}
{"Add to group"}
</button> </button>
</div> </div>
</div> </div>

59
app/src/components/add_user_to_group.rs
View File

@ -64,18 +64,16 @@ pub struct Props {
} }
impl CommonComponent<AddUserToGroupComponent> for AddUserToGroupComponent { impl CommonComponent<AddUserToGroupComponent> for AddUserToGroupComponent {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::GroupListResponse(response) => { Msg::GroupListResponse(response) => {
self.group_list = Some(response?.groups.into_iter().map(Into::into).collect()); self.group_list = Some(response?.groups.into_iter().map(Into::into).collect());
self.common.cancel_task();
} }
Msg::SubmitAddGroup => return self.submit_add_group(ctx), Msg::SubmitAddGroup => return self.submit_add_group(),
Msg::AddGroupResponse(response) => { Msg::AddGroupResponse(response) => {
response?; response?;
self.common.cancel_task();
// Adding the user to the group succeeded, we're not in the process of adding a // Adding the user to the group succeeded, we're not in the process of adding a
// group anymore. // group anymore.
let group = self let group = self
@ -84,7 +82,7 @@ impl CommonComponent<AddUserToGroupComponent> for AddUserToGroupComponent {
.expect("Could not get selected group") .expect("Could not get selected group")
.clone(); .clone();
// Remove the group from the dropdown. // Remove the group from the dropdown.
ctx.props().on_user_added_to_group.emit(group); self.common.on_user_added_to_group.emit(group);
} }
Msg::SelectionChanged(option_props) => { Msg::SelectionChanged(option_props) => {
let was_some = self.selected_group.is_some(); let was_some = self.selected_group.is_some();
@ -104,24 +102,22 @@ impl CommonComponent<AddUserToGroupComponent> for AddUserToGroupComponent {
} }
impl AddUserToGroupComponent { impl AddUserToGroupComponent {
fn get_group_list(&mut self, ctx: &Context<Self>) { fn get_group_list(&mut self) {
self.common.call_graphql::<GetGroupList, _>( self.common.call_graphql::<GetGroupList, _>(
ctx,
get_group_list::Variables, get_group_list::Variables,
Msg::GroupListResponse, Msg::GroupListResponse,
"Error trying to fetch group list", "Error trying to fetch group list",
); );
} }
fn submit_add_group(&mut self, ctx: &Context<Self>) -> Result<bool> { fn submit_add_group(&mut self) -> Result<bool> {
let group_id = match &self.selected_group { let group_id = match &self.selected_group {
None => return Ok(false), None => return Ok(false),
Some(group) => group.id, Some(group) => group.id,
}; };
self.common.call_graphql::<AddUserToGroup, _>( self.common.call_graphql::<AddUserToGroup, _>(
ctx,
add_user_to_group::Variables { add_user_to_group::Variables {
user: ctx.props().username.clone(), user: self.common.username.clone(),
group: group_id, group: group_id,
}, },
Msg::AddGroupResponse, Msg::AddGroupResponse,
@ -130,8 +126,8 @@ impl AddUserToGroupComponent {
Ok(true) Ok(true)
} }
fn get_selectable_group_list(&self, props: &Props, group_list: &[Group]) -> Vec<Group> { fn get_selectable_group_list(&self, group_list: &[Group]) -> Vec<Group> {
let user_groups = props.groups.iter().collect::<HashSet<_>>(); let user_groups = self.common.groups.iter().collect::<HashSet<_>>();
group_list group_list
.iter() .iter()
.filter(|g| !user_groups.contains(g)) .filter(|g| !user_groups.contains(g))
@ -143,39 +139,41 @@ impl AddUserToGroupComponent {
impl Component for AddUserToGroupComponent { impl Component for AddUserToGroupComponent {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut res = Self { let mut res = Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
group_list: None, group_list: None,
selected_group: None, selected_group: None,
}; };
res.get_group_list(ctx); res.get_group_list();
res res
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update_and_report_error( CommonComponentParts::<Self>::update_and_report_error(
self, self,
ctx,
msg, msg,
ctx.props().on_error.clone(), self.common.on_error.clone(),
) )
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
if let Some(group_list) = &self.group_list { if let Some(group_list) = &self.group_list {
let to_add_group_list = self.get_selectable_group_list(ctx.props(), group_list); let to_add_group_list = self.get_selectable_group_list(group_list);
#[allow(unused_braces)] #[allow(unused_braces)]
let make_select_option = |group: Group| { let make_select_option = |group: Group| {
html_nested! { html_nested! {
<SelectOption value={group.id.to_string()} text={group.display_name} key={group.id} /> <SelectOption value=group.id.to_string() text=group.display_name key=group.id />
} }
}; };
html! { html! {
<div class="row"> <div class="row">
<div class="col-sm-3"> <div class="col-sm-3">
<Select on_selection_change={link.callback(Msg::SelectionChanged)}> <Select on_selection_change=self.common.callback(Msg::SelectionChanged)>
{ {
to_add_group_list to_add_group_list
.into_iter() .into_iter()
@ -184,13 +182,12 @@ impl Component for AddUserToGroupComponent {
} }
</Select> </Select>
</div> </div>
<div class="col-sm-3"> <div class="col-sm-1">
<button <button
class="btn btn-secondary" class="btn btn-success"
disabled={self.selected_group.is_none() || self.common.is_task_running()} disabled=self.selected_group.is_none() || self.common.is_task_running()
onclick={link.callback(|_| Msg::SubmitAddGroup)}> onclick=self.common.callback(|_| Msg::SubmitAddGroup)>
<i class="bi-person-plus me-2"></i> {"Add"}
{"Add to group"}
</button> </button>
</div> </div>
</div> </div>

370
app/src/components/app.rs
View File

@ -9,208 +9,161 @@ use crate::{
logout::LogoutButton, logout::LogoutButton,
reset_password_step1::ResetPasswordStep1Form, reset_password_step1::ResetPasswordStep1Form,
reset_password_step2::ResetPasswordStep2Form, reset_password_step2::ResetPasswordStep2Form,
router::{AppRoute, Link, Redirect}, router::{AppRoute, Link, NavButton},
user_details::UserDetails, user_details::UserDetails,
user_table::UserTable, user_table::UserTable,
}, },
infra::{api::HostService, cookies::get_cookie}, infra::cookies::get_cookie,
};
use gloo_console::error;
use wasm_bindgen::prelude::*;
use yew::{
function_component,
html::Scope,
prelude::{html, Component, Html},
Context,
}; };
use yew::prelude::*;
use yew::services::ConsoleService;
use yew_router::{ use yew_router::{
prelude::{History, Location}, agent::{RouteAgentDispatcher, RouteRequest},
scope_ext::RouterScopeExt, route::Route,
BrowserRouter, Switch, router::Router,
service::RouteService,
}; };
#[wasm_bindgen]
extern "C" {
#[wasm_bindgen(js_namespace = darkmode)]
fn toggleDarkMode(doSave: bool);
#[wasm_bindgen]
fn inDarkMode() -> bool;
}
#[function_component(DarkModeToggle)]
pub fn dark_mode_toggle() -> Html {
html! {
<div class="form-check form-switch">
<input class="form-check-input" onclick={|_| toggleDarkMode(true)} type="checkbox" id="darkModeToggle" checked={inDarkMode()}/>
<label class="form-check-label" for="darkModeToggle">{"Dark mode"}</label>
</div>
}
}
#[function_component(AppContainer)]
pub fn app_container() -> Html {
html! {
<BrowserRouter>
<App />
</BrowserRouter>
}
}
pub struct App { pub struct App {
link: ComponentLink<Self>,
user_info: Option<(String, bool)>, user_info: Option<(String, bool)>,
redirect_to: Option<AppRoute>, redirect_to: Option<AppRoute>,
password_reset_enabled: Option<bool>, route_dispatcher: RouteAgentDispatcher,
} }
pub enum Msg { pub enum Msg {
Login((String, bool)), Login((String, bool)),
Logout, Logout,
PasswordResetProbeFinished(anyhow::Result<bool>),
} }
impl Component for App { impl Component for App {
type Message = Msg; type Message = Msg;
type Properties = (); type Properties = ();
fn create(ctx: &Context<Self>) -> Self { fn create(_: Self::Properties, link: ComponentLink<Self>) -> Self {
let app = Self { let mut app = Self {
link,
user_info: get_cookie("user_id") user_info: get_cookie("user_id")
.unwrap_or_else(|e| { .unwrap_or_else(|e| {
error!(&e.to_string()); ConsoleService::error(&e.to_string());
None None
}) })
.and_then(|u| { .and_then(|u| {
get_cookie("is_admin") get_cookie("is_admin")
.map(|so| so.map(|s| (u, s == "true"))) .map(|so| so.map(|s| (u, s == "true")))
.unwrap_or_else(|e| { .unwrap_or_else(|e| {
error!(&e.to_string()); ConsoleService::error(&e.to_string());
None None
}) })
}), }),
redirect_to: Self::get_redirect_route(ctx), redirect_to: Self::get_redirect_route(),
password_reset_enabled: None, route_dispatcher: RouteAgentDispatcher::new(),
}; };
ctx.link().send_future(async move { app.apply_initial_redirections();
Msg::PasswordResetProbeFinished(HostService::probe_password_reset().await)
});
app.apply_initial_redirections(ctx);
app app
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
let history = ctx.link().history().unwrap();
match msg { match msg {
Msg::Login((user_name, is_admin)) => { Msg::Login((user_name, is_admin)) => {
self.user_info = Some((user_name.clone(), is_admin)); self.user_info = Some((user_name.clone(), is_admin));
history.push(self.redirect_to.take().unwrap_or_else(|| { self.route_dispatcher
if is_admin { .send(RouteRequest::ChangeRoute(Route::from(
AppRoute::ListUsers self.redirect_to.take().unwrap_or_else(|| {
} else { if is_admin {
AppRoute::UserDetails { AppRoute::ListUsers
user_id: user_name.clone(), } else {
} AppRoute::UserDetails(user_name.clone())
} }
})); }),
)));
} }
Msg::Logout => { Msg::Logout => {
self.user_info = None; self.user_info = None;
self.redirect_to = None; self.redirect_to = None;
history.push(AppRoute::Login);
}
Msg::PasswordResetProbeFinished(Ok(enabled)) => {
self.password_reset_enabled = Some(enabled);
}
Msg::PasswordResetProbeFinished(Err(err)) => {
self.password_reset_enabled = Some(false);
error!(&format!(
"Could not probe for password reset support: {err:#}"
));
} }
} }
if self.user_info.is_none() {
self.route_dispatcher
.send(RouteRequest::ReplaceRoute(Route::from(AppRoute::Login)));
}
true true
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, _: Self::Properties) -> ShouldRender {
let link = ctx.link().clone(); false
}
fn view(&self) -> Html {
let link = self.link.clone();
let is_admin = self.is_admin(); let is_admin = self.is_admin();
let password_reset_enabled = self.password_reset_enabled;
html! { html! {
<div> <div class="container shadow-sm py-3">
{self.view_banner(ctx)} {self.view_banner()}
<div class="container py-3 bg-kug">
<div class="row justify-content-center" style="padding-bottom: 80px;"> <div class="row justify-content-center" style="padding-bottom: 80px;">
<main class="py-3" style="max-width: 1000px"> <div class="shadow-sm py-3" style="max-width: 1000px">
<Switch<AppRoute> <Router<AppRoute>
render={Switch::render(move |routes| Self::dispatch_route(routes, &link, is_admin, password_reset_enabled))} render = Router::render(move |s| Self::dispatch_route(s, &link, is_admin))
/> />
</main> </div>
</div> </div>
{self.view_footer()} {self.view_footer()}
</div> </div>
</div>
} }
} }
} }
impl App { impl App {
// Get the page to land on after logging in, defaulting to the index. fn get_redirect_route() -> Option<AppRoute> {
fn get_redirect_route(ctx: &Context<Self>) -> Option<AppRoute> { let route_service = RouteService::<()>::new();
let route = ctx.link().history().unwrap().location().route::<AppRoute>(); let current_route = route_service.get_path();
route.filter(|route| { if current_route.is_empty()
!matches!( || current_route == "/"
route, || current_route.contains("login")
AppRoute::Index || current_route.contains("reset-password")
| AppRoute::Login {
| AppRoute::StartResetPassword None
| AppRoute::FinishResetPassword { token: _ } } else {
) use yew_router::Switch;
}) AppRoute::from_route_part::<()>(current_route, None).0
}
fn apply_initial_redirections(&self, ctx: &Context<Self>) {
let history = ctx.link().history().unwrap();
let route = history.location().route::<AppRoute>();
let redirection = match (route, &self.user_info, &self.redirect_to) {
(
Some(AppRoute::StartResetPassword | AppRoute::FinishResetPassword { token: _ }),
_,
_,
) => {
if self.password_reset_enabled == Some(false) {
Some(AppRoute::Login)
} else {
None
}
}
(None, _, _) | (_, None, _) => Some(AppRoute::Login),
// User is logged in, a URL was given, don't redirect.
(_, Some(_), Some(_)) => None,
(_, Some((user_name, is_admin)), None) => {
if *is_admin {
Some(AppRoute::ListUsers)
} else {
Some(AppRoute::UserDetails {
user_id: user_name.clone(),
})
}
}
};
if let Some(redirect_to) = redirection {
history.push(redirect_to);
} }
} }
fn dispatch_route( fn apply_initial_redirections(&mut self) {
switch: &AppRoute, let route_service = RouteService::<()>::new();
link: &Scope<Self>, let current_route = route_service.get_path();
is_admin: bool, if current_route.contains("reset-password") {
password_reset_enabled: Option<bool>, return;
) -> Html { }
match &self.user_info {
None => {
self.route_dispatcher
.send(RouteRequest::ReplaceRoute(Route::from(AppRoute::Login)));
}
Some((user_name, is_admin)) => match &self.redirect_to {
Some(url) => {
self.route_dispatcher
.send(RouteRequest::ReplaceRoute(Route::from(url.clone())));
}
None => {
if *is_admin {
self.route_dispatcher
.send(RouteRequest::ReplaceRoute(Route::from(AppRoute::ListUsers)));
} else {
self.route_dispatcher
.send(RouteRequest::ReplaceRoute(Route::from(
AppRoute::UserDetails(user_name.clone()),
)));
}
}
},
}
}
fn dispatch_route(switch: AppRoute, link: &ComponentLink<Self>, is_admin: bool) -> Html {
match switch { match switch {
AppRoute::Login => html! { AppRoute::Login => html! {
<LoginForm on_logged_in={link.callback(Msg::Login)} password_reset_enabled={password_reset_enabled.unwrap_or(false)}/> <LoginForm on_logged_in=link.callback(Msg::Login)/>
}, },
AppRoute::CreateUser => html! { AppRoute::CreateUser => html! {
<CreateUserForm/> <CreateUserForm/>
@ -218,10 +171,7 @@ impl App {
AppRoute::Index | AppRoute::ListUsers => html! { AppRoute::Index | AppRoute::ListUsers => html! {
<div> <div>
<UserTable /> <UserTable />
<Link classes="btn btn-primary" to={AppRoute::CreateUser}> <NavButton classes="btn btn-primary" route=AppRoute::CreateUser>{"Create a user"}</NavButton>
<i class="bi-person-plus me-2"></i>
{"Create a user"}
</Link>
</div> </div>
}, },
AppRoute::CreateGroup => html! { AppRoute::CreateGroup => html! {
@ -230,46 +180,34 @@ impl App {
AppRoute::ListGroups => html! { AppRoute::ListGroups => html! {
<div> <div>
<GroupTable /> <GroupTable />
<Link classes="btn btn-primary" to={AppRoute::CreateGroup}> <NavButton classes="btn btn-primary" route=AppRoute::CreateGroup>{"Create a group"}</NavButton>
<i class="bi-plus-circle me-2"></i>
{"Create a group"}
</Link>
</div> </div>
}, },
AppRoute::GroupDetails { group_id } => html! { AppRoute::GroupDetails(group_id) => html! {
<GroupDetails group_id={*group_id} /> <GroupDetails group_id=group_id />
}, },
AppRoute::UserDetails { user_id } => html! { AppRoute::UserDetails(username) => html! {
<UserDetails username={user_id.clone()} is_admin={is_admin} /> <UserDetails username=username is_admin=is_admin />
}, },
AppRoute::ChangePassword { user_id } => html! { AppRoute::ChangePassword(username) => html! {
<ChangePasswordForm username={user_id.clone()} is_admin={is_admin} /> <ChangePasswordForm username=username is_admin=is_admin />
}, },
AppRoute::StartResetPassword => match password_reset_enabled { AppRoute::StartResetPassword => html! {
Some(true) => html! { <ResetPasswordStep1Form /> }, <ResetPasswordStep1Form />
Some(false) => {
html! { <Redirect to={AppRoute::Login}/> }
}
None => html! {},
}, },
AppRoute::FinishResetPassword { token } => match password_reset_enabled { AppRoute::FinishResetPassword(token) => html! {
Some(true) => html! { <ResetPasswordStep2Form token={token.clone()} /> }, <ResetPasswordStep2Form token=token />
Some(false) => {
html! { <Redirect to={AppRoute::Login}/> }
}
None => html! {},
}, },
} }
} }
fn view_banner(&self, ctx: &Context<Self>) -> Html { fn view_banner(&self) -> Html {
html! { html! {
<header class="p-2 mb-3 border-bottom"> <header class="p-3 mb-4 border-bottom shadow-sm">
<div class="container"> <div class="container">
<div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start"> <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
<a href="/" class="d-flex align-items-center mt-2 mb-lg-0 me-md-5 text-decoration-none"> <a href="/" class="d-flex align-items-center mb-2 mb-lg-0 me-md-5 text-dark text-decoration-none">
<h2>{"LLDAP"}</h2> <h1>{"LLDAP"}</h1>
</a> </a>
<ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0"> <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
@ -277,80 +215,66 @@ impl App {
<> <>
<li> <li>
<Link <Link
classes="nav-link px-2 h6" classes="nav-link px-2 link-dark h4"
to={AppRoute::ListUsers}> route=AppRoute::ListUsers>
<i class="bi-people me-2"></i>
{"Users"} {"Users"}
</Link> </Link>
</li> </li>
<li> <li>
<Link <Link
classes="nav-link px-2 h6" classes="nav-link px-2 link-dark h4"
to={AppRoute::ListGroups}> route=AppRoute::ListGroups>
<i class="bi-collection me-2"></i>
{"Groups"} {"Groups"}
</Link> </Link>
</li> </li>
</> </>
} } else { html!{} } } } } else { html!{} } }
</ul> </ul>
{ self.view_user_menu(ctx) }
<DarkModeToggle /> <div class="dropdown text-end">
<a href="#"
class="d-block link-dark text-decoration-none dropdown-toggle"
id="dropdownUser"
data-bs-toggle="dropdown"
aria-expanded="false">
<svg xmlns="http://www.w3.org/2000/svg"
width="32"
height="32"
fill="currentColor"
class="bi bi-person-circle"
viewBox="0 0 16 16">
<path d="M11 6a3 3 0 1 1-6 0 3 3 0 0 1 6 0z"/>
<path fill-rule="evenodd" d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8zm8-7a7 7 0 0 0-5.468 11.37C3.242 11.226 4.805 10 8 10s4.757 1.225 5.468 2.37A7 7 0 0 0 8 1z"/>
</svg>
</a>
{if let Some((user_id, _)) = &self.user_info { html! {
<ul
class="dropdown-menu text-small dropdown-menu-lg-end"
aria-labelledby="dropdownUser1"
style="">
<li>
<Link
classes="dropdown-item"
route=AppRoute::UserDetails(user_id.clone())>
{"Profile"}
</Link>
</li>
<li><hr class="dropdown-divider" /></li>
<li>
<LogoutButton on_logged_out=self.link.callback(|_| Msg::Logout) />
</li>
</ul>
} } else { html!{} } }
</div>
</div> </div>
</div> </div>
</header> </header>
} }
} }
fn view_user_menu(&self, ctx: &Context<Self>) -> Html {
if let Some((user_id, _)) = &self.user_info {
let link = ctx.link();
html! {
<div class="dropdown text-end">
<a href="#"
class="d-block nav-link text-decoration-none dropdown-toggle"
id="dropdownUser"
data-bs-toggle="dropdown"
aria-expanded="false">
<svg xmlns="http://www.w3.org/2000/svg"
width="32"
height="32"
fill="currentColor"
class="bi bi-person-circle"
viewBox="0 0 16 16">
<path d="M11 6a3 3 0 1 1-6 0 3 3 0 0 1 6 0z"/>
<path fill-rule="evenodd" d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8zm8-7a7 7 0 0 0-5.468 11.37C3.242 11.226 4.805 10 8 10s4.757 1.225 5.468 2.37A7 7 0 0 0 8 1z"/>
</svg>
<span class="ms-2">
{user_id}
</span>
</a>
<ul
class="dropdown-menu text-small dropdown-menu-lg-end"
aria-labelledby="dropdownUser1"
style="">
<li>
<Link
classes="dropdown-item"
to={AppRoute::UserDetails{ user_id: user_id.clone() }}>
{"View details"}
</Link>
</li>
<li><hr class="dropdown-divider" /></li>
<li>
<LogoutButton on_logged_out={link.callback(|_| Msg::Logout)} />
</li>
</ul>
</div>
}
} else {
html! {}
}
}
fn view_footer(&self) -> Html { fn view_footer(&self) -> Html {
html! { html! {
<footer class="text-center fixed-bottom text-muted bg-light py-2"> <footer class="text-center text-muted fixed-bottom bg-light">
<div> <div>
<span>{format!("LLDAP version {}", env!("CARGO_PKG_VERSION"))}</span> <span>{format!("LLDAP version {}", env!("CARGO_PKG_VERSION"))}</span>
</div> </div>

167
app/src/components/change_password.rs
View File

@ -1,27 +1,34 @@
use crate::{ use crate::{
components::router::{AppRoute, Link}, components::router::{AppRoute, NavButton},
infra::{ infra::{
api::HostService, api::HostService,
common_component::{CommonComponent, CommonComponentParts}, common_component::{CommonComponent, CommonComponentParts},
}, },
}; };
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Context, Result};
use gloo_console::error;
use lldap_auth::*; use lldap_auth::*;
use validator_derive::Validate; use validator_derive::Validate;
use yew::prelude::*; use yew::{prelude::*, services::ConsoleService};
use yew_form::Form; use yew_form::Form;
use yew_form_derive::Model; use yew_form_derive::Model;
use yew_router::{prelude::History, scope_ext::RouterScopeExt}; use yew_router::{
agent::{RouteAgentDispatcher, RouteRequest},
route::Route,
};
#[derive(PartialEq, Eq, Default)] #[derive(PartialEq, Eq)]
enum OpaqueData { enum OpaqueData {
#[default]
None, None,
Login(opaque::client::login::ClientLogin), Login(opaque::client::login::ClientLogin),
Registration(opaque::client::registration::ClientRegistration), Registration(opaque::client::registration::ClientRegistration),
} }
impl Default for OpaqueData {
fn default() -> Self {
OpaqueData::None
}
}
impl OpaqueData { impl OpaqueData {
fn take(&mut self) -> Self { fn take(&mut self) -> Self {
std::mem::take(self) std::mem::take(self)
@ -29,7 +36,7 @@ impl OpaqueData {
} }
/// The fields of the form, with the constraints. /// The fields of the form, with the constraints.
#[derive(Model, Validate, PartialEq, Eq, Clone, Default)] #[derive(Model, Validate, PartialEq, Clone, Default)]
pub struct FormModel { pub struct FormModel {
#[validate(custom( #[validate(custom(
function = "empty_or_long", function = "empty_or_long",
@ -54,9 +61,10 @@ pub struct ChangePasswordForm {
common: CommonComponentParts<Self>, common: CommonComponentParts<Self>,
form: Form<FormModel>, form: Form<FormModel>,
opaque_data: OpaqueData, opaque_data: OpaqueData,
route_dispatcher: RouteAgentDispatcher,
} }
#[derive(Clone, PartialEq, Eq, Properties)] #[derive(Clone, PartialEq, Properties)]
pub struct Props { pub struct Props {
pub username: String, pub username: String,
pub is_admin: bool, pub is_admin: bool,
@ -72,20 +80,15 @@ pub enum Msg {
} }
impl CommonComponent<ChangePasswordForm> for ChangePasswordForm { impl CommonComponent<ChangePasswordForm> for ChangePasswordForm {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
use anyhow::Context;
match msg { match msg {
Msg::FormUpdate => Ok(true), Msg::FormUpdate => Ok(true),
Msg::Submit => { Msg::Submit => {
if !self.form.validate() { if !self.form.validate() {
bail!("Check the form for errors"); bail!("Check the form for errors");
} }
if ctx.props().is_admin { if self.common.is_admin {
self.handle_msg(ctx, Msg::SubmitNewPassword) self.handle_msg(Msg::SubmitNewPassword)
} else { } else {
let old_password = self.form.model().old_password; let old_password = self.form.model().old_password;
if old_password.is_empty() { if old_password.is_empty() {
@ -97,14 +100,14 @@ impl CommonComponent<ChangePasswordForm> for ChangePasswordForm {
.context("Could not initialize login")?; .context("Could not initialize login")?;
self.opaque_data = OpaqueData::Login(login_start_request.state); self.opaque_data = OpaqueData::Login(login_start_request.state);
let req = login::ClientLoginStartRequest { let req = login::ClientLoginStartRequest {
username: ctx.props().username.clone(), username: self.common.username.clone(),
login_start_request: login_start_request.message, login_start_request: login_start_request.message,
}; };
self.common.call_backend( self.common.call_backend(
ctx, HostService::login_start,
HostService::login_start(req), req,
Msg::AuthenticationStartResponse, Msg::AuthenticationStartResponse,
); )?;
Ok(true) Ok(true)
} }
} }
@ -116,14 +119,17 @@ impl CommonComponent<ChangePasswordForm> for ChangePasswordForm {
|e| { |e| {
// Common error, we want to print a full error to the console but only a // Common error, we want to print a full error to the console but only a
// simple one to the user. // simple one to the user.
error!(&format!("Invalid username or password: {}", e)); ConsoleService::error(&format!(
"Invalid username or password: {}",
e
));
anyhow!("Invalid username or password") anyhow!("Invalid username or password")
}, },
)?; )?;
} }
_ => panic!("Unexpected data in opaque_data field"), _ => panic!("Unexpected data in opaque_data field"),
}; };
self.handle_msg(ctx, Msg::SubmitNewPassword) self.handle_msg(Msg::SubmitNewPassword)
} }
Msg::SubmitNewPassword => { Msg::SubmitNewPassword => {
let mut rng = rand::rngs::OsRng; let mut rng = rand::rngs::OsRng;
@ -132,15 +138,15 @@ impl CommonComponent<ChangePasswordForm> for ChangePasswordForm {
opaque::client::registration::start_registration(&new_password, &mut rng) opaque::client::registration::start_registration(&new_password, &mut rng)
.context("Could not initiate password change")?; .context("Could not initiate password change")?;
let req = registration::ClientRegistrationStartRequest { let req = registration::ClientRegistrationStartRequest {
username: ctx.props().username.clone(), username: self.common.username.clone(),
registration_start_request: registration_start_request.message, registration_start_request: registration_start_request.message,
}; };
self.opaque_data = OpaqueData::Registration(registration_start_request.state); self.opaque_data = OpaqueData::Registration(registration_start_request.state);
self.common.call_backend( self.common.call_backend(
ctx, HostService::register_start,
HostService::register_start(req), req,
Msg::RegistrationStartResponse, Msg::RegistrationStartResponse,
); )?;
Ok(true) Ok(true)
} }
Msg::RegistrationStartResponse(res) => { Msg::RegistrationStartResponse(res) => {
@ -160,20 +166,22 @@ impl CommonComponent<ChangePasswordForm> for ChangePasswordForm {
registration_upload: registration_finish.message, registration_upload: registration_finish.message,
}; };
self.common.call_backend( self.common.call_backend(
ctx, HostService::register_finish,
HostService::register_finish(req), req,
Msg::RegistrationFinishResponse, Msg::RegistrationFinishResponse,
); )
} }
_ => panic!("Unexpected data in opaque_data field"), _ => panic!("Unexpected data in opaque_data field"),
}; }?;
Ok(false) Ok(false)
} }
Msg::RegistrationFinishResponse(response) => { Msg::RegistrationFinishResponse(response) => {
self.common.cancel_task();
if response.is_ok() { if response.is_ok() {
ctx.link().history().unwrap().push(AppRoute::UserDetails { self.route_dispatcher
user_id: ctx.props().username.clone(), .send(RouteRequest::ChangeRoute(Route::from(
}); AppRoute::UserDetails(self.common.username.clone()),
)));
} }
response?; response?;
Ok(true) Ok(true)
@ -190,38 +198,28 @@ impl Component for ChangePasswordForm {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
ChangePasswordForm { ChangePasswordForm {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
form: yew_form::Form::<FormModel>::new(FormModel::default()), form: yew_form::Form::<FormModel>::new(FormModel::default()),
opaque_data: OpaqueData::None, opaque_data: OpaqueData::None,
route_dispatcher: RouteAgentDispatcher::new(),
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let is_admin = ctx.props().is_admin; self.common.change(props)
let link = ctx.link(); }
fn view(&self) -> Html {
let is_admin = self.common.is_admin;
type Field = yew_form::Field<FormModel>; type Field = yew_form::Field<FormModel>;
html! { html! {
<> <>
<div class="mb-2 mt-2">
<h5 class="fw-bold">
{"Change password"}
</h5>
</div>
{
if let Some(e) = &self.common.error {
html! {
<div class="alert alert-danger mt-3 mb-3">
{e.to_string() }
</div>
}
} else { html! {} }
}
<form <form
class="form"> class="form">
{if !is_admin { html! { {if !is_admin { html! {
@ -232,81 +230,82 @@ impl Component for ChangePasswordForm {
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<Field <Field
form={&self.form} form=&self.form
field_name="old_password" field_name="old_password"
input_type="password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="current-password" autocomplete="current-password"
oninput={link.callback(|_| Msg::FormUpdate)} /> oninput=self.common.callback(|_| Msg::FormUpdate) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("old_password")} {&self.form.field_message("old_password")}
</div> </div>
</div> </div>
</div> </div>
}} else { html! {} }} }} else { html! {} }}
<div class="form-group row mb-3"> <div class="form-group row">
<label for="new_password" <label for="new_password"
class="form-label col-sm-2 col-form-label"> class="form-label col-sm-2 col-form-label">
{"New Password"} {"New password*:"}
<span class="text-danger">{"*"}</span>
{":"}
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<Field <Field
form={&self.form} form=&self.form
field_name="password" field_name="password"
input_type="password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="new-password" autocomplete="new-password"
oninput={link.callback(|_| Msg::FormUpdate)} /> oninput=self.common.callback(|_| Msg::FormUpdate) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("password")} {&self.form.field_message("password")}
</div> </div>
</div> </div>
</div> </div>
<div class="form-group row mb-3"> <div class="form-group row">
<label for="confirm_password" <label for="confirm_password"
class="form-label col-sm-2 col-form-label"> class="form-label col-sm-2 col-form-label">
{"Confirm Password"} {"Confirm password*:"}
<span class="text-danger">{"*"}</span>
{":"}
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<Field <Field
form={&self.form} form=&self.form
field_name="confirm_password" field_name="confirm_password"
input_type="password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="new-password" autocomplete="new-password"
oninput={link.callback(|_| Msg::FormUpdate)} /> oninput=self.common.callback(|_| Msg::FormUpdate) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("confirm_password")} {&self.form.field_message("confirm_password")}
</div> </div>
</div> </div>
</div> </div>
<div class="form-group row justify-content-center"> <div class="form-group row">
<button <button
class="btn btn-primary col-auto col-form-label" class="btn btn-primary col-sm-1 col-form-label"
type="submit" type="submit"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})>
<i class="bi-save me-2"></i> {"Submit"}
{"Save changes"}
</button> </button>
<Link
classes="btn btn-secondary ms-2 col-auto col-form-label"
to={AppRoute::UserDetails{user_id: ctx.props().username.clone()}}>
<i class="bi-arrow-return-left me-2"></i>
{"Back"}
</Link>
</div> </div>
</form> </form>
{ if let Some(e) = &self.common.error {
html! {
<div class="alert alert-danger">
{e.to_string() }
</div>
}
} else { html! {} }
}
<div>
<NavButton
classes="btn btn-primary"
route=AppRoute::UserDetails(self.common.username.clone())>
{"Back"}
</NavButton>
</div>
</> </>
} }
} }

53
app/src/components/create_group.rs
View File

@ -3,12 +3,15 @@ use crate::{
infra::common_component::{CommonComponent, CommonComponentParts}, infra::common_component::{CommonComponent, CommonComponentParts},
}; };
use anyhow::{bail, Result}; use anyhow::{bail, Result};
use gloo_console::log;
use graphql_client::GraphQLQuery; use graphql_client::GraphQLQuery;
use validator_derive::Validate; use validator_derive::Validate;
use yew::prelude::*; use yew::prelude::*;
use yew::services::ConsoleService;
use yew_form_derive::Model; use yew_form_derive::Model;
use yew_router::{prelude::History, scope_ext::RouterScopeExt}; use yew_router::{
agent::{RouteAgentDispatcher, RouteRequest},
route::Route,
};
#[derive(GraphQLQuery)] #[derive(GraphQLQuery)]
#[graphql( #[graphql(
@ -21,10 +24,11 @@ pub struct CreateGroup;
pub struct CreateGroupForm { pub struct CreateGroupForm {
common: CommonComponentParts<Self>, common: CommonComponentParts<Self>,
route_dispatcher: RouteAgentDispatcher,
form: yew_form::Form<CreateGroupModel>, form: yew_form::Form<CreateGroupModel>,
} }
#[derive(Model, Validate, PartialEq, Eq, Clone, Default)] #[derive(Model, Validate, PartialEq, Clone, Default)]
pub struct CreateGroupModel { pub struct CreateGroupModel {
#[validate(length(min = 1, message = "Groupname is required"))] #[validate(length(min = 1, message = "Groupname is required"))]
groupname: String, groupname: String,
@ -37,11 +41,7 @@ pub enum Msg {
} }
impl CommonComponent<CreateGroupForm> for CreateGroupForm { impl CommonComponent<CreateGroupForm> for CreateGroupForm {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::Update => Ok(true), Msg::Update => Ok(true),
Msg::SubmitForm => { Msg::SubmitForm => {
@ -53,7 +53,6 @@ impl CommonComponent<CreateGroupForm> for CreateGroupForm {
name: model.groupname, name: model.groupname,
}; };
self.common.call_graphql::<CreateGroup, _>( self.common.call_graphql::<CreateGroup, _>(
ctx,
req, req,
Msg::CreateGroupResponse, Msg::CreateGroupResponse,
"Error trying to create group", "Error trying to create group",
@ -61,11 +60,12 @@ impl CommonComponent<CreateGroupForm> for CreateGroupForm {
Ok(true) Ok(true)
} }
Msg::CreateGroupResponse(response) => { Msg::CreateGroupResponse(response) => {
log!(&format!( ConsoleService::log(&format!(
"Created group '{}'", "Created group '{}'",
&response?.create_group.display_name &response?.create_group.display_name
)); ));
ctx.link().history().unwrap().push(AppRoute::ListGroups); self.route_dispatcher
.send(RouteRequest::ChangeRoute(Route::from(AppRoute::ListGroups)));
Ok(true) Ok(true)
} }
} }
@ -80,42 +80,44 @@ impl Component for CreateGroupForm {
type Message = Msg; type Message = Msg;
type Properties = (); type Properties = ();
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
Self { Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
route_dispatcher: RouteAgentDispatcher::new(),
form: yew_form::Form::<CreateGroupModel>::new(CreateGroupModel::default()), form: yew_form::Form::<CreateGroupModel>::new(CreateGroupModel::default()),
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
type Field = yew_form::Field<CreateGroupModel>; type Field = yew_form::Field<CreateGroupModel>;
html! { html! {
<div class="row justify-content-center"> <div class="row justify-content-center">
<form class="form py-3" style="max-width: 636px"> <form class="form shadow-sm py-3" style="max-width: 636px">
<div class="row mb-3"> <div class="row mb-3">
<h5 class="fw-bold">{"Create a group"}</h5> <h5 class="fw-bold">{"Create a group"}</h5>
</div> </div>
<div class="form-group row mb-3"> <div class="form-group row mb-3">
<label for="groupname" <label for="groupname"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"Group name"} {"Group name*:"}
<span class="text-danger">{"*"}</span>
{":"}
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
field_name="groupname" field_name="groupname"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="groupname" autocomplete="groupname"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("groupname")} {&self.form.field_message("groupname")}
</div> </div>
@ -125,9 +127,8 @@ impl Component for CreateGroupForm {
<button <button
class="btn btn-primary col-auto col-form-label" class="btn btn-primary col-auto col-form-label"
type="submit" type="submit"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})>
<i class="bi-save me-2"></i>
{"Submit"} {"Submit"}
</button> </button>
</div> </div>

111
app/src/components/create_user.rs
View File

@ -5,14 +5,17 @@ use crate::{
common_component::{CommonComponent, CommonComponentParts}, common_component::{CommonComponent, CommonComponentParts},
}, },
}; };
use anyhow::{bail, Result}; use anyhow::{bail, Context, Result};
use gloo_console::log;
use graphql_client::GraphQLQuery; use graphql_client::GraphQLQuery;
use lldap_auth::{opaque, registration}; use lldap_auth::{opaque, registration};
use validator_derive::Validate; use validator_derive::Validate;
use yew::prelude::*; use yew::prelude::*;
use yew::services::ConsoleService;
use yew_form_derive::Model; use yew_form_derive::Model;
use yew_router::{prelude::History, scope_ext::RouterScopeExt}; use yew_router::{
agent::{RouteAgentDispatcher, RouteRequest},
route::Route,
};
#[derive(GraphQLQuery)] #[derive(GraphQLQuery)]
#[graphql( #[graphql(
@ -25,15 +28,17 @@ pub struct CreateUser;
pub struct CreateUserForm { pub struct CreateUserForm {
common: CommonComponentParts<Self>, common: CommonComponentParts<Self>,
route_dispatcher: RouteAgentDispatcher,
form: yew_form::Form<CreateUserModel>, form: yew_form::Form<CreateUserModel>,
} }
#[derive(Model, Validate, PartialEq, Eq, Clone, Default)] #[derive(Model, Validate, PartialEq, Clone, Default)]
pub struct CreateUserModel { pub struct CreateUserModel {
#[validate(length(min = 1, message = "Username is required"))] #[validate(length(min = 1, message = "Username is required"))]
username: String, username: String,
#[validate(email(message = "A valid email is required"))] #[validate(email(message = "A valid email is required"))]
email: String, email: String,
#[validate(length(min = 1, message = "Display name is required"))]
display_name: String, display_name: String,
first_name: String, first_name: String,
last_name: String, last_name: String,
@ -69,11 +74,7 @@ pub enum Msg {
} }
impl CommonComponent<CreateUserForm> for CreateUserForm { impl CommonComponent<CreateUserForm> for CreateUserForm {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::Update => Ok(true), Msg::Update => Ok(true),
Msg::SubmitForm => { Msg::SubmitForm => {
@ -89,11 +90,9 @@ impl CommonComponent<CreateUserForm> for CreateUserForm {
displayName: to_option(model.display_name), displayName: to_option(model.display_name),
firstName: to_option(model.first_name), firstName: to_option(model.first_name),
lastName: to_option(model.last_name), lastName: to_option(model.last_name),
avatar: None,
}, },
}; };
self.common.call_graphql::<CreateUser, _>( self.common.call_graphql::<CreateUser, _>(
ctx,
req, req,
Msg::CreateUserResponse, Msg::CreateUserResponse,
"Error trying to create user", "Error trying to create user",
@ -103,7 +102,7 @@ impl CommonComponent<CreateUserForm> for CreateUserForm {
Msg::CreateUserResponse(r) => { Msg::CreateUserResponse(r) => {
match r { match r {
Err(e) => return Err(e), Err(e) => return Err(e),
Ok(r) => log!(&format!( Ok(r) => ConsoleService::log(&format!(
"Created user '{}' at '{}'", "Created user '{}' at '{}'",
&r.create_user.id, &r.create_user.creation_date &r.create_user.id, &r.create_user.creation_date
)), )),
@ -123,11 +122,12 @@ impl CommonComponent<CreateUserForm> for CreateUserForm {
registration_start_request: message, registration_start_request: message,
}; };
self.common self.common
.call_backend(ctx, HostService::register_start(req), move |r| { .call_backend(HostService::register_start, req, move |r| {
Msg::RegistrationStartResponse((state, r)) Msg::RegistrationStartResponse((state, r))
}); })
.context("Error trying to create user")?;
} else { } else {
self.update(ctx, Msg::SuccessfulCreation); self.update(Msg::SuccessfulCreation);
} }
Ok(false) Ok(false)
} }
@ -143,19 +143,22 @@ impl CommonComponent<CreateUserForm> for CreateUserForm {
server_data: response.server_data, server_data: response.server_data,
registration_upload: registration_upload.message, registration_upload: registration_upload.message,
}; };
self.common.call_backend( self.common
ctx, .call_backend(
HostService::register_finish(req), HostService::register_finish,
Msg::RegistrationFinishResponse, req,
); Msg::RegistrationFinishResponse,
)
.context("Error trying to register user")?;
Ok(false) Ok(false)
} }
Msg::RegistrationFinishResponse(response) => { Msg::RegistrationFinishResponse(response) => {
response?; response?;
self.handle_msg(ctx, Msg::SuccessfulCreation) self.handle_msg(Msg::SuccessfulCreation)
} }
Msg::SuccessfulCreation => { Msg::SuccessfulCreation => {
ctx.link().history().unwrap().push(AppRoute::ListUsers); self.route_dispatcher
.send(RouteRequest::ChangeRoute(Route::from(AppRoute::ListUsers)));
Ok(true) Ok(true)
} }
} }
@ -170,42 +173,44 @@ impl Component for CreateUserForm {
type Message = Msg; type Message = Msg;
type Properties = (); type Properties = ();
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
Self { Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
route_dispatcher: RouteAgentDispatcher::new(),
form: yew_form::Form::<CreateUserModel>::new(CreateUserModel::default()), form: yew_form::Form::<CreateUserModel>::new(CreateUserModel::default()),
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = &ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
type Field = yew_form::Field<CreateUserModel>; type Field = yew_form::Field<CreateUserModel>;
html! { html! {
<div class="row justify-content-center"> <div class="row justify-content-center">
<form class="form py-3" style="max-width: 636px"> <form class="form shadow-sm py-3" style="max-width: 636px">
<div class="row mb-3"> <div class="row mb-3">
<h5 class="fw-bold">{"Create a user"}</h5> <h5 class="fw-bold">{"Create a user"}</h5>
</div> </div>
<div class="form-group row mb-3"> <div class="form-group row mb-3">
<label for="username" <label for="username"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"User name"} {"User name*:"}
<span class="text-danger">{"*"}</span>
{":"}
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
field_name="username" field_name="username"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="username" autocomplete="username"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("username")} {&self.form.field_message("username")}
</div> </div>
@ -214,20 +219,18 @@ impl Component for CreateUserForm {
<div class="form-group row mb-3"> <div class="form-group row mb-3">
<label for="email" <label for="email"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"Email"} {"Email*:"}
<span class="text-danger">{"*"}</span>
{":"}
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
input_type="email" input_type="email"
field_name="email" field_name="email"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="email" autocomplete="email"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("email")} {&self.form.field_message("email")}
</div> </div>
@ -236,17 +239,17 @@ impl Component for CreateUserForm {
<div class="form-group row mb-3"> <div class="form-group row mb-3">
<label for="display-name" <label for="display-name"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"Display name:"} {"Display name*:"}
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
autocomplete="name" autocomplete="name"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
field_name="display_name" field_name="display_name"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("display_name")} {&self.form.field_message("display_name")}
</div> </div>
@ -259,13 +262,13 @@ impl Component for CreateUserForm {
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
autocomplete="given-name" autocomplete="given-name"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
field_name="first_name" field_name="first_name"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("first_name")} {&self.form.field_message("first_name")}
</div> </div>
@ -278,13 +281,13 @@ impl Component for CreateUserForm {
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
autocomplete="family-name" autocomplete="family-name"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
field_name="last_name" field_name="last_name"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("last_name")} {&self.form.field_message("last_name")}
</div> </div>
@ -297,14 +300,14 @@ impl Component for CreateUserForm {
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
input_type="password" input_type="password"
field_name="password" field_name="password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="new-password" autocomplete="new-password"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("password")} {&self.form.field_message("password")}
</div> </div>
@ -317,14 +320,14 @@ impl Component for CreateUserForm {
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
form={&self.form} form=&self.form
input_type="password" input_type="password"
field_name="confirm_password" field_name="confirm_password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="new-password" autocomplete="new-password"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("confirm_password")} {&self.form.field_message("confirm_password")}
</div> </div>
@ -333,16 +336,14 @@ impl Component for CreateUserForm {
<div class="form-group row justify-content-center"> <div class="form-group row justify-content-center">
<button <button
class="btn btn-primary col-auto col-form-label mt-4" class="btn btn-primary col-auto col-form-label mt-4"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
type="submit" type="submit"
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})>
<i class="bi-save me-2"></i>
{"Submit"} {"Submit"}
</button> </button>
</div> </div>
</form> </form>
{ { if let Some(e) = &self.common.error {
if let Some(e) = &self.common.error {
html! { html! {
<div class="alert alert-danger"> <div class="alert alert-danger">
{e.to_string() } {e.to_string() }

62
app/src/components/delete_group.rs
View File

@ -39,21 +39,16 @@ pub enum Msg {
} }
impl CommonComponent<DeleteGroup> for DeleteGroup { impl CommonComponent<DeleteGroup> for DeleteGroup {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::ClickedDeleteGroup => { Msg::ClickedDeleteGroup => {
self.modal.as_ref().expect("modal not initialized").show(); self.modal.as_ref().expect("modal not initialized").show();
} }
Msg::ConfirmDeleteGroup => { Msg::ConfirmDeleteGroup => {
self.update(ctx, Msg::DismissModal); self.update(Msg::DismissModal);
self.common.call_graphql::<DeleteGroupQuery, _>( self.common.call_graphql::<DeleteGroupQuery, _>(
ctx,
delete_group_query::Variables { delete_group_query::Variables {
group_id: ctx.props().group.id, group_id: self.common.group.id,
}, },
Msg::DeleteGroupResponse, Msg::DeleteGroupResponse,
"Error trying to delete group", "Error trying to delete group",
@ -63,8 +58,12 @@ impl CommonComponent<DeleteGroup> for DeleteGroup {
self.modal.as_ref().expect("modal not initialized").hide(); self.modal.as_ref().expect("modal not initialized").hide();
} }
Msg::DeleteGroupResponse(response) => { Msg::DeleteGroupResponse(response) => {
self.common.cancel_task();
response?; response?;
ctx.props().on_group_deleted.emit(ctx.props().group.id); self.common
.props
.on_group_deleted
.emit(self.common.group.id);
} }
} }
Ok(true) Ok(true)
@ -79,15 +78,15 @@ impl Component for DeleteGroup {
type Message = Msg; type Message = Msg;
type Properties = DeleteGroupProps; type Properties = DeleteGroupProps;
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
Self { Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
node_ref: NodeRef::default(), node_ref: NodeRef::default(),
modal: None, modal: None,
} }
} }
fn rendered(&mut self, _: &Context<Self>, first_render: bool) { fn rendered(&mut self, first_render: bool) {
if first_render { if first_render {
self.modal = Some(Modal::new( self.modal = Some(Modal::new(
self.node_ref self.node_ref
@ -97,42 +96,43 @@ impl Component for DeleteGroup {
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update_and_report_error( CommonComponentParts::<Self>::update_and_report_error(
self, self,
ctx,
msg, msg,
ctx.props().on_error.clone(), self.common.on_error.clone(),
) )
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = &ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
html! { html! {
<> <>
<button <button
class="btn btn-danger" class="btn btn-danger"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|_| Msg::ClickedDeleteGroup)}> onclick=self.common.callback(|_| Msg::ClickedDeleteGroup)>
<i class="bi-x-circle-fill" aria-label="Delete group" /> <i class="bi-x-circle-fill" aria-label="Delete group" />
</button> </button>
{self.show_modal(ctx)} {self.show_modal()}
</> </>
} }
} }
} }
impl DeleteGroup { impl DeleteGroup {
fn show_modal(&self, ctx: &Context<Self>) -> Html { fn show_modal(&self) -> Html {
let link = &ctx.link();
html! { html! {
<div <div
class="modal fade" class="modal fade"
id={"deleteGroupModal".to_string() + &ctx.props().group.id.to_string()} id="deleteGroupModal".to_string() + &self.common.group.id.to_string()
tabindex="-1" tabindex="-1"
aria-labelledby="deleteGroupModalLabel" aria-labelledby="deleteGroupModalLabel"
aria-hidden="true" aria-hidden="true"
ref={self.node_ref.clone()}> ref=self.node_ref.clone()>
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
@ -141,29 +141,25 @@ impl DeleteGroup {
type="button" type="button"
class="btn-close" class="btn-close"
aria-label="Close" aria-label="Close"
onclick={link.callback(|_| Msg::DismissModal)} /> onclick=self.common.callback(|_| Msg::DismissModal) />
</div> </div>
<div class="modal-body"> <div class="modal-body">
<span> <span>
{"Are you sure you want to delete group "} {"Are you sure you want to delete group "}
<b>{&ctx.props().group.display_name}</b>{"?"} <b>{&self.common.group.display_name}</b>{"?"}
</span> </span>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button <button
type="button" type="button"
class="btn btn-secondary" class="btn btn-secondary"
onclick={link.callback(|_| Msg::DismissModal)}> onclick=self.common.callback(|_| Msg::DismissModal)>
<i class="bi-x-circle me-2"></i>
{"Cancel"} {"Cancel"}
</button> </button>
<button <button
type="button" type="button"
onclick={link.callback(|_| Msg::ConfirmDeleteGroup)} onclick=self.common.callback(|_| Msg::ConfirmDeleteGroup)
class="btn btn-danger"> class="btn btn-danger">{"Yes, I'm sure"}</button>
<i class="bi-check-circle me-2"></i>
{"Yes, I'm sure"}
</button>
</div> </div>
</div> </div>
</div> </div>

64
app/src/components/delete_user.rs
View File

@ -36,21 +36,16 @@ pub enum Msg {
} }
impl CommonComponent<DeleteUser> for DeleteUser { impl CommonComponent<DeleteUser> for DeleteUser {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::ClickedDeleteUser => { Msg::ClickedDeleteUser => {
self.modal.as_ref().expect("modal not initialized").show(); self.modal.as_ref().expect("modal not initialized").show();
} }
Msg::ConfirmDeleteUser => { Msg::ConfirmDeleteUser => {
self.update(ctx, Msg::DismissModal); self.update(Msg::DismissModal);
self.common.call_graphql::<DeleteUserQuery, _>( self.common.call_graphql::<DeleteUserQuery, _>(
ctx,
delete_user_query::Variables { delete_user_query::Variables {
user: ctx.props().username.clone(), user: self.common.username.clone(),
}, },
Msg::DeleteUserResponse, Msg::DeleteUserResponse,
"Error trying to delete user", "Error trying to delete user",
@ -60,10 +55,12 @@ impl CommonComponent<DeleteUser> for DeleteUser {
self.modal.as_ref().expect("modal not initialized").hide(); self.modal.as_ref().expect("modal not initialized").hide();
} }
Msg::DeleteUserResponse(response) => { Msg::DeleteUserResponse(response) => {
self.common.cancel_task();
response?; response?;
ctx.props() self.common
.props
.on_user_deleted .on_user_deleted
.emit(ctx.props().username.clone()); .emit(self.common.username.clone());
} }
} }
Ok(true) Ok(true)
@ -78,15 +75,15 @@ impl Component for DeleteUser {
type Message = Msg; type Message = Msg;
type Properties = DeleteUserProps; type Properties = DeleteUserProps;
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
Self { Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
node_ref: NodeRef::default(), node_ref: NodeRef::default(),
modal: None, modal: None,
} }
} }
fn rendered(&mut self, _: &Context<Self>, first_render: bool) { fn rendered(&mut self, first_render: bool) {
if first_render { if first_render {
self.modal = Some(Modal::new( self.modal = Some(Modal::new(
self.node_ref self.node_ref
@ -96,43 +93,44 @@ impl Component for DeleteUser {
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update_and_report_error( CommonComponentParts::<Self>::update_and_report_error(
self, self,
ctx,
msg, msg,
ctx.props().on_error.clone(), self.common.on_error.clone(),
) )
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = &ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
html! { html! {
<> <>
<button <button
class="btn btn-danger" class="btn btn-danger"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|_| Msg::ClickedDeleteUser)}> onclick=self.common.callback(|_| Msg::ClickedDeleteUser)>
<i class="bi-x-circle-fill" aria-label="Delete user" /> <i class="bi-x-circle-fill" aria-label="Delete user" />
</button> </button>
{self.show_modal(ctx)} {self.show_modal()}
</> </>
} }
} }
} }
impl DeleteUser { impl DeleteUser {
fn show_modal(&self, ctx: &Context<Self>) -> Html { fn show_modal(&self) -> Html {
let link = &ctx.link();
html! { html! {
<div <div
class="modal fade" class="modal fade"
id={"deleteUserModal".to_string() + &ctx.props().username} id="deleteUserModal".to_string() + &self.common.username
tabindex="-1" tabindex="-1"
//role="dialog" //role="dialog"
aria-labelledby="deleteUserModalLabel" aria-labelledby="deleteUserModalLabel"
aria-hidden="true" aria-hidden="true"
ref={self.node_ref.clone()}> ref=self.node_ref.clone()>
<div class="modal-dialog" /*role="document"*/> <div class="modal-dialog" /*role="document"*/>
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
@ -141,29 +139,25 @@ impl DeleteUser {
type="button" type="button"
class="btn-close" class="btn-close"
aria-label="Close" aria-label="Close"
onclick={link.callback(|_| Msg::DismissModal)} /> onclick=self.common.callback(|_| Msg::DismissModal) />
</div> </div>
<div class="modal-body"> <div class="modal-body">
<span> <span>
{"Are you sure you want to delete user "} {"Are you sure you want to delete user "}
<b>{&ctx.props().username}</b>{"?"} <b>{&self.common.username}</b>{"?"}
</span> </span>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button <button
type="button" type="button"
class="btn btn-secondary" class="btn btn-secondary"
onclick={link.callback(|_| Msg::DismissModal)}> onclick=self.common.callback(|_| Msg::DismissModal)>
<i class="bi-x-circle me-2"></i> {"Cancel"}
{"Cancel"}
</button> </button>
<button <button
type="button" type="button"
onclick={link.callback(|_| Msg::ConfirmDeleteUser)} onclick=self.common.callback(|_| Msg::ConfirmDeleteUser)
class="btn btn-danger"> class="btn btn-danger">{"Yes, I'm sure"}</button>
<i class="bi-check-circle me-2"></i>
{"Yes, I'm sure"}
</button>
</div> </div>
</div> </div>
</div> </div>

98
app/src/components/group_details.rs
View File

@ -40,17 +40,16 @@ pub enum Msg {
OnUserRemovedFromGroup((String, i64)), OnUserRemovedFromGroup((String, i64)),
} }
#[derive(yew::Properties, Clone, PartialEq, Eq)] #[derive(yew::Properties, Clone, PartialEq)]
pub struct Props { pub struct Props {
pub group_id: i64, pub group_id: i64,
} }
impl GroupDetails { impl GroupDetails {
fn get_group_details(&mut self, ctx: &Context<Self>) { fn get_group_details(&mut self) {
self.common.call_graphql::<GetGroupDetails, _>( self.common.call_graphql::<GetGroupDetails, _>(
ctx,
get_group_details::Variables { get_group_details::Variables {
id: ctx.props().group_id, id: self.common.group_id,
}, },
Msg::GroupDetailsResponse, Msg::GroupDetailsResponse,
"Error trying to fetch group details", "Error trying to fetch group details",
@ -69,73 +68,34 @@ impl GroupDetails {
} }
} }
fn view_details(&self, g: &Group) -> Html { fn view_user_list(&self, g: &Group) -> Html {
html! {
<>
<h3>{g.display_name.to_string()}</h3>
<div class="py-3">
<form class="form">
<div class="form-group row mb-3">
<label for="displayName"
class="form-label col-4 col-form-label">
{"Group: "}
</label>
<div class="col-8">
<span id="groupId" class="form-constrol-static">{g.display_name.to_string()}</span>
</div>
</div>
<div class="form-group row mb-3">
<label for="creationDate"
class="form-label col-4 col-form-label">
{"Creation date: "}
</label>
<div class="col-8">
<span id="creationDate" class="form-constrol-static">{g.creation_date.naive_local().date()}</span>
</div>
</div>
<div class="form-group row mb-3">
<label for="uuid"
class="form-label col-4 col-form-label">
{"UUID: "}
</label>
<div class="col-8">
<span id="uuid" class="form-constrol-static">{g.uuid.to_string()}</span>
</div>
</div>
</form>
</div>
</>
}
}
fn view_user_list(&self, ctx: &Context<Self>, g: &Group) -> Html {
let link = ctx.link();
let make_user_row = |user: &User| { let make_user_row = |user: &User| {
let user_id = user.id.clone(); let user_id = user.id.clone();
let display_name = user.display_name.clone(); let display_name = user.display_name.clone();
html! { html! {
<tr> <tr>
<td> <td>
<Link to={AppRoute::UserDetails{user_id: user_id.clone()}}> <Link route=AppRoute::UserDetails(user_id.clone())>
{user_id.clone()} {user_id.clone()}
</Link> </Link>
</td> </td>
<td>{display_name}</td> <td>{display_name}</td>
<td> <td>
<RemoveUserFromGroupComponent <RemoveUserFromGroupComponent
username={user_id} username=user_id
group_id={g.id} group_id=g.id
on_user_removed_from_group={link.callback(Msg::OnUserRemovedFromGroup)} on_user_removed_from_group=self.common.callback(Msg::OnUserRemovedFromGroup)
on_error={link.callback(Msg::OnError)}/> on_error=self.common.callback(Msg::OnError)/>
</td> </td>
</tr> </tr>
} }
}; };
html! { html! {
<> <>
<h3>{g.display_name.to_string()}</h3>
<h5 class="fw-bold">{"Members"}</h5> <h5 class="fw-bold">{"Members"}</h5>
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-hover"> <table class="table table-striped">
<thead> <thead>
<tr key="headerRow"> <tr key="headerRow">
<th>{"User Id"}</th> <th>{"User Id"}</th>
@ -147,7 +107,7 @@ impl GroupDetails {
{if g.users.is_empty() { {if g.users.is_empty() {
html! { html! {
<tr key="EmptyRow"> <tr key="EmptyRow">
<td>{"There are no users in this group."}</td> <td>{"No members"}</td>
<td/> <td/>
</tr> </tr>
} }
@ -161,8 +121,7 @@ impl GroupDetails {
} }
} }
fn view_add_user_button(&self, ctx: &Context<Self>, g: &Group) -> Html { fn view_add_user_button(&self, g: &Group) -> Html {
let link = ctx.link();
let users: Vec<_> = g let users: Vec<_> = g
.users .users
.iter() .iter()
@ -173,16 +132,16 @@ impl GroupDetails {
.collect(); .collect();
html! { html! {
<AddGroupMemberComponent <AddGroupMemberComponent
group_id={g.id} group_id=g.id
users={users} users=users
on_error={link.callback(Msg::OnError)} on_error=self.common.callback(Msg::OnError)
on_user_added_to_group={link.callback(Msg::OnUserAddedToGroup)}/> on_user_added_to_group=self.common.callback(Msg::OnUserAddedToGroup)/>
} }
} }
} }
impl CommonComponent<GroupDetails> for GroupDetails { impl CommonComponent<GroupDetails> for GroupDetails {
fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> { fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
match msg { match msg {
Msg::GroupDetailsResponse(response) => match response { Msg::GroupDetailsResponse(response) => match response {
Ok(group) => self.group = Some(group.group), Ok(group) => self.group = Some(group.group),
@ -218,29 +177,32 @@ impl Component for GroupDetails {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut table = Self { let mut table = Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
group: None, group: None,
}; };
table.get_group_details(ctx); table.get_group_details();
table table
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.common.change(props)
}
fn view(&self) -> Html {
match (&self.group, &self.common.error) { match (&self.group, &self.common.error) {
(None, None) => html! {{"Loading..."}}, (None, None) => html! {{"Loading..."}},
(None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>}, (None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>},
(Some(u), error) => { (Some(u), error) => {
html! { html! {
<div> <div>
{self.view_details(u)} {self.view_user_list(u)}
{self.view_user_list(ctx, u)} {self.view_add_user_button(u)}
{self.view_add_user_button(ctx, u)}
{self.view_messages(error)} {self.view_messages(error)}
</div> </div>
} }

46
app/src/components/group_table.rs
View File

@ -13,7 +13,7 @@ use yew::prelude::*;
#[graphql( #[graphql(
schema_path = "../schema.graphql", schema_path = "../schema.graphql",
query_path = "queries/get_group_list.graphql", query_path = "queries/get_group_list.graphql",
response_derives = "Debug,Clone,PartialEq,Eq", response_derives = "Debug,Clone,PartialEq",
custom_scalars_module = "crate::infra::graphql" custom_scalars_module = "crate::infra::graphql"
)] )]
pub struct GetGroupList; pub struct GetGroupList;
@ -34,7 +34,7 @@ pub enum Msg {
} }
impl CommonComponent<GroupTable> for GroupTable { impl CommonComponent<GroupTable> for GroupTable {
fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> { fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
match msg { match msg {
Msg::ListGroupsResponse(groups) => { Msg::ListGroupsResponse(groups) => {
self.groups = Some(groups?.groups.into_iter().collect()); self.groups = Some(groups?.groups.into_iter().collect());
@ -58,13 +58,12 @@ impl Component for GroupTable {
type Message = Msg; type Message = Msg;
type Properties = (); type Properties = ();
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut table = GroupTable { let mut table = GroupTable {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
groups: None, groups: None,
}; };
table.common.call_graphql::<GetGroupList, _>( table.common.call_graphql::<GetGroupList, _>(
ctx,
get_group_list::Variables {}, get_group_list::Variables {},
Msg::ListGroupsResponse, Msg::ListGroupsResponse,
"Error trying to fetch groups", "Error trying to fetch groups",
@ -72,14 +71,18 @@ impl Component for GroupTable {
table table
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.common.change(props)
}
fn view(&self) -> Html {
html! { html! {
<div> <div>
{self.view_groups(ctx)} {self.view_groups()}
{self.view_errors()} {self.view_errors()}
</div> </div>
} }
@ -87,20 +90,19 @@ impl Component for GroupTable {
} }
impl GroupTable { impl GroupTable {
fn view_groups(&self, ctx: &Context<Self>) -> Html { fn view_groups(&self) -> Html {
let make_table = |groups: &Vec<Group>| { let make_table = |groups: &Vec<Group>| {
html! { html! {
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-hover"> <table class="table table-striped">
<thead> <thead>
<tr> <tr>
<th>{"Group name"}</th> <th>{"Groups"}</th>
<th>{"Creation date"}</th>
<th>{"Delete"}</th> <th>{"Delete"}</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{groups.iter().map(|u| self.view_group(ctx, u)).collect::<Vec<_>>()} {groups.iter().map(|u| self.view_group(u)).collect::<Vec<_>>()}
</tbody> </tbody>
</table> </table>
</div> </div>
@ -112,23 +114,19 @@ impl GroupTable {
} }
} }
fn view_group(&self, ctx: &Context<Self>, group: &Group) -> Html { fn view_group(&self, group: &Group) -> Html {
let link = ctx.link();
html! { html! {
<tr key={group.id}> <tr key=group.id>
<td> <td>
<Link to={AppRoute::GroupDetails{group_id: group.id}}> <Link route=AppRoute::GroupDetails(group.id)>
{&group.display_name} {&group.display_name}
</Link> </Link>
</td> </td>
<td>
{&group.creation_date.naive_local().date()}
</td>
<td> <td>
<DeleteGroup <DeleteGroup
group={group.clone()} group=group.clone()
on_group_deleted={link.callback(Msg::OnGroupDeleted)} on_group_deleted=self.common.callback(Msg::OnGroupDeleted)
on_error={link.callback(Msg::OnError)}/> on_error=self.common.callback(Msg::OnError)/>
</td> </td>
</tr> </tr>
} }

93
app/src/components/login.rs
View File

@ -1,15 +1,14 @@
use crate::{ use crate::{
components::router::{AppRoute, Link}, components::router::{AppRoute, NavButton},
infra::{ infra::{
api::HostService, api::HostService,
common_component::{CommonComponent, CommonComponentParts}, common_component::{CommonComponent, CommonComponentParts},
}, },
}; };
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Context, Result};
use gloo_console::error;
use lldap_auth::*; use lldap_auth::*;
use validator_derive::Validate; use validator_derive::Validate;
use yew::prelude::*; use yew::{prelude::*, services::ConsoleService};
use yew_form::Form; use yew_form::Form;
use yew_form_derive::Model; use yew_form_derive::Model;
@ -20,7 +19,7 @@ pub struct LoginForm {
} }
/// The fields of the form, with the constraints. /// The fields of the form, with the constraints.
#[derive(Model, Validate, PartialEq, Eq, Clone, Default)] #[derive(Model, Validate, PartialEq, Clone, Default)]
pub struct FormModel { pub struct FormModel {
#[validate(length(min = 1, message = "Missing username"))] #[validate(length(min = 1, message = "Missing username"))]
username: String, username: String,
@ -31,7 +30,6 @@ pub struct FormModel {
#[derive(Clone, PartialEq, Properties)] #[derive(Clone, PartialEq, Properties)]
pub struct Props { pub struct Props {
pub on_logged_in: Callback<(String, bool)>, pub on_logged_in: Callback<(String, bool)>,
pub password_reset_enabled: bool,
} }
pub enum Msg { pub enum Msg {
@ -48,12 +46,7 @@ pub enum Msg {
} }
impl CommonComponent<LoginForm> for LoginForm { impl CommonComponent<LoginForm> for LoginForm {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
use anyhow::Context;
match msg { match msg {
Msg::Update => Ok(true), Msg::Update => Ok(true),
Msg::Submit => { Msg::Submit => {
@ -70,9 +63,9 @@ impl CommonComponent<LoginForm> for LoginForm {
login_start_request: message, login_start_request: message,
}; };
self.common self.common
.call_backend(ctx, HostService::login_start(req), move |r| { .call_backend(HostService::login_start, req, move |r| {
Msg::AuthenticationStartResponse((state, r)) Msg::AuthenticationStartResponse((state, r))
}); })?;
Ok(true) Ok(true)
} }
Msg::AuthenticationStartResponse((login_start, res)) => { Msg::AuthenticationStartResponse((login_start, res)) => {
@ -83,8 +76,9 @@ impl CommonComponent<LoginForm> for LoginForm {
Err(e) => { Err(e) => {
// Common error, we want to print a full error to the console but only a // Common error, we want to print a full error to the console but only a
// simple one to the user. // simple one to the user.
error!(&format!("Invalid username or password: {}", e)); ConsoleService::error(&format!("Invalid username or password: {}", e));
self.common.error = Some(anyhow!("Invalid username or password")); self.common.error = Some(anyhow!("Invalid username or password"));
self.common.cancel_task();
return Ok(true); return Ok(true);
} }
Ok(l) => l, Ok(l) => l,
@ -94,22 +88,24 @@ impl CommonComponent<LoginForm> for LoginForm {
credential_finalization: login_finish.message, credential_finalization: login_finish.message,
}; };
self.common.call_backend( self.common.call_backend(
ctx, HostService::login_finish,
HostService::login_finish(req), req,
Msg::AuthenticationFinishResponse, Msg::AuthenticationFinishResponse,
); )?;
Ok(false) Ok(false)
} }
Msg::AuthenticationFinishResponse(user_info) => { Msg::AuthenticationFinishResponse(user_info) => {
ctx.props() self.common.cancel_task();
self.common
.on_logged_in .on_logged_in
.emit(user_info.context("Could not log in")?); .emit(user_info.context("Could not log in")?);
Ok(true) Ok(true)
} }
Msg::AuthenticationRefreshResponse(user_info) => { Msg::AuthenticationRefreshResponse(user_info) => {
self.refreshing = false; self.refreshing = false;
self.common.cancel_task();
if let Ok(user_info) = user_info { if let Ok(user_info) = user_info {
ctx.props().on_logged_in.emit(user_info); self.common.on_logged_in.emit(user_info);
} }
Ok(true) Ok(true)
} }
@ -125,28 +121,32 @@ impl Component for LoginForm {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut app = LoginForm { let mut app = LoginForm {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
form: Form::<FormModel>::new(FormModel::default()), form: Form::<FormModel>::new(FormModel::default()),
refreshing: true, refreshing: true,
}; };
app.common.call_backend( if let Err(e) =
ctx, app.common
HostService::refresh(), .call_backend(HostService::refresh, (), Msg::AuthenticationRefreshResponse)
Msg::AuthenticationRefreshResponse, {
); ConsoleService::debug(&format!("Could not refresh auth: {}", e));
app.refreshing = false;
}
app app
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.common.change(props)
}
fn view(&self) -> Html {
type Field = yew_form::Field<FormModel>; type Field = yew_form::Field<FormModel>;
let password_reset_enabled = ctx.props().password_reset_enabled;
let link = &ctx.link();
if self.refreshing { if self.refreshing {
html! { html! {
<div> <div>
@ -167,11 +167,11 @@ impl Component for LoginForm {
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
form={&self.form} form=&self.form
field_name="username" field_name="username"
placeholder="Username" placeholder="Username"
autocomplete="username" autocomplete="username"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
</div> </div>
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">
@ -183,7 +183,7 @@ impl Component for LoginForm {
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
form={&self.form} form=&self.form
field_name="password" field_name="password"
input_type="password" input_type="password"
placeholder="Password" placeholder="Password"
@ -193,23 +193,16 @@ impl Component for LoginForm {
<button <button
type="submit" type="submit"
class="btn btn-primary" class="btn btn-primary"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})>
<i class="bi-box-arrow-in-right me-2"/>
{"Login"} {"Login"}
</button> </button>
{ if password_reset_enabled { <NavButton
html! { classes="btn-link btn"
<Link disabled=self.common.is_task_running()
classes="btn-link btn" route=AppRoute::StartResetPassword>
disabled={self.common.is_task_running()} {"Forgot your password?"}
to={AppRoute::StartResetPassword}> </NavButton>
{"Forgot your password?"}
</Link>
}
} else {
html!{}
}}
</div> </div>
<div class="form-group"> <div class="form-group">
{ if let Some(e) = &self.common.error { { if let Some(e) = &self.common.error {

27
app/src/components/logout.rs
View File

@ -21,20 +21,16 @@ pub enum Msg {
} }
impl CommonComponent<LogoutButton> for LogoutButton { impl CommonComponent<LogoutButton> for LogoutButton {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::LogoutRequested => { Msg::LogoutRequested => {
self.common self.common
.call_backend(ctx, HostService::logout(), Msg::LogoutCompleted); .call_backend(HostService::logout, (), Msg::LogoutCompleted)?;
} }
Msg::LogoutCompleted(res) => { Msg::LogoutCompleted(res) => {
res?; res?;
delete_cookie("user_id")?; delete_cookie("user_id")?;
ctx.props().on_logged_out.emit(()); self.common.on_logged_out.emit(());
} }
} }
Ok(false) Ok(false)
@ -49,22 +45,25 @@ impl Component for LogoutButton {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
LogoutButton { LogoutButton {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = &ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
html! { html! {
<button <button
class="dropdown-item" class="dropdown-item"
onclick={link.callback(|_| Msg::LogoutRequested)}> onclick=self.common.callback(|_| Msg::LogoutRequested)>
{"Logout"} {"Logout"}
</button> </button>
} }

40
app/src/components/remove_user_from_group.rs
View File

@ -31,18 +31,15 @@ pub enum Msg {
} }
impl CommonComponent<RemoveUserFromGroupComponent> for RemoveUserFromGroupComponent { impl CommonComponent<RemoveUserFromGroupComponent> for RemoveUserFromGroupComponent {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::SubmitRemoveGroup => self.submit_remove_group(ctx), Msg::SubmitRemoveGroup => self.submit_remove_group(),
Msg::RemoveGroupResponse(response) => { Msg::RemoveGroupResponse(response) => {
response?; response?;
ctx.props() self.common.cancel_task();
self.common
.on_user_removed_from_group .on_user_removed_from_group
.emit((ctx.props().username.clone(), ctx.props().group_id)); .emit((self.common.username.clone(), self.common.group_id));
} }
} }
Ok(true) Ok(true)
@ -54,12 +51,11 @@ impl CommonComponent<RemoveUserFromGroupComponent> for RemoveUserFromGroupCompon
} }
impl RemoveUserFromGroupComponent { impl RemoveUserFromGroupComponent {
fn submit_remove_group(&mut self, ctx: &Context<Self>) { fn submit_remove_group(&mut self) {
self.common.call_graphql::<RemoveUserFromGroup, _>( self.common.call_graphql::<RemoveUserFromGroup, _>(
ctx,
remove_user_from_group::Variables { remove_user_from_group::Variables {
user: ctx.props().username.clone(), user: self.common.username.clone(),
group: ctx.props().group_id, group: self.common.group_id,
}, },
Msg::RemoveGroupResponse, Msg::RemoveGroupResponse,
"Error trying to initiate removing the user from a group", "Error trying to initiate removing the user from a group",
@ -71,28 +67,30 @@ impl Component for RemoveUserFromGroupComponent {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
Self { Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update_and_report_error( CommonComponentParts::<Self>::update_and_report_error(
self, self,
ctx,
msg, msg,
ctx.props().on_error.clone(), self.common.on_error.clone(),
) )
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = &ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
html! { html! {
<button <button
class="btn btn-danger" class="btn btn-danger"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|_| Msg::SubmitRemoveGroup)}> onclick=self.common.callback(|_| Msg::SubmitRemoveGroup)>
<i class="bi-x-circle-fill" aria-label="Remove user from group" /> <i class="bi-x-circle-fill" aria-label="Remove user from group" />
</button> </button>
} }

52
app/src/components/reset_password_step1.rs
View File

@ -1,5 +1,5 @@
use crate::{ use crate::{
components::router::{AppRoute, Link}, components::router::{AppRoute, NavButton},
infra::{ infra::{
api::HostService, api::HostService,
common_component::{CommonComponent, CommonComponentParts}, common_component::{CommonComponent, CommonComponentParts},
@ -18,7 +18,7 @@ pub struct ResetPasswordStep1Form {
} }
/// The fields of the form, with the constraints. /// The fields of the form, with the constraints.
#[derive(Model, Validate, PartialEq, Eq, Clone, Default)] #[derive(Model, Validate, PartialEq, Clone, Default)]
pub struct FormModel { pub struct FormModel {
#[validate(length(min = 1, message = "Missing username"))] #[validate(length(min = 1, message = "Missing username"))]
username: String, username: String,
@ -31,11 +31,7 @@ pub enum Msg {
} }
impl CommonComponent<ResetPasswordStep1Form> for ResetPasswordStep1Form { impl CommonComponent<ResetPasswordStep1Form> for ResetPasswordStep1Form {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::Update => Ok(true), Msg::Update => Ok(true),
Msg::Submit => { Msg::Submit => {
@ -44,10 +40,10 @@ impl CommonComponent<ResetPasswordStep1Form> for ResetPasswordStep1Form {
} }
let FormModel { username } = self.form.model(); let FormModel { username } = self.form.model();
self.common.call_backend( self.common.call_backend(
ctx, HostService::reset_password_step1,
HostService::reset_password_step1(username), &username,
Msg::PasswordResetResponse, Msg::PasswordResetResponse,
); )?;
Ok(true) Ok(true)
} }
Msg::PasswordResetResponse(response) => { Msg::PasswordResetResponse(response) => {
@ -67,22 +63,25 @@ impl Component for ResetPasswordStep1Form {
type Message = Msg; type Message = Msg;
type Properties = (); type Properties = ();
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
ResetPasswordStep1Form { ResetPasswordStep1Form {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
form: Form::<FormModel>::new(FormModel::default()), form: Form::<FormModel>::new(FormModel::default()),
just_succeeded: false, just_succeeded: false,
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
self.just_succeeded = false; self.just_succeeded = false;
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.common.change(props)
}
fn view(&self) -> Html {
type Field = yew_form::Field<FormModel>; type Field = yew_form::Field<FormModel>;
let link = &ctx.link();
html! { html! {
<form <form
class="form center-block col-sm-4 col-offset-4"> class="form center-block col-sm-4 col-offset-4">
@ -96,11 +95,11 @@ impl Component for ResetPasswordStep1Form {
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
form={&self.form} form=&self.form
field_name="username" field_name="username"
placeholder="Username or email" placeholder="Username"
autocomplete="username" autocomplete="username"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
</div> </div>
{ if self.just_succeeded { { if self.just_succeeded {
html! { html! {
@ -112,24 +111,23 @@ impl Component for ResetPasswordStep1Form {
<button <button
type="submit" type="submit"
class="btn btn-primary" class="btn btn-primary"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})>
<i class="bi-check-circle me-2"/>
{"Reset password"} {"Reset password"}
</button> </button>
<Link <NavButton
classes="btn-link btn" classes="btn-link btn"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
to={AppRoute::Login}> route=AppRoute::Login>
{"Back"} {"Back"}
</Link> </NavButton>
</div> </div>
} }
}} }}
<div class="form-group"> <div class="form-group">
{ if let Some(e) = &self.common.error { { if let Some(e) = &self.common.error {
html! { html! {
<div class="alert alert-danger mb-2"> <div class="alert alert-danger">
{e.to_string() } {e.to_string() }
</div> </div>
} }

95
app/src/components/reset_password_step2.rs
View File

@ -1,11 +1,11 @@
use crate::{ use crate::{
components::router::{AppRoute, Link}, components::router::AppRoute,
infra::{ infra::{
api::HostService, api::HostService,
common_component::{CommonComponent, CommonComponentParts}, common_component::{CommonComponent, CommonComponentParts},
}, },
}; };
use anyhow::{bail, Result}; use anyhow::{bail, Context, Result};
use lldap_auth::{ use lldap_auth::{
opaque::client::registration as opaque_registration, opaque::client::registration as opaque_registration,
password_reset::ServerPasswordResetResponse, registration, password_reset::ServerPasswordResetResponse, registration,
@ -14,10 +14,13 @@ use validator_derive::Validate;
use yew::prelude::*; use yew::prelude::*;
use yew_form::Form; use yew_form::Form;
use yew_form_derive::Model; use yew_form_derive::Model;
use yew_router::{prelude::History, scope_ext::RouterScopeExt}; use yew_router::{
agent::{RouteAgentDispatcher, RouteRequest},
route::Route,
};
/// The fields of the form, with the constraints. /// The fields of the form, with the constraints.
#[derive(Model, Validate, PartialEq, Eq, Clone, Default)] #[derive(Model, Validate, PartialEq, Clone, Default)]
pub struct FormModel { pub struct FormModel {
#[validate(length(min = 8, message = "Invalid password. Min length: 8"))] #[validate(length(min = 8, message = "Invalid password. Min length: 8"))]
password: String, password: String,
@ -30,9 +33,10 @@ pub struct ResetPasswordStep2Form {
form: Form<FormModel>, form: Form<FormModel>,
username: Option<String>, username: Option<String>,
opaque_data: Option<opaque_registration::ClientRegistration>, opaque_data: Option<opaque_registration::ClientRegistration>,
route_dispatcher: RouteAgentDispatcher,
} }
#[derive(Clone, PartialEq, Eq, Properties)] #[derive(Clone, PartialEq, Properties)]
pub struct Props { pub struct Props {
pub token: String, pub token: String,
} }
@ -46,15 +50,11 @@ pub enum Msg {
} }
impl CommonComponent<ResetPasswordStep2Form> for ResetPasswordStep2Form { impl CommonComponent<ResetPasswordStep2Form> for ResetPasswordStep2Form {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
use anyhow::Context;
match msg { match msg {
Msg::ValidateTokenResponse(response) => { Msg::ValidateTokenResponse(response) => {
self.username = Some(response?.user_id); self.username = Some(response?.user_id);
self.common.cancel_task();
Ok(true) Ok(true)
} }
Msg::FormUpdate => Ok(true), Msg::FormUpdate => Ok(true),
@ -73,10 +73,10 @@ impl CommonComponent<ResetPasswordStep2Form> for ResetPasswordStep2Form {
}; };
self.opaque_data = Some(registration_start_request.state); self.opaque_data = Some(registration_start_request.state);
self.common.call_backend( self.common.call_backend(
ctx, HostService::register_start,
HostService::register_start(req), req,
Msg::RegistrationStartResponse, Msg::RegistrationStartResponse,
); )?;
Ok(true) Ok(true)
} }
Msg::RegistrationStartResponse(res) => { Msg::RegistrationStartResponse(res) => {
@ -94,15 +94,17 @@ impl CommonComponent<ResetPasswordStep2Form> for ResetPasswordStep2Form {
registration_upload: registration_finish.message, registration_upload: registration_finish.message,
}; };
self.common.call_backend( self.common.call_backend(
ctx, HostService::register_finish,
HostService::register_finish(req), req,
Msg::RegistrationFinishResponse, Msg::RegistrationFinishResponse,
); )?;
Ok(false) Ok(false)
} }
Msg::RegistrationFinishResponse(response) => { Msg::RegistrationFinishResponse(response) => {
self.common.cancel_task();
if response.is_ok() { if response.is_ok() {
ctx.link().history().unwrap().push(AppRoute::Login); self.route_dispatcher
.send(RouteRequest::ChangeRoute(Route::from(AppRoute::Login)));
} }
response?; response?;
Ok(true) Ok(true)
@ -119,28 +121,35 @@ impl Component for ResetPasswordStep2Form {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut component = ResetPasswordStep2Form { let mut component = ResetPasswordStep2Form {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
form: yew_form::Form::<FormModel>::new(FormModel::default()), form: yew_form::Form::<FormModel>::new(FormModel::default()),
opaque_data: None, opaque_data: None,
route_dispatcher: RouteAgentDispatcher::new(),
username: None, username: None,
}; };
let token = ctx.props().token.clone(); let token = component.common.token.clone();
component.common.call_backend( component
ctx, .common
HostService::reset_password_step2(token), .call_backend(
Msg::ValidateTokenResponse, HostService::reset_password_step2,
); &token,
Msg::ValidateTokenResponse,
)
.unwrap();
component component
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
let link = &ctx.link(); self.common.change(props)
}
fn view(&self) -> Html {
match (&self.username, &self.common.error) { match (&self.username, &self.common.error) {
(None, None) => { (None, None) => {
return html! { return html! {
@ -149,17 +158,9 @@ impl Component for ResetPasswordStep2Form {
} }
(None, Some(e)) => { (None, Some(e)) => {
return html! { return html! {
<> <div class="alert alert-danger">
<div class="alert alert-danger"> {e.to_string() }
{e.to_string() } </div>
</div>
<Link
classes="btn-link btn"
disabled={self.common.is_task_running()}
to={AppRoute::Login}>
{"Back"}
</Link>
</>
} }
} }
_ => (), _ => (),
@ -177,14 +178,14 @@ impl Component for ResetPasswordStep2Form {
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<Field <Field
form={&self.form} form=&self.form
field_name="password" field_name="password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="new-password" autocomplete="new-password"
input_type="password" input_type="password"
oninput={link.callback(|_| Msg::FormUpdate)} /> oninput=self.common.callback(|_| Msg::FormUpdate) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("password")} {&self.form.field_message("password")}
</div> </div>
@ -197,14 +198,14 @@ impl Component for ResetPasswordStep2Form {
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<Field <Field
form={&self.form} form=&self.form
field_name="confirm_password" field_name="confirm_password"
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
autocomplete="new-password" autocomplete="new-password"
input_type="password" input_type="password"
oninput={link.callback(|_| Msg::FormUpdate)} /> oninput=self.common.callback(|_| Msg::FormUpdate) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("confirm_password")} {&self.form.field_message("confirm_password")}
</div> </div>
@ -214,8 +215,8 @@ impl Component for ResetPasswordStep2Form {
<button <button
class="btn btn-primary col-sm-1 col-form-label" class="btn btn-primary col-sm-1 col-form-label"
type="submit" type="submit"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})>
{"Submit"} {"Submit"}
</button> </button>
</div> </div>

42
app/src/components/router.rs
View File

@ -1,30 +1,34 @@
use yew_router::Routable; use yew_router::{
components::{RouterAnchor, RouterButton},
Switch,
};
#[derive(Routable, Debug, Clone, PartialEq)] #[derive(Switch, Debug, Clone)]
pub enum AppRoute { pub enum AppRoute {
#[at("/login")] #[to = "/login"]
Login, Login,
#[at("/reset-password/step1")] #[to = "/reset-password/step1"]
StartResetPassword, StartResetPassword,
#[at("/reset-password/step2/:token")] #[to = "/reset-password/step2/{token}"]
FinishResetPassword { token: String }, FinishResetPassword(String),
#[at("/users/create")] #[to = "/users/create"]
CreateUser, CreateUser,
#[at("/users")] #[to = "/users"]
ListUsers, ListUsers,
#[at("/user/:user_id/password")] #[to = "/user/{user_id}/password"]
ChangePassword { user_id: String }, ChangePassword(String),
#[at("/user/:user_id")] #[to = "/user/{user_id}"]
UserDetails { user_id: String }, UserDetails(String),
#[at("/groups/create")] #[to = "/groups/create"]
CreateGroup, CreateGroup,
#[at("/groups")] #[to = "/groups"]
ListGroups, ListGroups,
#[at("/group/:group_id")] #[to = "/group/{group_id}"]
GroupDetails { group_id: i64 }, GroupDetails(i64),
#[at("/")] #[to = "/"]
Index, Index,
} }
pub type Link = yew_router::components::Link<AppRoute>; pub type Link = RouterAnchor<AppRoute>;
pub type Redirect = yew_router::components::Redirect<AppRoute>;
pub type NavButton = RouterButton<AppRoute>;

85
app/src/components/select.rs
View File

@ -1,6 +1,9 @@
use yew::prelude::*; use yew::{html::ChangeData, prelude::*};
use yewtil::NeqAssign;
pub struct Select { pub struct Select {
link: ComponentLink<Self>,
props: SelectProps,
node_ref: NodeRef, node_ref: NodeRef,
} }
@ -11,70 +14,100 @@ pub struct SelectProps {
} }
pub enum SelectMsg { pub enum SelectMsg {
OnSelectChange, OnSelectChange(ChangeData),
} }
impl Select { impl Select {
fn get_nth_child_props(&self, ctx: &Context<Self>, nth: i32) -> Option<SelectOptionProps> { fn get_nth_child_props(&self, nth: i32) -> Option<SelectOptionProps> {
if nth == -1 { if nth == -1 {
return None; return None;
} }
ctx.props() self.props
.children .children
.iter() .iter()
.nth(nth as usize) .nth(nth as usize)
.map(|child| (*child.props).clone()) .map(|child| child.props)
} }
fn send_selection_update(&self, ctx: &Context<Self>) { fn send_selection_update(&self) {
let select_node = self.node_ref.cast::<web_sys::HtmlSelectElement>().unwrap(); let select_node = self.node_ref.cast::<web_sys::HtmlSelectElement>().unwrap();
ctx.props() self.props
.on_selection_change .on_selection_change
.emit(self.get_nth_child_props(ctx, select_node.selected_index())) .emit(self.get_nth_child_props(select_node.selected_index()))
} }
} }
impl Component for Select { impl Component for Select {
type Message = SelectMsg; type Message = SelectMsg;
type Properties = SelectProps; type Properties = SelectProps;
fn create(_: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
Self { Self {
link,
props,
node_ref: NodeRef::default(), node_ref: NodeRef::default(),
} }
} }
fn rendered(&mut self, ctx: &Context<Self>, _first_render: bool) { fn rendered(&mut self, _first_render: bool) {
self.send_selection_update(ctx); self.send_selection_update();
} }
fn update(&mut self, ctx: &Context<Self>, _: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
self.send_selection_update(ctx); let SelectMsg::OnSelectChange(data) = msg;
match data {
ChangeData::Select(_) => self.send_selection_update(),
_ => unreachable!(),
}
false false
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.props.children.neq_assign(props.children)
}
fn view(&self) -> Html {
html! { html! {
<select class="form-select" <select
ref={self.node_ref.clone()} ref=self.node_ref.clone()
disabled={ctx.props().children.is_empty()} disabled=self.props.children.is_empty()
onchange={ctx.link().callback(|_| SelectMsg::OnSelectChange)}> onchange=self.link.callback(SelectMsg::OnSelectChange)>
{ ctx.props().children.clone() } { self.props.children.clone() }
</select> </select>
} }
} }
} }
#[derive(yew::Properties, Clone, PartialEq, Eq, Debug)] pub struct SelectOption {
props: SelectOptionProps,
}
#[derive(yew::Properties, Clone, PartialEq, Debug)]
pub struct SelectOptionProps { pub struct SelectOptionProps {
pub value: String, pub value: String,
pub text: String, pub text: String,
} }
#[function_component(SelectOption)] impl Component for SelectOption {
pub fn select_option(props: &SelectOptionProps) -> Html { type Message = ();
html! { type Properties = SelectOptionProps;
<option value={props.value.clone()}>
{&props.text} fn create(props: Self::Properties, _: ComponentLink<Self>) -> Self {
</option> Self { props }
}
fn update(&mut self, _: Self::Message) -> ShouldRender {
false
}
fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.props.neq_assign(props)
}
fn view(&self) -> Html {
html! {
<option value=self.props.value.clone()>
{&self.props.text}
</option>
}
} }
} }

87
app/src/components/user_details.rs
View File

@ -2,7 +2,7 @@ use crate::{
components::{ components::{
add_user_to_group::AddUserToGroupComponent, add_user_to_group::AddUserToGroupComponent,
remove_user_from_group::RemoveUserFromGroupComponent, remove_user_from_group::RemoveUserFromGroupComponent,
router::{AppRoute, Link}, router::{AppRoute, Link, NavButton},
user_details_form::UserDetailsForm, user_details_form::UserDetailsForm,
}, },
infra::common_component::{CommonComponent, CommonComponentParts}, infra::common_component::{CommonComponent, CommonComponentParts},
@ -40,14 +40,14 @@ pub enum Msg {
OnUserRemovedFromGroup((String, i64)), OnUserRemovedFromGroup((String, i64)),
} }
#[derive(yew::Properties, Clone, PartialEq, Eq)] #[derive(yew::Properties, Clone, PartialEq)]
pub struct Props { pub struct Props {
pub username: String, pub username: String,
pub is_admin: bool, pub is_admin: bool,
} }
impl CommonComponent<UserDetails> for UserDetails { impl CommonComponent<UserDetails> for UserDetails {
fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> { fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
match msg { match msg {
Msg::UserDetailsResponse(response) => match response { Msg::UserDetailsResponse(response) => match response {
Ok(user) => self.user = Some(user.user), Ok(user) => self.user = Some(user.user),
@ -77,11 +77,10 @@ impl CommonComponent<UserDetails> for UserDetails {
} }
impl UserDetails { impl UserDetails {
fn get_user_details(&mut self, ctx: &Context<Self>) { fn get_user_details(&mut self) {
self.common.call_graphql::<GetUserDetails, _>( self.common.call_graphql::<GetUserDetails, _>(
ctx,
get_user_details::Variables { get_user_details::Variables {
id: ctx.props().username.clone(), id: self.common.username.clone(),
}, },
Msg::UserDetailsResponse, Msg::UserDetailsResponse,
"Error trying to fetch user details", "Error trying to fetch user details",
@ -100,25 +99,24 @@ impl UserDetails {
} }
} }
fn view_group_memberships(&self, ctx: &Context<Self>, u: &User) -> Html { fn view_group_memberships(&self, u: &User) -> Html {
let link = &ctx.link();
let make_group_row = |group: &Group| { let make_group_row = |group: &Group| {
let display_name = group.display_name.clone(); let display_name = group.display_name.clone();
html! { html! {
<tr key={"groupRow_".to_string() + &display_name}> <tr key="groupRow_".to_string() + &display_name>
{if ctx.props().is_admin { html! { {if self.common.is_admin { html! {
<> <>
<td> <td>
<Link to={AppRoute::GroupDetails{group_id: group.id}}> <Link route=AppRoute::GroupDetails(group.id)>
{&group.display_name} {&group.display_name}
</Link> </Link>
</td> </td>
<td> <td>
<RemoveUserFromGroupComponent <RemoveUserFromGroupComponent
username={u.id.clone()} username=u.id.clone()
group_id={group.id} group_id=group.id
on_user_removed_from_group={link.callback(Msg::OnUserRemovedFromGroup)} on_user_removed_from_group=self.common.callback(Msg::OnUserRemovedFromGroup)
on_error={link.callback(Msg::OnError)}/> on_error=self.common.callback(Msg::OnError)/>
</td> </td>
</> </>
} } else { html! { } } else { html! {
@ -131,18 +129,18 @@ impl UserDetails {
<> <>
<h5 class="row m-3 fw-bold">{"Group memberships"}</h5> <h5 class="row m-3 fw-bold">{"Group memberships"}</h5>
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-hover"> <table class="table table-striped">
<thead> <thead>
<tr key="headerRow"> <tr key="headerRow">
<th>{"Group"}</th> <th>{"Group"}</th>
{ if ctx.props().is_admin { html!{ <th></th> }} else { html!{} }} { if self.common.is_admin { html!{ <th></th> }} else { html!{} }}
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{if u.groups.is_empty() { {if u.groups.is_empty() {
html! { html! {
<tr key="EmptyRow"> <tr key="EmptyRow">
<td>{"This user is not a member of any groups."}</td> <td>{"Not member of any group"}</td>
</tr> </tr>
} }
} else { } else {
@ -155,15 +153,14 @@ impl UserDetails {
} }
} }
fn view_add_group_button(&self, ctx: &Context<Self>, u: &User) -> Html { fn view_add_group_button(&self, u: &User) -> Html {
let link = &ctx.link(); if self.common.is_admin {
if ctx.props().is_admin {
html! { html! {
<AddUserToGroupComponent <AddUserToGroupComponent
username={u.id.clone()} username=u.id.clone()
groups={u.groups.clone()} groups=u.groups.clone()
on_error={link.callback(Msg::OnError)} on_error=self.common.callback(Msg::OnError)
on_user_added_to_group={link.callback(Msg::OnUserAddedToGroup)}/> on_user_added_to_group=self.common.callback(Msg::OnUserAddedToGroup)/>
} }
} else { } else {
html! {} html! {}
@ -175,20 +172,24 @@ impl Component for UserDetails {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut table = Self { let mut table = Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
user: None, user: None,
}; };
table.get_user_details(ctx); table.get_user_details();
table table
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.common.change(props)
}
fn view(&self) -> Html {
match (&self.user, &self.common.error) { match (&self.user, &self.common.error) {
(None, None) => html! {{"Loading..."}}, (None, None) => html! {{"Loading..."}},
(None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>}, (None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>},
@ -196,20 +197,18 @@ impl Component for UserDetails {
html! { html! {
<> <>
<h3>{u.id.to_string()}</h3> <h3>{u.id.to_string()}</h3>
<div class="d-flex flex-row-reverse"> <UserDetailsForm
<Link user=u.clone()
to={AppRoute::ChangePassword{user_id: u.id.clone()}} on_error=self.common.callback(Msg::OnError)/>
classes="btn btn-secondary"> <div class="row justify-content-center">
<i class="bi-key me-2"></i> <NavButton
{"Modify password"} route=AppRoute::ChangePassword(u.id.clone())
</Link> classes="btn btn-primary col-auto">
{"Change password"}
</NavButton>
</div> </div>
<div> {self.view_group_memberships(u)}
<h5 class="row m-3 fw-bold">{"User details"}</h5> {self.view_add_group_button(u)}
</div>
<UserDetailsForm user={u.clone()} />
{self.view_group_memberships(ctx, u)}
{self.view_add_group_button(ctx, u)}
{self.view_messages(error)} {self.view_messages(error)}
</> </>
} }

304
app/src/components/user_details_form.rs
View File

@ -1,52 +1,19 @@
use std::str::FromStr;
use crate::{ use crate::{
components::user_details::User, components::user_details::User,
infra::common_component::{CommonComponent, CommonComponentParts}, infra::common_component::{CommonComponent, CommonComponentParts},
}; };
use anyhow::{bail, Error, Result}; use anyhow::{bail, Error, Result};
use gloo_file::{
callbacks::{read_as_bytes, FileReader},
File,
};
use graphql_client::GraphQLQuery; use graphql_client::GraphQLQuery;
use validator_derive::Validate; use validator_derive::Validate;
use web_sys::{FileList, HtmlInputElement, InputEvent};
use yew::prelude::*; use yew::prelude::*;
use yew_form_derive::Model; use yew_form_derive::Model;
#[derive(Default)]
struct JsFile {
file: Option<File>,
contents: Option<Vec<u8>>,
}
impl ToString for JsFile {
fn to_string(&self) -> String {
self.file
.as_ref()
.map(File::name)
.unwrap_or_else(String::new)
}
}
impl FromStr for JsFile {
type Err = Error;
fn from_str(s: &str) -> Result<Self> {
if s.is_empty() {
Ok(JsFile::default())
} else {
bail!("Building file from non-empty string")
}
}
}
/// The fields of the form, with the editable details and the constraints. /// The fields of the form, with the editable details and the constraints.
#[derive(Model, Validate, PartialEq, Eq, Clone)] #[derive(Model, Validate, PartialEq, Clone)]
pub struct UserModel { pub struct UserModel {
#[validate(email)] #[validate(email)]
email: String, email: String,
#[validate(length(min = 1, message = "Display name is required"))]
display_name: String, display_name: String,
first_name: String, first_name: String,
last_name: String, last_name: String,
@ -58,7 +25,7 @@ pub struct UserModel {
schema_path = "../schema.graphql", schema_path = "../schema.graphql",
query_path = "queries/update_user.graphql", query_path = "queries/update_user.graphql",
response_derives = "Debug", response_derives = "Debug",
variables_derives = "Clone,PartialEq,Eq", variables_derives = "Clone,PartialEq",
custom_scalars_module = "crate::infra::graphql" custom_scalars_module = "crate::infra::graphql"
)] )]
pub struct UpdateUser; pub struct UpdateUser;
@ -67,76 +34,33 @@ pub struct UpdateUser;
pub struct UserDetailsForm { pub struct UserDetailsForm {
common: CommonComponentParts<Self>, common: CommonComponentParts<Self>,
form: yew_form::Form<UserModel>, form: yew_form::Form<UserModel>,
avatar: JsFile,
reader: Option<FileReader>,
/// True if we just successfully updated the user, to display a success message. /// True if we just successfully updated the user, to display a success message.
just_updated: bool, just_updated: bool,
user: User,
} }
pub enum Msg { pub enum Msg {
/// A form field changed. /// A form field changed.
Update, Update,
/// A new file was selected.
FileSelected(File),
/// The "Submit" button was clicked. /// The "Submit" button was clicked.
SubmitClicked, SubmitClicked,
/// A picked file finished loading.
FileLoaded(String, Result<Vec<u8>>),
/// We got the response from the server about our update message. /// We got the response from the server about our update message.
UserUpdated(Result<update_user::ResponseData>), UserUpdated(Result<update_user::ResponseData>),
} }
#[derive(yew::Properties, Clone, PartialEq, Eq)] #[derive(yew::Properties, Clone, PartialEq)]
pub struct Props { pub struct Props {
/// The current user details. /// The current user details.
pub user: User, pub user: User,
/// Callback to report errors (e.g. server error).
pub on_error: Callback<Error>,
} }
impl CommonComponent<UserDetailsForm> for UserDetailsForm { impl CommonComponent<UserDetailsForm> for UserDetailsForm {
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool> {
match msg { match msg {
Msg::Update => Ok(true), Msg::Update => Ok(true),
Msg::FileSelected(new_avatar) => { Msg::SubmitClicked => self.submit_user_update_form(),
if self.avatar.file.as_ref().map(|f| f.name()) != Some(new_avatar.name()) {
let file_name = new_avatar.name();
let link = ctx.link().clone();
self.reader = Some(read_as_bytes(&new_avatar, move |res| {
link.send_message(Msg::FileLoaded(
file_name,
res.map_err(|e| anyhow::anyhow!("{:#}", e)),
))
}));
self.avatar = JsFile {
file: Some(new_avatar),
contents: None,
};
}
Ok(true)
}
Msg::SubmitClicked => self.submit_user_update_form(ctx),
Msg::UserUpdated(response) => self.user_update_finished(response), Msg::UserUpdated(response) => self.user_update_finished(response),
Msg::FileLoaded(file_name, data) => {
if let Some(file) = &self.avatar.file {
if file.name() == file_name {
let data = data?;
if !is_valid_jpeg(data.as_slice()) {
// Clear the selection.
self.avatar = JsFile::default();
bail!("Chosen image is not a valid JPEG");
} else {
self.avatar.contents = Some(data);
return Ok(true);
}
}
}
self.reader = None;
Ok(false)
}
} }
} }
@ -149,37 +73,35 @@ impl Component for UserDetailsForm {
type Message = Msg; type Message = Msg;
type Properties = Props; type Properties = Props;
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let model = UserModel { let model = UserModel {
email: ctx.props().user.email.clone(), email: props.user.email.clone(),
display_name: ctx.props().user.display_name.clone(), display_name: props.user.display_name.clone(),
first_name: ctx.props().user.first_name.clone(), first_name: props.user.first_name.clone(),
last_name: ctx.props().user.last_name.clone(), last_name: props.user.last_name.clone(),
}; };
Self { Self {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
form: yew_form::Form::new(model), form: yew_form::Form::new(model),
avatar: JsFile::default(),
just_updated: false, just_updated: false,
reader: None,
user: ctx.props().user.clone(),
} }
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
self.just_updated = false; self.just_updated = false;
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update_and_report_error(
self,
msg,
self.common.on_error.clone(),
)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
type Field = yew_form::Field<UserModel>; self.common.change(props)
let link = &ctx.link(); }
let avatar_base64 = maybe_to_base64(&self.avatar).unwrap_or_default(); fn view(&self) -> Html {
let avatar_string = avatar_base64 type Field = yew_form::Field<UserModel>;
.as_deref()
.or(self.user.avatar.as_deref())
.unwrap_or("");
html! { html! {
<div class="py-3"> <div class="py-3">
<form class="form"> <form class="form">
@ -189,43 +111,23 @@ impl Component for UserDetailsForm {
{"User ID: "} {"User ID: "}
</label> </label>
<div class="col-8"> <div class="col-8">
<span id="userId" class="form-control-static"><i>{&self.user.id}</i></span> <span id="userId" class="form-constrol-static">{&self.common.user.id}</span>
</div>
</div>
<div class="form-group row mb-3">
<label for="creationDate"
class="form-label col-4 col-form-label">
{"Creation date: "}
</label>
<div class="col-8">
<span id="creationDate" class="form-control-static">{&self.user.creation_date.naive_local().date()}</span>
</div>
</div>
<div class="form-group row mb-3">
<label for="uuid"
class="form-label col-4 col-form-label">
{"UUID: "}
</label>
<div class="col-8">
<span id="creationDate" class="form-control-static">{&self.user.uuid}</span>
</div> </div>
</div> </div>
<div class="form-group row mb-3"> <div class="form-group row mb-3">
<label for="email" <label for="email"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"Email"} {"Email*: "}
<span class="text-danger">{"*"}</span>
{":"}
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
form={&self.form} form=&self.form
field_name="email" field_name="email"
autocomplete="email" autocomplete="email"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("email")} {&self.form.field_message("email")}
</div> </div>
@ -234,17 +136,17 @@ impl Component for UserDetailsForm {
<div class="form-group row mb-3"> <div class="form-group row mb-3">
<label for="display_name" <label for="display_name"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"Display Name: "} {"Display Name*: "}
</label> </label>
<div class="col-8"> <div class="col-8">
<Field <Field
class="form-control" class="form-control"
class_invalid="is-invalid has-error" class_invalid="is-invalid has-error"
class_valid="has-success" class_valid="has-success"
form={&self.form} form=&self.form
field_name="display_name" field_name="display_name"
autocomplete="name" autocomplete="name"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("display_name")} {&self.form.field_message("display_name")}
</div> </div>
@ -258,10 +160,10 @@ impl Component for UserDetailsForm {
<div class="col-8"> <div class="col-8">
<Field <Field
class="form-control" class="form-control"
form={&self.form} form=&self.form
field_name="first_name" field_name="first_name"
autocomplete="given-name" autocomplete="given-name"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("first_name")} {&self.form.field_message("first_name")}
</div> </div>
@ -275,65 +177,36 @@ impl Component for UserDetailsForm {
<div class="col-8"> <div class="col-8">
<Field <Field
class="form-control" class="form-control"
form={&self.form} form=&self.form
field_name="last_name" field_name="last_name"
autocomplete="family-name" autocomplete="family-name"
oninput={link.callback(|_| Msg::Update)} /> oninput=self.common.callback(|_| Msg::Update) />
<div class="invalid-feedback"> <div class="invalid-feedback">
{&self.form.field_message("last_name")} {&self.form.field_message("last_name")}
</div> </div>
</div> </div>
</div> </div>
<div class="form-group row align-items-center mb-3"> <div class="form-group row mb-3">
<label for="avatar" <label for="creationDate"
class="form-label col-4 col-form-label"> class="form-label col-4 col-form-label">
{"Avatar: "} {"Creation date: "}
</label> </label>
<div class="col-8"> <div class="col-8">
<div class="row align-items-center"> <span id="creationDate" class="form-constrol-static">{&self.common.user.creation_date.date().naive_local()}</span>
<div class="col-8">
<input
class="form-control"
id="avatarInput"
type="file"
accept="image/jpeg"
oninput={link.callback(|e: InputEvent| {
let input: HtmlInputElement = e.target_unchecked_into();
Self::upload_files(input.files())
})} />
</div>
<div class="col-4">
<img
id="avatarDisplay"
src={format!("data:image/jpeg;base64, {}", avatar_string)}
style="max-height:128px;max-width:128px;height:auto;width:auto;"
alt="Avatar" />
</div>
</div>
</div> </div>
</div> </div>
<div class="form-group row justify-content-center mt-3"> <div class="form-group row justify-content-center">
<button <button
type="submit" type="submit"
class="btn btn-primary col-auto col-form-label" class="btn btn-primary col-auto col-form-label"
disabled={self.common.is_task_running()} disabled=self.common.is_task_running()
onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitClicked})}> onclick=self.common.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitClicked})>
<i class="bi-save me-2"></i> {"Update"}
{"Save changes"}
</button> </button>
</div> </div>
</form> </form>
{ <div hidden=!self.just_updated>
if let Some(e) = &self.common.error { <span>{"User successfully updated!"}</span>
html! {
<div class="alert alert-danger">
{e.to_string() }
</div>
}
} else { html! {} }
}
<div hidden={!self.just_updated}>
<div class="alert alert-success mt-4">{"User successfully updated!"}</div>
</div> </div>
</div> </div>
} }
@ -341,25 +214,17 @@ impl Component for UserDetailsForm {
} }
impl UserDetailsForm { impl UserDetailsForm {
fn submit_user_update_form(&mut self, ctx: &Context<Self>) -> Result<bool> { fn submit_user_update_form(&mut self) -> Result<bool> {
if !self.form.validate() { if !self.form.validate() {
bail!("Invalid inputs"); bail!("Invalid inputs");
} }
if let JsFile { let base_user = &self.common.user;
file: Some(_),
contents: None,
} = &self.avatar
{
bail!("Image file hasn't finished loading, try again");
}
let base_user = &self.user;
let mut user_input = update_user::UpdateUserInput { let mut user_input = update_user::UpdateUserInput {
id: self.user.id.clone(), id: self.common.user.id.clone(),
email: None, email: None,
displayName: None, displayName: None,
firstName: None, firstName: None,
lastName: None, lastName: None,
avatar: None,
}; };
let default_user_input = user_input.clone(); let default_user_input = user_input.clone();
let model = self.form.model(); let model = self.form.model();
@ -376,14 +241,12 @@ impl UserDetailsForm {
if base_user.last_name != model.last_name { if base_user.last_name != model.last_name {
user_input.lastName = Some(model.last_name); user_input.lastName = Some(model.last_name);
} }
user_input.avatar = maybe_to_base64(&self.avatar)?;
// Nothing changed. // Nothing changed.
if user_input == default_user_input { if user_input == default_user_input {
return Ok(false); return Ok(false);
} }
let req = update_user::Variables { user: user_input }; let req = update_user::Variables { user: user_input };
self.common.call_graphql::<UpdateUser, _>( self.common.call_graphql::<UpdateUser, _>(
ctx,
req, req,
Msg::UserUpdated, Msg::UserUpdated,
"Error trying to update user", "Error trying to update user",
@ -392,56 +255,23 @@ impl UserDetailsForm {
} }
fn user_update_finished(&mut self, r: Result<update_user::ResponseData>) -> Result<bool> { fn user_update_finished(&mut self, r: Result<update_user::ResponseData>) -> Result<bool> {
r?; self.common.cancel_task();
let model = self.form.model(); match r {
self.user.email = model.email; Err(e) => return Err(e),
self.user.display_name = model.display_name; Ok(_) => {
self.user.first_name = model.first_name; let model = self.form.model();
self.user.last_name = model.last_name; self.common.user = User {
if let Some(avatar) = maybe_to_base64(&self.avatar)? { id: self.common.user.id.clone(),
self.user.avatar = Some(avatar); email: model.email,
} display_name: model.display_name,
self.just_updated = true; first_name: model.first_name,
last_name: model.last_name,
creation_date: self.common.user.creation_date,
groups: self.common.user.groups.clone(),
};
self.just_updated = true;
}
};
Ok(true) Ok(true)
} }
fn upload_files(files: Option<FileList>) -> Msg {
if let Some(files) = files {
if files.length() > 0 {
Msg::FileSelected(File::from(files.item(0).unwrap()))
} else {
Msg::Update
}
} else {
Msg::Update
}
}
}
fn is_valid_jpeg(bytes: &[u8]) -> bool {
image::io::Reader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
.decode()
.is_ok()
}
fn maybe_to_base64(file: &JsFile) -> Result<Option<String>> {
match file {
JsFile {
file: None,
contents: _,
} => Ok(None),
JsFile {
file: Some(_),
contents: None,
} => bail!("Image file hasn't finished loading, try again"),
JsFile {
file: Some(_),
contents: Some(data),
} => {
if !is_valid_jpeg(data.as_slice()) {
bail!("Chosen image is not a valid JPEG");
}
Ok(Some(base64::encode(data)))
}
}
} }

44
app/src/components/user_table.rs
View File

@ -34,7 +34,7 @@ pub enum Msg {
} }
impl CommonComponent<UserTable> for UserTable { impl CommonComponent<UserTable> for UserTable {
fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> { fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool> {
match msg { match msg {
Msg::ListUsersResponse(users) => { Msg::ListUsersResponse(users) => {
self.users = Some(users?.users.into_iter().collect()); self.users = Some(users?.users.into_iter().collect());
@ -55,9 +55,8 @@ impl CommonComponent<UserTable> for UserTable {
} }
impl UserTable { impl UserTable {
fn get_users(&mut self, ctx: &Context<Self>, req: Option<RequestFilter>) { fn get_users(&mut self, req: Option<RequestFilter>) {
self.common.call_graphql::<ListUsersQuery, _>( self.common.call_graphql::<ListUsersQuery, _>(
ctx,
list_users_query::Variables { filters: req }, list_users_query::Variables { filters: req },
Msg::ListUsersResponse, Msg::ListUsersResponse,
"Error trying to fetch users", "Error trying to fetch users",
@ -69,23 +68,27 @@ impl Component for UserTable {
type Message = Msg; type Message = Msg;
type Properties = (); type Properties = ();
fn create(ctx: &Context<Self>) -> Self { fn create(props: Self::Properties, link: ComponentLink<Self>) -> Self {
let mut table = UserTable { let mut table = UserTable {
common: CommonComponentParts::<Self>::create(), common: CommonComponentParts::<Self>::create(props, link),
users: None, users: None,
}; };
table.get_users(ctx, None); table.get_users(None);
table table
} }
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool { fn update(&mut self, msg: Self::Message) -> ShouldRender {
CommonComponentParts::<Self>::update(self, ctx, msg) CommonComponentParts::<Self>::update(self, msg)
} }
fn view(&self, ctx: &Context<Self>) -> Html { fn change(&mut self, props: Self::Properties) -> ShouldRender {
self.common.change(props)
}
fn view(&self) -> Html {
html! { html! {
<div> <div>
{self.view_users(ctx)} {self.view_users()}
{self.view_errors()} {self.view_errors()}
</div> </div>
} }
@ -93,11 +96,11 @@ impl Component for UserTable {
} }
impl UserTable { impl UserTable {
fn view_users(&self, ctx: &Context<Self>) -> Html { fn view_users(&self) -> Html {
let make_table = |users: &Vec<User>| { let make_table = |users: &Vec<User>| {
html! { html! {
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-hover"> <table class="table table-striped">
<thead> <thead>
<tr> <tr>
<th>{"User ID"}</th> <th>{"User ID"}</th>
@ -110,7 +113,7 @@ impl UserTable {
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{users.iter().map(|u| self.view_user(ctx, u)).collect::<Vec<_>>()} {users.iter().map(|u| self.view_user(u)).collect::<Vec<_>>()}
</tbody> </tbody>
</table> </table>
</div> </div>
@ -122,21 +125,20 @@ impl UserTable {
} }
} }
fn view_user(&self, ctx: &Context<Self>, user: &User) -> Html { fn view_user(&self, user: &User) -> Html {
let link = &ctx.link();
html! { html! {
<tr key={user.id.clone()}> <tr key=user.id.clone()>
<td><Link to={AppRoute::UserDetails{user_id: user.id.clone()}}>{&user.id}</Link></td> <td><Link route=AppRoute::UserDetails(user.id.clone())>{&user.id}</Link></td>
<td>{&user.email}</td> <td>{&user.email}</td>
<td>{&user.display_name}</td> <td>{&user.display_name}</td>
<td>{&user.first_name}</td> <td>{&user.first_name}</td>
<td>{&user.last_name}</td> <td>{&user.last_name}</td>
<td>{&user.creation_date.naive_local().date()}</td> <td>{&user.creation_date.date().naive_local()}</td>
<td> <td>
<DeleteUser <DeleteUser
username={user.id.clone()} username=user.id.clone()
on_user_deleted={link.callback(Msg::OnUserDeleted)} on_user_deleted=self.common.callback(Msg::OnUserDeleted)
on_error={link.callback(Msg::OnError)}/> on_error=self.common.callback(Msg::OnError)/>
</td> </td>
</tr> </tr>
} }

296
app/src/infra/api.rs
View File

@ -1,84 +1,136 @@
use super::cookies::set_cookie; use super::cookies::set_cookie;
use anyhow::{anyhow, Context, Result}; use anyhow::{anyhow, Context, Result};
use gloo_net::http::{Method, Request};
use graphql_client::GraphQLQuery; use graphql_client::GraphQLQuery;
use lldap_auth::{login, registration, JWTClaims}; use lldap_auth::{login, registration, JWTClaims};
use serde::{de::DeserializeOwned, Serialize}; use yew::callback::Callback;
use web_sys::RequestCredentials; use yew::format::Json;
use yew::services::fetch::{Credentials, FetchOptions, FetchService, FetchTask, Request, Response};
#[derive(Default)] #[derive(Default)]
pub struct HostService {} pub struct HostService {}
fn get_default_options() -> FetchOptions {
FetchOptions {
credentials: Some(Credentials::SameOrigin),
..FetchOptions::default()
}
}
fn get_claims_from_jwt(jwt: &str) -> Result<JWTClaims> { fn get_claims_from_jwt(jwt: &str) -> Result<JWTClaims> {
use jwt::*; use jwt::*;
let token = Token::<header::Header, JWTClaims, token::Unverified>::parse_unverified(jwt)?; let token = Token::<header::Header, JWTClaims, token::Unverified>::parse_unverified(jwt)?;
Ok(token.claims().clone()) Ok(token.claims().clone())
} }
const NO_BODY: Option<()> = None; fn create_handler<Resp, CallbackResult, F>(
callback: Callback<Result<CallbackResult>>,
async fn call_server( handler: F,
url: &str, ) -> Callback<Response<Result<Resp>>>
body: Option<impl Serialize>,
error_message: &'static str,
) -> Result<String> {
let mut request = Request::new(url)
.header("Content-Type", "application/json")
.credentials(RequestCredentials::SameOrigin);
if let Some(b) = body {
request = request
.body(serde_json::to_string(&b)?)
.method(Method::POST);
}
let response = request.send().await?;
if response.ok() {
Ok(response.text().await?)
} else {
Err(anyhow!(
"{}[{} {}]: {}",
error_message,
response.status(),
response.status_text(),
response.text().await?
))
}
}
async fn call_server_json_with_error_message<CallbackResult, Body: Serialize>(
url: &str,
request: Option<Body>,
error_message: &'static str,
) -> Result<CallbackResult>
where where
CallbackResult: DeserializeOwned + 'static, F: Fn(http::StatusCode, Resp) -> Result<CallbackResult> + 'static,
CallbackResult: 'static,
{ {
let data = call_server(url, request, error_message).await?; Callback::once(move |response: Response<Result<Resp>>| {
serde_json::from_str(&data).context("Could not parse response") let (meta, maybe_data) = response.into_parts();
let message = maybe_data
.context("Could not reach server")
.and_then(|data| handler(meta.status, data));
callback.emit(message)
})
} }
async fn call_server_empty_response_with_error_message<Body: Serialize>( struct RequestBody<T>(T);
impl<'a, R> From<&'a R> for RequestBody<Json<&'a R>>
where
R: serde::ser::Serialize,
{
fn from(request: &'a R) -> Self {
Self(Json(request))
}
}
impl From<yew::format::Nothing> for RequestBody<yew::format::Nothing> {
fn from(request: yew::format::Nothing) -> Self {
Self(request)
}
}
fn call_server<Req, CallbackResult, F, RB>(
url: &str, url: &str,
request: Option<Body>, request: RB,
callback: Callback<Result<CallbackResult>>,
error_message: &'static str, error_message: &'static str,
) -> Result<()> { parse_response: F,
call_server(url, request, error_message).await.map(|_| ()) ) -> Result<FetchTask>
where
F: Fn(String) -> Result<CallbackResult> + 'static,
CallbackResult: 'static,
RB: Into<RequestBody<Req>>,
Req: Into<yew::format::Text>,
{
let request = {
// If the request type is empty (if the size is 0), it's a get.
if std::mem::size_of::<RB>() == 0 {
Request::get(url)
} else {
Request::post(url)
}
}
.header("Content-Type", "application/json")
.body(request.into().0)?;
let handler = create_handler(callback, move |status: http::StatusCode, data: String| {
if status.is_success() {
parse_response(data)
} else {
Err(anyhow!("{}[{}]: {}", error_message, status, data))
}
});
FetchService::fetch_with_options(request, get_default_options(), handler)
} }
fn set_cookies_from_jwt(response: login::ServerLoginResponse) -> Result<(String, bool)> { fn call_server_json_with_error_message<CallbackResult, RB, Req>(
let jwt_claims = get_claims_from_jwt(response.token.as_str()).context("Could not parse JWT")?; url: &str,
let is_admin = jwt_claims.groups.contains("lldap_admin"); request: RB,
set_cookie("user_id", &jwt_claims.user, &jwt_claims.exp) callback: Callback<Result<CallbackResult>>,
.map(|_| set_cookie("is_admin", &is_admin.to_string(), &jwt_claims.exp)) error_message: &'static str,
.map(|_| (jwt_claims.user.clone(), is_admin)) ) -> Result<FetchTask>
.context("Error setting cookie") where
CallbackResult: serde::de::DeserializeOwned + 'static,
RB: Into<RequestBody<Req>>,
Req: Into<yew::format::Text>,
{
call_server(url, request, callback, error_message, |data: String| {
serde_json::from_str(&data).context("Could not parse response")
})
}
fn call_server_empty_response_with_error_message<RB, Req>(
url: &str,
request: RB,
callback: Callback<Result<()>>,
error_message: &'static str,
) -> Result<FetchTask>
where
RB: Into<RequestBody<Req>>,
Req: Into<yew::format::Text>,
{
call_server(
url,
request,
callback,
error_message,
|_data: String| Ok(()),
)
} }
impl HostService { impl HostService {
pub async fn graphql_query<QueryType>( pub fn graphql_query<QueryType>(
variables: QueryType::Variables, variables: QueryType::Variables,
callback: Callback<Result<QueryType::ResponseData>>,
error_message: &'static str, error_message: &'static str,
) -> Result<QueryType::ResponseData> ) -> Result<FetchTask>
where where
QueryType: GraphQLQuery + 'static, QueryType: GraphQLQuery + 'static,
{ {
@ -95,103 +147,143 @@ impl HostService {
) )
}) })
}; };
let parse_graphql_response = move |data: String| {
serde_json::from_str(&data)
.context("Could not parse response")
.and_then(unwrap_graphql_response)
};
let request_body = QueryType::build_query(variables); let request_body = QueryType::build_query(variables);
call_server_json_with_error_message::<graphql_client::Response<_>, _>( call_server(
"/api/graphql", "/api/graphql",
Some(request_body), &request_body,
callback,
error_message, error_message,
parse_graphql_response,
) )
.await
.and_then(unwrap_graphql_response)
} }
pub async fn login_start( pub fn login_start(
request: login::ClientLoginStartRequest, request: login::ClientLoginStartRequest,
) -> Result<Box<login::ServerLoginStartResponse>> { callback: Callback<Result<Box<login::ServerLoginStartResponse>>>,
) -> Result<FetchTask> {
call_server_json_with_error_message( call_server_json_with_error_message(
"/auth/opaque/login/start", "/auth/opaque/login/start",
Some(request), &request,
callback,
"Could not start authentication: ", "Could not start authentication: ",
) )
.await
} }
pub async fn login_finish(request: login::ClientLoginFinishRequest) -> Result<(String, bool)> { pub fn login_finish(
call_server_json_with_error_message::<login::ServerLoginResponse, _>( request: login::ClientLoginFinishRequest,
callback: Callback<Result<(String, bool)>>,
) -> Result<FetchTask> {
let set_cookies = |jwt_claims: JWTClaims| {
let is_admin = jwt_claims.groups.contains("lldap_admin");
set_cookie("user_id", &jwt_claims.user, &jwt_claims.exp)
.map(|_| set_cookie("is_admin", &is_admin.to_string(), &jwt_claims.exp))
.map(|_| (jwt_claims.user.clone(), is_admin))
.context("Error clearing cookie")
};
let parse_token = move |data: String| {
serde_json::from_str::<login::ServerLoginResponse>(&data)
.context("Could not parse response")
.and_then(|r| {
get_claims_from_jwt(r.token.as_str())
.context("Could not parse response")
.and_then(set_cookies)
})
};
call_server(
"/auth/opaque/login/finish", "/auth/opaque/login/finish",
Some(request), &request,
callback,
"Could not finish authentication", "Could not finish authentication",
parse_token,
) )
.await
.and_then(set_cookies_from_jwt)
} }
pub async fn register_start( pub fn register_start(
request: registration::ClientRegistrationStartRequest, request: registration::ClientRegistrationStartRequest,
) -> Result<Box<registration::ServerRegistrationStartResponse>> { callback: Callback<Result<Box<registration::ServerRegistrationStartResponse>>>,
) -> Result<FetchTask> {
call_server_json_with_error_message( call_server_json_with_error_message(
"/auth/opaque/register/start", "/auth/opaque/register/start",
Some(request), &request,
callback,
"Could not start registration: ", "Could not start registration: ",
) )
.await
} }
pub async fn register_finish( pub fn register_finish(
request: registration::ClientRegistrationFinishRequest, request: registration::ClientRegistrationFinishRequest,
) -> Result<()> { callback: Callback<Result<()>>,
) -> Result<FetchTask> {
call_server_empty_response_with_error_message( call_server_empty_response_with_error_message(
"/auth/opaque/register/finish", "/auth/opaque/register/finish",
Some(request), &request,
callback,
"Could not finish registration", "Could not finish registration",
) )
.await
} }
pub async fn refresh() -> Result<(String, bool)> { pub fn refresh(_request: (), callback: Callback<Result<(String, bool)>>) -> Result<FetchTask> {
call_server_json_with_error_message::<login::ServerLoginResponse, _>( let set_cookies = |jwt_claims: JWTClaims| {
let is_admin = jwt_claims.groups.contains("lldap_admin");
set_cookie("user_id", &jwt_claims.user, &jwt_claims.exp)
.map(|_| set_cookie("is_admin", &is_admin.to_string(), &jwt_claims.exp))
.map(|_| (jwt_claims.user.clone(), is_admin))
.context("Error clearing cookie")
};
let parse_token = move |data: String| {
serde_json::from_str::<login::ServerLoginResponse>(&data)
.context("Could not parse response")
.and_then(|r| {
get_claims_from_jwt(r.token.as_str())
.context("Could not parse response")
.and_then(set_cookies)
})
};
call_server(
"/auth/refresh", "/auth/refresh",
NO_BODY, yew::format::Nothing,
callback,
"Could not start authentication: ", "Could not start authentication: ",
parse_token,
) )
.await
.and_then(set_cookies_from_jwt)
} }
// The `_request` parameter is to make it the same shape as the other functions. // The `_request` parameter is to make it the same shape as the other functions.
pub async fn logout() -> Result<()> { pub fn logout(_request: (), callback: Callback<Result<()>>) -> Result<FetchTask> {
call_server_empty_response_with_error_message("/auth/logout", NO_BODY, "Could not logout") call_server_empty_response_with_error_message(
.await "/auth/logout",
yew::format::Nothing,
callback,
"Could not logout",
)
} }
pub async fn reset_password_step1(username: String) -> Result<()> { pub fn reset_password_step1(
username: &str,
callback: Callback<Result<()>>,
) -> Result<FetchTask> {
call_server_empty_response_with_error_message( call_server_empty_response_with_error_message(
&format!("/auth/reset/step1/{}", url_escape::encode_query(&username)), &format!("/auth/reset/step1/{}", username),
NO_BODY, yew::format::Nothing,
callback,
"Could not initiate password reset", "Could not initiate password reset",
) )
.await
} }
pub async fn reset_password_step2( pub fn reset_password_step2(
token: String, token: &str,
) -> Result<lldap_auth::password_reset::ServerPasswordResetResponse> { callback: Callback<Result<lldap_auth::password_reset::ServerPasswordResetResponse>>,
) -> Result<FetchTask> {
call_server_json_with_error_message( call_server_json_with_error_message(
&format!("/auth/reset/step2/{}", token), &format!("/auth/reset/step2/{}", token),
NO_BODY, yew::format::Nothing,
callback,
"Could not validate token", "Could not validate token",
) )
.await
}
pub async fn probe_password_reset() -> Result<bool> {
Ok(
gloo_net::http::Request::get("/auth/reset/step1/lldap_unlikely_very_long_user_name")
.header("Content-Type", "application/json")
.send()
.await?
.status()
!= http::StatusCode::NOT_FOUND,
)
} }
} }

134
app/src/infra/common_component.rs
View File

@ -21,28 +21,21 @@
//! [`CommonComponentParts::update`]. This will in turn call [`CommonComponent::handle_msg`] and //! [`CommonComponentParts::update`]. This will in turn call [`CommonComponent::handle_msg`] and
//! take care of error and task handling. //! take care of error and task handling.
use std::{
future::Future,
marker::PhantomData,
sync::{Arc, Mutex},
};
use crate::infra::api::HostService; use crate::infra::api::HostService;
use anyhow::{Error, Result}; use anyhow::{Error, Result};
use gloo_console::error;
use graphql_client::GraphQLQuery; use graphql_client::GraphQLQuery;
use yew::prelude::*; use yew::{
prelude::*,
services::{fetch::FetchTask, ConsoleService},
};
use yewtil::NeqAssign;
/// Trait required for common components. /// Trait required for common components.
pub trait CommonComponent<C: Component + CommonComponent<C>>: Component { pub trait CommonComponent<C: Component + CommonComponent<C>>: Component {
/// Handle the incoming message. If an error is returned here, any running task will be /// Handle the incoming message. If an error is returned here, any running task will be
/// cancelled, the error will be written to the [`CommonComponentParts::error`] and the /// cancelled, the error will be written to the [`CommonComponentParts::error`] and the
/// component will be refreshed. /// component will be refreshed.
fn handle_msg( fn handle_msg(&mut self, msg: <Self as Component>::Message) -> Result<bool>;
&mut self,
ctx: &Context<Self>,
msg: <Self as Component>::Message,
) -> Result<bool>;
/// Get a mutable reference to the inner component parts, necessary for the CRTP. /// Get a mutable reference to the inner component parts, necessary for the CRTP.
fn mut_common(&mut self) -> &mut CommonComponentParts<C>; fn mut_common(&mut self) -> &mut CommonComponentParts<C>;
} }
@ -50,33 +43,41 @@ pub trait CommonComponent<C: Component + CommonComponent<C>>: Component {
/// Structure that contains the common parts needed by most components. /// Structure that contains the common parts needed by most components.
/// The fields of [`props`] are directly accessible through a `Deref` implementation. /// The fields of [`props`] are directly accessible through a `Deref` implementation.
pub struct CommonComponentParts<C: CommonComponent<C>> { pub struct CommonComponentParts<C: CommonComponent<C>> {
link: ComponentLink<C>,
pub props: <C as Component>::Properties,
pub error: Option<Error>, pub error: Option<Error>,
is_task_running: Arc<Mutex<bool>>, task: Option<FetchTask>,
_phantom: PhantomData<C>,
} }
impl<C: CommonComponent<C>> CommonComponentParts<C> { impl<C: CommonComponent<C>> CommonComponentParts<C> {
pub fn create() -> Self {
CommonComponentParts {
error: None,
is_task_running: Arc::new(Mutex::new(false)),
_phantom: PhantomData::<C>,
}
}
/// Whether there is a currently running task in the background. /// Whether there is a currently running task in the background.
pub fn is_task_running(&self) -> bool { pub fn is_task_running(&self) -> bool {
*self.is_task_running.lock().unwrap() self.task.is_some()
}
/// Cancel any background task.
pub fn cancel_task(&mut self) {
self.task = None;
}
pub fn create(props: <C as Component>::Properties, link: ComponentLink<C>) -> Self {
Self {
link,
props,
error: None,
task: None,
}
} }
/// This should be called from the [`yew::prelude::Component::update`]: it will in turn call /// This should be called from the [`yew::prelude::Component::update`]: it will in turn call
/// [`CommonComponent::handle_msg`] and handle any resulting error. /// [`CommonComponent::handle_msg`] and handle any resulting error.
pub fn update(com: &mut C, ctx: &Context<C>, msg: <C as Component>::Message) -> bool { pub fn update(com: &mut C, msg: <C as Component>::Message) -> ShouldRender {
com.mut_common().error = None; com.mut_common().error = None;
match com.handle_msg(ctx, msg) { match com.handle_msg(msg) {
Err(e) => { Err(e) => {
error!(&e.to_string()); ConsoleService::error(&e.to_string());
com.mut_common().error = Some(e); com.mut_common().error = Some(e);
assert!(!*com.mut_common().is_task_running.lock().unwrap()); com.mut_common().cancel_task();
true true
} }
Ok(b) => b, Ok(b) => b,
@ -86,11 +87,10 @@ impl<C: CommonComponent<C>> CommonComponentParts<C> {
/// Same as above, but the resulting error is instead passed to the reporting function. /// Same as above, but the resulting error is instead passed to the reporting function.
pub fn update_and_report_error( pub fn update_and_report_error(
com: &mut C, com: &mut C,
ctx: &Context<C>,
msg: <C as Component>::Message, msg: <C as Component>::Message,
report_fn: Callback<Error>, report_fn: Callback<Error>,
) -> bool { ) -> ShouldRender {
let should_render = Self::update(com, ctx, msg); let should_render = Self::update(com, msg);
com.mut_common() com.mut_common()
.error .error
.take() .take()
@ -101,24 +101,38 @@ impl<C: CommonComponent<C>> CommonComponentParts<C> {
.unwrap_or(should_render) .unwrap_or(should_render)
} }
/// Call `method` from the backend with the given `request`, and pass the `callback` for the /// This can be called from [`yew::prelude::Component::update`]: it will check if the
/// result. /// properties have changed and return whether the component should update.
pub fn call_backend<Fut, Cb, Resp>(&mut self, ctx: &Context<C>, fut: Fut, callback: Cb) pub fn change(&mut self, props: <C as Component>::Properties) -> ShouldRender
where where
Fut: Future<Output = Resp> + 'static, <C as yew::Component>::Properties: std::cmp::PartialEq,
{
self.props.neq_assign(props)
}
/// Create a callback from the link.
pub fn callback<F, IN, M>(&self, function: F) -> Callback<IN>
where
M: Into<C::Message>,
F: Fn(IN) -> M + 'static,
{
self.link.callback(function)
}
/// Call `method` from the backend with the given `request`, and pass the `callback` for the
/// result. Returns whether _starting the call_ failed.
pub fn call_backend<M, Req, Cb, Resp>(
&mut self,
method: M,
req: Req,
callback: Cb,
) -> Result<()>
where
M: Fn(Req, Callback<Resp>) -> Result<FetchTask>,
Cb: FnOnce(Resp) -> <C as Component>::Message + 'static, Cb: FnOnce(Resp) -> <C as Component>::Message + 'static,
{ {
{ self.task = Some(method(req, self.link.callback_once(callback))?);
let mut running = self.is_task_running.lock().unwrap(); Ok(())
assert!(!*running);
*running = true;
}
let is_task_running = self.is_task_running.clone();
ctx.link().send_future(async move {
let res = fut.await;
*is_task_running.lock().unwrap() = false;
callback(res)
});
} }
/// Call the backend with a GraphQL query. /// Call the backend with a GraphQL query.
@ -126,7 +140,6 @@ impl<C: CommonComponent<C>> CommonComponentParts<C> {
/// `EnumCallback` should usually be left as `_`. /// `EnumCallback` should usually be left as `_`.
pub fn call_graphql<QueryType, EnumCallback>( pub fn call_graphql<QueryType, EnumCallback>(
&mut self, &mut self,
ctx: &Context<C>,
variables: QueryType::Variables, variables: QueryType::Variables,
enum_callback: EnumCallback, enum_callback: EnumCallback,
error_message: &'static str, error_message: &'static str,
@ -134,10 +147,29 @@ impl<C: CommonComponent<C>> CommonComponentParts<C> {
QueryType: GraphQLQuery + 'static, QueryType: GraphQLQuery + 'static,
EnumCallback: Fn(Result<QueryType::ResponseData>) -> <C as Component>::Message + 'static, EnumCallback: Fn(Result<QueryType::ResponseData>) -> <C as Component>::Message + 'static,
{ {
self.call_backend( self.task = HostService::graphql_query::<QueryType>(
ctx, variables,
HostService::graphql_query::<QueryType>(variables, error_message), self.link.callback(enum_callback),
enum_callback, error_message,
); )
.map_err::<(), _>(|e| {
ConsoleService::log(&e.to_string());
self.error = Some(e);
})
.ok();
}
}
impl<C: Component + CommonComponent<C>> std::ops::Deref for CommonComponentParts<C> {
type Target = <C as Component>::Properties;
fn deref(&self) -> &<Self as std::ops::Deref>::Target {
&self.props
}
}
impl<C: Component + CommonComponent<C>> std::ops::DerefMut for CommonComponentParts<C> {
fn deref_mut(&mut self) -> &mut <Self as std::ops::Deref>::Target {
&mut self.props
} }
} }

6
app/src/infra/cookies.rs
View File

@ -53,11 +53,7 @@ pub fn get_cookie(cookie_name: &str) -> Result<Option<String>> {
pub fn delete_cookie(cookie_name: &str) -> Result<()> { pub fn delete_cookie(cookie_name: &str) -> Result<()> {
if get_cookie(cookie_name)?.is_some() { if get_cookie(cookie_name)?.is_some() {
set_cookie( set_cookie(cookie_name, "", &Utc.ymd(1970, 1, 1).and_hms(0, 0, 0))
cookie_name,
"",
&Utc.with_ymd_and_hms(1970, 1, 1, 0, 0, 0).unwrap(),
)
} else { } else {
Ok(()) Ok(())
} }

10
app/src/infra/modal.rs
View File

@ -1,16 +1,16 @@
use wasm_bindgen::prelude::*; use wasm_bindgen::prelude::*;
#[wasm_bindgen] #[wasm_bindgen(module = "bootstrap")]
extern "C" { extern "C" {
#[wasm_bindgen(js_namespace = bootstrap)] #[wasm_bindgen]
pub type Modal; pub type Modal;
#[wasm_bindgen(constructor, js_namespace = bootstrap)] #[wasm_bindgen(constructor)]
pub fn new(e: web_sys::Element) -> Modal; pub fn new(e: web_sys::Element) -> Modal;
#[wasm_bindgen(method, js_namespace = bootstrap)] #[wasm_bindgen(method)]
pub fn show(this: &Modal); pub fn show(this: &Modal);
#[wasm_bindgen(method, js_namespace = bootstrap)] #[wasm_bindgen(method)]
pub fn hide(this: &Modal); pub fn hide(this: &Modal);
} }

6
app/src/lib.rs
View File

@ -1,8 +1,6 @@
#![recursion_limit = "256"] #![recursion_limit = "256"]
#![forbid(non_ascii_idents)] #![forbid(non_ascii_idents)]
#![allow(clippy::uninlined_format_args)] #![allow(clippy::nonstandard_macro_braces)]
#![allow(clippy::let_unit_value)]
pub mod components; pub mod components;
pub mod infra; pub mod infra;
@ -10,7 +8,7 @@ use wasm_bindgen::prelude::{wasm_bindgen, JsValue};
#[wasm_bindgen] #[wasm_bindgen]
pub fn run_app() -> Result<(), JsValue> { pub fn run_app() -> Result<(), JsValue> {
yew::start_app::<components::app::AppContainer>(); yew::start_app::<components::app::App>();
Ok(()) Ok(())
} }

3
app/static/libraries.txt
View File

@ -1,5 +1,4 @@
https://cdn.jsdelivr.net/npm/bootstrap-dark-5@1.1.3/dist/css/bootstrap-nightshade.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/css/bootstrap.min.css
https://cdn.jsdelivr.net/npm/bootstrap-dark-5@1.1.3/dist/js/darkmode.min.js
https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

10
app/static/main.js
View File

@ -1,10 +0,0 @@
import init, { run_app } from '/pkg/lldap_app.js';
async function main() {
if(navigator.userAgent.indexOf('AppleWebKit') != -1) {
await init('/pkg/lldap_app_bg.wasm');
} else {
await init('/pkg/lldap_app_bg.wasm.gz');
}
run_app();
}
main()

22
app/static/style.css
View File

@ -1,4 +1,4 @@
header h2 { header h1 {
font-family: 'Bebas Neue', cursive; font-family: 'Bebas Neue', cursive;
} }
@ -10,23 +10,3 @@ header h2 {
font-weight: 700; font-weight: 700;
text-decoration: none; text-decoration: none;
} }
html.dark .bg-light {
background-color: rgba(59,59,59,1) !important;
}
html.dark a {
color: #e1e1e1
}
a {
color: #212529
}
html.dark .nav-link {
color: #e1e1e1
}
.nav-link {
color: #212529
}

2
auth/Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "lldap_auth" name = "lldap_auth"
version = "0.3.0" version = "0.3.0-alpha.1"
authors = ["Valentin Tolmer <valentin@tolmer.fr>"] authors = ["Valentin Tolmer <valentin@tolmer.fr>"]
edition = "2021" edition = "2021"

25
docker-entrypoint.sh
View File

@ -1,6 +1,20 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
for SECRET in LLDAP_JWT_SECRET LLDAP_LDAP_USER_PASS; do
FILE_VAR="${SECRET}_FILE"
SECRET_FILE="${!FILE_VAR:-}"
if [[ -n "$SECRET_FILE" ]]; then
if [[ -f "$SECRET_FILE" ]]; then
declare "$SECRET=$(cat $SECRET_FILE)"
export "$SECRET"
echo "[entrypoint] Set $SECRET from $SECRET_FILE"
else
echo "[entrypoint] Could not read contents of $SECRET_FILE (specified in $FILE_VAR)" >&2
fi
fi
done
CONFIG_FILE=/data/lldap_config.toml CONFIG_FILE=/data/lldap_config.toml
if [[ ( ! -w "/data" ) ]] || [[ ( ! -d "/data" ) ]]; then if [[ ( ! -w "/data" ) ]] || [[ ( ! -d "/data" ) ]]; then
@ -21,13 +35,4 @@ if [[ ! -r "$CONFIG_FILE" ]]; then
exit 1; exit 1;
fi fi
echo "> Setup permissions.." exec /app/lldap "$@"
find /app \! -user "$UID" -exec chown "$UID:$GID" '{}' +
find /data \! -user "$UID" -exec chown "$UID:$GID" '{}' +
echo "> Starting lldap.."
echo ""
exec gosu "$UID:$GID" /app/lldap "$@"
exec "$@"

6
docs/architecture.md
View File

@ -26,9 +26,9 @@ Frontend:
Data storage: Data storage:
* The data (users, groups, memberships, active JWTs, ...) is stored in SQL. * The data (users, groups, memberships, active JWTs, ...) is stored in SQL.
* The main SQL DBs are supported: SQLite by default, MySQL, MariaDB, PostgreSQL * Currently only SQLite is supported (see
(see [DB Migration](/database_migration.md) for how to migrate off of https://github.com/launchbadge/sqlx/issues/1225 for what blocks us from
SQLite). supporting more SQL backends).
### Code organization ### Code organization

BIN
docs/cookie.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 61 KiB

109
docs/database_migration.md
View File

@ -1,109 +0,0 @@
# Migration
Existing servers can migrate from one database backend to another. This page includes guidance for migrating from SQLite - similar concepts apply when migrating from databases of other types.
NOTE: [pgloader](https://github.com/dimitri/pgloader) is a tool that can easily migrate to PostgreSQL from other databases. Consider it if your target database is PostgreSQL
The process is as follows:
1. Create empty schema on target database
2. Stop/pause LLDAP and dump existing values
3. Sanitize for target DB (not always required)
4. Insert data into target
5. Change LLDAP config to new target and restart
The steps below assume you already have PostgreSQL or MySQL set up with an empty database for LLDAP to use.
## Create schema on target
LLDAP has a command that will connect to a target database and initialize the
schema. If running with docker, run the following command to use your active
instance (this has the benefit of ensuring your container has access):
```
docker exec -it <LLDAP container name> /app/lldap create_schema -d <Target database url>
```
If it succeeds, you can proceed to the next step.
## Create a dump of existing data
We want to dump (almost) all existing values to some file - the exception being the `metadata` table (and sometimes
the `sqlite_sequence` table, when it exists). Be sure to stop/pause LLDAP during this step, as some
databases (SQLite in this example) will give an error if LLDAP is in the middle of a write. The dump should consist just INSERT
statements. There are various ways to do this, but a simple enough way is filtering a
whole database dump. This repo contains [a script](/scripts/sqlite_dump_commands.sh) to generate SQLite commands for creating an appropriate dump:
```
./sqlite_dump_commands.sh | sqlite3 /path/to/lldap/config/users.db > /path/to/dump.sql
```
## Sanitize data
Some databases might use different formats for some data - for example, PostgreSQL uses
a different syntax for hex strings than SQLite. We also want to make sure inserts are done in
a transaction in case one of the statements fail.
### To PostgreSQL
PostgreSQL uses a different hex string format. The command below should switch SQLite
format to PostgreSQL format, and wrap it all in a transaction:
```
sed -i -r -e "s/X'([[:xdigit:]]+'[^'])/'\\\x\\1/g" \
-e '1s/^/BEGIN;\n/' \
-e '$aCOMMIT;' /path/to/dump.sql
```
### To MySQL
MySQL mostly cooperates, but it gets some errors if you don't escape the `groups` table. It also uses
backticks to escape table name instead of quotes. Run the
following command to wrap all table names in backticks for good measure, and wrap the inserts in
a transaction:
```
sed -i -r -e 's/^INSERT INTO "?([a-zA-Z0-9_]+)"?/INSERT INTO `\1`/' \
-e '1s/^/START TRANSACTION;\n/' \
-e '$aCOMMIT;' \
-e '1 i\SET FOREIGN_KEY_CHECKS = 0;' /path/to/dump.sql
```
### To MariaDB
While MariaDB is supposed to be identical to MySQL, it doesn't support timezone offsets on DATETIME
strings. Use the following command to remove those and perform the additional MySQL sanitization:
```
sed -i -r -e "s/([^']'[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{9})\+00:00'([^'])/\1'\2/g" \
-e 's/^INSERT INTO "?([a-zA-Z0-9_]+)"?/INSERT INTO `\1`/' \
-e '1s/^/START TRANSACTION;\n/' \
-e '$aCOMMIT;' \
-e '1 i\SET FOREIGN_KEY_CHECKS = 0;' /path/to/dump.sql
```
## Insert data
Insert the data generated from the previous step into the target database. If you encounter errors,
you may need to manually tweak your dump, or make changed in LLDAP and recreate the dump.
### PostgreSQL
`psql -d <database> -U <username> -W < /path/to/dump.sql`
or
`psql -d <database> -U <username> -W -f /path/to/dump.sql`
### MySQL
`mysql -u <username> -p <database> < /path/to/dump.sql`
## Switch to new database
Modify your `database_url` in `lldap_config.toml` (or `LLDAP_DATABASE_URL` in the env)
to point to your new database (the same value used when generating schema). Restart
LLDAP and check the logs to ensure there were no errors.
#### More details/examples can be seen in the CI process [here](https://raw.githubusercontent.com/nitnelave/lldap/main/.github/workflows/docker-build-static.yml), look for the job `lldap-database-migration-test`

90
docs/scripting.md
View File

@ -1,90 +0,0 @@
# Scripting
Programmatically accessing LLDAP can be done either through the LDAP protocol,
or via the GraphQL API.
## LDAP
Most _read-only_ queries about users and groups are supported. Anything not
supported would be considered a missing feature or a bug.
Most _modification_ queries are not supported, except for creating users and
changing the password (through the extended password operation). Those could be
added in the future, on a case-by-case basis.
Most _meta_-queries about the LDAP server itself are not supported and are out
of scope. That includes anything that touches the schema, for instance. LLDAP
still supports basic RootDSE queries.
Anonymous bind is not supported.
## GraphQL
The best way to interact with LLDAP programmatically is via the GraphQL
interface. You can use any language that has a GraphQL library (most of them
do), and use the [GraphQL Schema](../schema.graphql) to guide your queries.
### Getting a token
You'll need a JWT (authentication token) to issue GraphQL queries. Your view of
the system will be limited by the rights of your user. In particular, regular
users can only see themselves and the groups they belong to (but not other
members of these groups, for instance).
#### Manually
Log in to the web front-end of LLDAP. Then open the developer tools (F12), find
the "Storage > Cookies", and you'll find the "token" cookie with your JWT.
![Cookies menu with a JWT](cookie.png)
#### Automatically
The easiest way is to send a json POST request to `/auth/simple/login` with
`{"username": "john", "password": "1234"}` in the body.
Then you'll receive a JSON response with:
```
{
"token": "eYbat...",
"refreshToken": "3bCka...",
}
```
### Using the token
You can use the token directly, either as a cookie, or as a bearer auth token
(add an "Authorization" header with contents `"Bearer <token>"`).
The JWT is valid for 1 day (unless you log out explicitly).
You can use the refresh token to query `/auth/refresh` and get another JWT. The
refresh token is valid for 30 days.
### Testing your GraphQL queries
You can go to `/api/graphql/playground` to test your queries and explore the
data in the playground. You'll need to provide the JWT in the headers:
```
{ "Authorization": "Bearer abcdef123..." }
```
Then you can enter your query, for instance:
```graphql
{
user(userId:"admin") {
displayName
}
groups {
id
displayName
users {
id
email
}
}
}
```
The schema is on the right, along with some basic docs.

26
example_configs/airsonic-advanced.md
View File

@ -1,26 +0,0 @@
# Configuration for Airsonic Advanced
Replace `dc=example,dc=com` with your LLDAP configured domain.
### LDAP URL
```
ldap://lldap:3890/ou=people,dc=example,dc=com
```
### LDAP search filter
```
(&(uid={0})(memberof=cn=airsonic,ou=groups,dc=example,dc=com))
```
### LDAP manager DN
```
cn=admin,ou=people,dc=example,dc=com
```
### Password
```
admin-password
```
Make sure the box `Automatically create users in Airsonic` is checked.
Restart airsonic-advanced

4
example_configs/authelia_config.yml
View File

@ -30,11 +30,11 @@ authentication_backend:
additional_users_dn: ou=people additional_users_dn: ou=people
# To allow sign in both with username and email, one can use a filter like # To allow sign in both with username and email, one can use a filter like
# (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) # (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
users_filter: "(&({username_attribute}={input})(objectClass=person))" users_filter: (&({username_attribute}={input})(objectClass=person))
# Set this to ou=groups, because all groups are stored in this ou # Set this to ou=groups, because all groups are stored in this ou
additional_groups_dn: ou=groups additional_groups_dn: ou=groups
# Only this filter is supported right now # Only this filter is supported right now
groups_filter: "(member={dn})" groups_filter: (member={dn})
# The attribute holding the name of the group. # The attribute holding the name of the group.
group_name_attribute: cn group_name_attribute: cn
# Email attribute # Email attribute

105
example_configs/authentik.md
View File

@ -1,105 +0,0 @@
# Name
```
lldap
```
# Slug
```
lldap
```
- [x] Enabled
- [x] Sync Users
- [x] User password writeback
- [x] Sync groups
# Connection settings
## Server URI
```
ldap://lldap:3890
```
- [ ] Enable StartTLS
## TLS Verification Certificate
```
---------
```
## Bind CN
```
uid=admin,ou=people,dc=example,dc=com
```
## Bind Password
```
ADMIN_PASSWORD
```
## Base DN
```
dc=example,dc=com
```
# LDAP Attribute mapping
## User Property Mappings
- [x] authentik default LDAP Mapping: mail
- [x] authentik default LDAP Mapping: Name
- [x] authentik default Active Directory Mapping: givenName
- [ ] authentik default Active Directory Mapping: sAMAccountName
- [x] authentik default Active Directory Mapping: sn
- [ ] authentik default Active Directory Mapping: userPrincipalName
- [x] authentik default OpenLDAP Mapping: cn
- [x] authentik default OpenLDAP Mapping: uid
## Group Property Mappings
- [ ] authentik default LDAP Mapping: mail
- [ ] authentik default LDAP Mapping: Name
- [ ] authentik default Active Directory Mapping: givenName
- [ ] authentik default Active Directory Mapping: sAMAccountName
- [ ] authentik default Active Directory Mapping: sn
- [ ] authentik default Active Directory Mapping: userPrincipalName
- [x] authentik default OpenLDAP Mapping: cn
- [ ] authentik default OpenLDAP Mapping: uid
# Additional settings
## Group
```
---------
```
## User path
```
LDAP/users
```
## Addition User DN
```
ou=people
```
## Addition Group DN
```
ou=groups
```
## User object filter
```
(objectClass=person)
```
## Group object filter
```
(objectClass=groupOfUniqueNames)
```
## Group membership field
```
member
```
## Object uniqueness field
```
uid
```

57
example_configs/dell_idrac.md
View File

@ -1,57 +0,0 @@
# Configuration for Dell iDRAC
## iDRAC 9
iDRAC 9 can only be connected to LDAPS, so make sure you have that enabled.
The settings then are as follows:
### Use Distinguished Name to Search Group Membership
```
Enabled
```
### LDAP Server Address
```
Your server address eg. localhost
```
### LDAP Server Port
```
Your LDAPS port, eg. 6360 or 636
```
### Bind DN
```
uid=admin,ou=people,dc=example,dc=com
```
### Bind Password
```
Enabled
```
### Bind Password
```
Your admin user password
```
### Attribute of User Login
```
uid
```
### Attribute of Group Membership
```
member
```
### Search Filter
```
(&(objectClass=person)(memberof=cn=idrac_users,ou=groups,dc=example,dc=com))
```
For the Group Role Mappings, you define groups by their full `Group DN`, eg.
```
cn=idrac_users,ou=groups,dc=example,dc=com
```

32
example_configs/dex_config.yml
View File

@ -1,32 +0,0 @@
# lldap configuration:
# LLDAP_LDAP_BASE_DN: dc=example,dc=com
# ##############################
# rest of the Dex options
# ##############################
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: lldap-host # make sure it does not start with `ldap://`
port: 3890 # or 6360 if you have ldaps enabled
insecureNoSSL: true # or false if you have ldaps enabled
insecureSkipVerify: true # or false if you have ldaps enabled
bindDN: uid=admin,ou=people,dc=example,dc=com # replace admin with your admin user
bindPW: very-secure-password # replace with your admin password
userSearch:
baseDN: ou=people,dc=example,dc=com
username: uid
idAttr: uid
emailAttr: mail
nameAttr: displayName
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=groups,dc=example,dc=com
filter: "(objectClass=groupOfUniqueNames)"
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn

25
example_configs/dokuwiki.md
View File

@ -1,25 +0,0 @@
# Configuration for dokuwiki
LDAP configuration is in ```/dokuwiki/conf/local.protected.php```:
```
<?php
$conf['useacl'] = 1; //enable ACL
$conf['authtype'] = 'authldap'; //enable this Auth plugin
$conf['plugin']['authldap']['server'] = 'ldap://lldap_server:3890'; #IP of your lldap
$conf['plugin']['authldap']['usertree'] = 'ou=people,dc=example,dc=com';
$conf['plugin']['authldap']['grouptree'] = 'ou=groups, dc=example, dc=com';
$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=person))';
$conf['plugin']['authldap']['groupfilter'] = '(objectClass=group)';
$conf['plugin']['authldap']['attributes'] = array('cn', 'displayname', 'mail', 'givenname', 'objectclass', 'sn', 'uid', 'memberof');
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['binddn'] = 'cn=admin,ou=people,dc=example,dc=com';
$conf['plugin']['authldap']['bindpw'] = 'ENTER_YOUR_LLDAP_PASSWORD';
```
DokuWiki by default, ships with an LDAP Authentication Plugin called ```authLDAP``` that allows authentication against an LDAP directory.
All you need to do is to activate the plugin. This can be done on the DokuWiki Extensions Manager.
Once the LDAP settings are defined, proceed to define the default authentication method.
Navigate to Table of Contents > DokuWiki > Authentication.
On the Authentication backend, select ```authldap``` and save the changes.

29
example_configs/gitea.md
View File

@ -1,4 +1,4 @@
# Configuration for Gitea (& Forgejo) # Configuration for Gitea
In Gitea, go to `Site Administration > Authentication Sources` and click `Add Authentication Source` In Gitea, go to `Site Administration > Authentication Sources` and click `Add Authentication Source`
Select `LDAP (via BindDN)` Select `LDAP (via BindDN)`
@ -14,36 +14,9 @@ To log in they can either use their email address or user name. If you only want
For more info on the user filter, see: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn For more info on the user filter, see: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn
* Admin Filter: Use `(memberof=cn=lldap_admin,ou=groups,dc=example,dc=com)` if you want lldap admins to become Gitea admins. Leave empty otherwise. * Admin Filter: Use `(memberof=cn=lldap_admin,ou=groups,dc=example,dc=com)` if you want lldap admins to become Gitea admins. Leave empty otherwise.
* Username Attribute: `uid` * Username Attribute: `uid`
* First Name Attribute: `givenName`
* Surname Attribute: `sn`
* Email Attribute: `mail` * Email Attribute: `mail`
* Avatar Attribute: `jpegPhoto`
* Check `Enable User Synchronization` * Check `Enable User Synchronization`
Replace every instance of `dc=example,dc=com` with your configured domain. Replace every instance of `dc=example,dc=com` with your configured domain.
After applying the above settings, users should be able to log in with either their user name or email address. After applying the above settings, users should be able to log in with either their user name or email address.
## Syncronizing LDAP groups with existing teams in organisations
Groups in LLDAP can be syncronized with teams in organisations. Organisations and teams must be created manually in Gitea.
It is possible to syncronize one LDAP group with multiple teams in a Gitea organization.
Check `Enable LDAP Groups`
* Group Search Base DN: `ou=groups,dc=example,dc=com`
* Group Attribute Containing List Of Users: `member`
* User Attribute Listed In Group: `dn`
* Map LDAP groups to Organization teams: `{"cn=Groupname1,ou=groups,dc=example,dc=com":{"Organization1": ["Teamname"]},"cn=Groupname2,ou=groups,dc=example,dc=com": {"Organization2": ["Teamname1", "Teamname2"]}}`
Check `Remove Users from syncronised teams...`
The `Map LDAP groups to Organization teams` config is JSON formatted and can be extended to as many groups as needed.
Replace every instance of `dc=example,dc=com` with your configured domain.
# Configuration for Gitea in `simple auth` mode
* The configuration method is the same as `BindDN` mode.
* `BindDN` and `password` are not required
* Gitea will not be able to pre-sync users, user account will be created at login time.

4
example_configs/grafana_ldap_config.toml
View File

@ -20,7 +20,7 @@ ssl_skip_verify = false
# client_key = "/path/to/client.key" # client_key = "/path/to/client.key"
# Search user bind dn # Search user bind dn
bind_dn = "uid=<your grafana user>,ou=people,dc=example,dc=org" bind_dn = "cn=<your grafana user>,ou=people,dc=example,dc=org"
# Search user bind password # Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = "<grafana user password>" bind_password = "<grafana user password>"
@ -44,6 +44,6 @@ username = "uid"
# If you want to map your ldap groups to grafana's groups, see: https://grafana.com/docs/grafana/latest/auth/ldap/#group-mappings # If you want to map your ldap groups to grafana's groups, see: https://grafana.com/docs/grafana/latest/auth/ldap/#group-mappings
# As a quick example, here is how you would map lldap's admin group to grafana's admin # As a quick example, here is how you would map lldap's admin group to grafana's admin
# [[servers.group_mappings]] # [[servers.group_mappings]]
# group_dn = "uid=lldap_admin,ou=groups,dc=example,dc=org" # group_dn = "cn=lldap_admin,ou=groups,c=example,dc=org"
# org_role = "Admin" # org_role = "Admin"
# grafana_admin = true # grafana_admin = true

16
example_configs/hedgedoc.md
View File

@ -1,16 +0,0 @@
# Configuration for hedgedoc
[Hedgedoc](https://hedgedoc.org/) is a platform to write and share markdown.
### Using docker variables
Any member of the group ```hedgedoc``` can log into hedgedoc.
```
- CMD_LDAP_URL=ldap://lldap:3890
- CMD_LDAP_BINDDN=uid=admin,ou=people,dc=example,dc=com
- CMD_LDAP_BINDCREDENTIALS=insert_your_password
- CMD_LDAP_SEARCHBASE=ou=people,dc=example,dc=com
- CMD_LDAP_SEARCHFILTER=(&(memberOf=cn=hedgedoc,ou=groups,dc=example,dc=com)(uid={{username}}))
- CMD_LDAP_USERIDFIELD=uid
```
Replace `dc=example,dc=com` with your LLDAP configured domain for all occurances

23
example_configs/home-assistant.md
View File

@ -1,23 +0,0 @@
# Home Assistant Configuration
Home Assistant configures ldap auth via the [Command Line Auth Provider](https://www.home-assistant.io/docs/authentication/providers/#command-line). The wiki mentions a script that can be used for LDAP authentication, but it doesn't work in the container version (it is lacking both `ldapsearch` and `curl` ldap protocol support). Thankfully LLDAP has a graphql API to save the day!
## Graphql-based Auth Script
The [auth script](lldap-ha-auth.sh) attempts to authenticate a user against an LLDAP server, using credentials provided via `username` and `password` environment variables. The first argument must be the URL of your LLDAP server, accessible from Home Assistant. You can provide an additional optional argument to confine allowed logins to a single group. The script will output the user's display name as the `name` variable, if not empty.
1. Copy the [auth script](lldap-ha-auth.sh) to your home assistant instance. In this example, we use `/config/lldap-auth.sh`.
2. Add the following to your configuration.yaml in Home assistant:
```yaml
homeassistant:
auth_providers:
# Ensure you have the homeassistant provider enabled if you want to continue using your existing accounts
- type: homeassistant
- type: command_line
command: /config/lldap-auth.sh
# Only allow users in the 'homeassistant_user' group to login.
# Change to ["https://lldap.example.com"] to allow all users
args: ["https://lldap.example.com", "homeassistant_user"]
meta: true
```
3. Reload your config or restart Home Assistant

BIN
example_configs/images/authelia_openid_config.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 152 KiB

BIN
example_configs/images/nextcloud_apps.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 15 KiB

BIN
example_configs/images/nextcloud_groups.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 89 KiB

BIN
example_configs/images/nextcloud_ldap_srv.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 76 KiB

BIN
example_configs/images/nextcloud_login_attributes.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 115 KiB

BIN
example_configs/images/nextcloud_loginfilter.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 213 KiB

BIN
example_configs/images/nextcloud_sharing_options.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 114 KiB

BIN
example_configs/images/nextcloud_sociallogin_checkboxes.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 53 KiB

BIN
example_configs/images/rancher_ldap_config.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 148 KiB

6
example_configs/jellyfin.md
View File

@ -35,12 +35,6 @@ Otherwise, just use:
``` ```
(uid=*) (uid=*)
``` ```
### Admin Base DN
The DN of your admin group. If you have `media_admin` as your group you would use:
```
cn=media_admin,ou=groups,dc=example,dc=com
```
### Admin Filter ### Admin Filter

33
example_configs/kanboard.md
View File

@ -1,33 +0,0 @@
# configuration for Kanboard
add these to the Kanboard `config.php`
Make sure you adapt the constant `LDAP_SERVER` to the correct LDAP endpoint.
You also might have to change `dc=example,dc=com` to whatever your LLDAP is handling, and maybe change the `kanboard_users` group name used in `LDAP_USER_FILTER` to identify users of a valid group of yours.
```
define('LDAP_AUTH', true);
define('LDAP_SERVER', 'ldap://lldap-server.com:3890');
define('LDAP_SSL_VERIFY', true);
define('LDAP_START_TLS', false);
define('LDAP_USERNAME_CASE_SENSITIVE', false);
define('LDAP_USER_CREATION', true);
define('LDAP_BIND_TYPE', 'user');
define('LDAP_USERNAME', 'uid=%s,ou=people,dc=example,dc=com');
define('LDAP_PASSWORD', null);
define('LDAP_USER_BASE_DN', 'ou=people,dc=example,dc=com');
define('LDAP_USER_FILTER', '(&(uid=%s)(memberof=cn=kanboard_users,ou=groups,dc=example,dc=com))');
define('LDAP_USERNAME_CASE_SENSITIVE', false);
define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');
define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');
define('LDAP_USER_ATTRIBUTE_PHOTO', 'jpegPhoto');
define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');
```

70
example_configs/lldap-ha-auth.sh
View File

@ -1,70 +0,0 @@
#!/bin/bash
# Usernames should be validated using a regular expression to be of
# a known format. Special characters will be escaped anyway, but it is
# generally not recommended to allow more than necessary.
# This pattern is set by default. In your config file, you can either
# overwrite it with a different one or use "unset USERNAME_PATTERN" to
# disable validation completely.
USERNAME_PATTERN='^[a-z|A-Z|0-9|_|-|.]+$'
# When the timeout (in seconds) is exceeded (e.g. due to slow networking),
# authentication fails.
TIMEOUT=3
# Log messages to stderr.
log() {
echo "$1" >&2
}
# Get server address
if [ -z "$1" ]; then
log "Usage: lldap-auth.sh <LLDAP server address> <Optional group to filter>"
exit 2
fi
SERVER_URL="${1%/}"
# Check username and password are present and not malformed.
if [ -z "$username" ] || [ -z "$password" ]; then
log "Need username and password environment variables."
exit 2
elif [ ! -z "$USERNAME_PATTERN" ]; then
username_match=$(echo "$username" | sed -r "s/$USERNAME_PATTERN/x/")
if [ "$username_match" != "x" ]; then
log "Username '$username' has an invalid format."
exit 2
fi
fi
RESPONSE=$(curl -f -s -X POST -m "$TIMEOUT" -H "Content-type: application/json" -d '{"username":"'"$username"'","password":"'"$password"'"}' "$SERVER_URL/auth/simple/login")
if [[ $? -ne 0 ]]; then
log "Auth failed"
exit 1
fi
TOKEN=$(jq -e -r .token <<< $RESPONSE)
if [[ $? -ne 0 ]]; then
log "Failed to parse token"
exit 1
fi
RESPONSE=$(curl -f -s -m "$TIMEOUT" -H "Content-type: application/json" -H "Authorization: Bearer ${TOKEN}" -d '{"variables":{"id":"'"$username"'"},"query":"query($id:String!){user(userId:$id){displayName groups{displayName}}}"}' "$SERVER_URL/api/graphql")
if [[ $? -ne 0 ]]; then
log "Failed to get user"
exit 1
fi
USER_JSON=$(jq -e .data.user <<< $RESPONSE)
if [[ $? -ne 0 ]]; then
log "Failed to parse user json"
exit 1
fi
if [[ ! -z "$2" ]] && ! jq -e '.groups|map(.displayName)|index("'"$2"'")' <<< $USER_JSON > /dev/null 2>&1; then
log "User is not in group '$2'"
exit 1
fi
DISPLAY_NAME=$(jq -r .displayName <<< $USER_JSON)
[[ ! -z "$DISPLAY_NAME" ]] && echo "name = $DISPLAY_NAME"

22
example_configs/lldap.service
View File

@ -1,22 +0,0 @@
[Unit]
Description=Nitnelave LLDAP
Documentation=https://github.com/nitnelave/lldap
# Only sqlite
After=network.target
[Service]
# The user/group LLDAP is run under. The working directory (see below) should allow write and read access to this user/group.
User=root
Group=root
# The location of the compiled binary
ExecStart=/opt/nitnelave/lldap \
run
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here).
WorkingDirectory=/opt/nitnelave/
ReadWriteDirectories=/opt/nitnelave/
[Install]
WantedBy=multi-user.target

126
example_configs/nextcloud.md
View File

@ -1,126 +0,0 @@
# Nextcloud LLDAP example config
## lldap users & groups
This example is using following users & groups in lldap :
* A technical user (ex: `ro_admin`), member of `lldap_strict_readonly` or `lldap_password_manager`
* A catch-all group called `nextcloud_users`.
* Members of `nextcloud_users` group will be authorized to log in Nextcloud.
* Some "application" groups, let's say `friends` and `family`: users in Nextcloud will be able to share files and view people in dynamic lists only to members of their own group(s).
* Users in `family` and `friends` should also be users in `nextcloud_users` group!
If you plan on following this tutorial line-by-line, you will now have the following:
* 6 groups:
1. `nextcloud_users`
2. `family`
3. `friends`
4. `lldap_strict_readonly`
5. `lldap_password_manager`
6. `ldap_admin`
* 1 admin user in any of the following groups:
1. `lldap_password_manager`
2. `lldap_strict_readonly`
* (Atleast) 1 user in the `nextcloud_users` group
* (Optional) Any number of users in the `friends` or `family` group.
## Nextcloud config : the cli way
TL;DR let's script it. The "user_ldap" application is shipped with default Nextcloud installation (at least using Docker official stable images), you just have to install & enable it :
```sh
occ app:install user_ldap
occ app:enable user_ldap
occ ldap:create-empty-config
# EDIT: domain
occ ldap:set-config s01 ldapHost "ldap://lldap.example.net."
occ ldap:set-config s01 ldapPort 3890
# EDIT: admin user
occ ldap:set-config s01 ldapAgentName "uid=ro_admin,ou=people,dc=example,dc=com"
# EDIT: password
occ ldap:set-config s01 ldapAgentPassword "password"
# EDIT: Base DN
occ ldap:set-config s01 ldapBase "dc=example,dc=com"
occ ldap:set-config s01 ldapBaseUsers "dc=example,dc=com"
occ ldap:set-config s01 ldapBaseGroups "dc=example,dc=com"
occ ldap:set-config s01 ldapConfigurationActive 1
occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(uid=%uid))"
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud
occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))"
occ ldap:set-config s01 ldapUserFilterMode 0
occ ldap:set-config s01 ldapUserFilterObjectclass person
occ ldap:set-config s01 turnOnPasswordChange 0
occ ldap:set-config s01 ldapCacheTTL 600
occ ldap:set-config s01 ldapExperiencedAdmin 0
occ ldap:set-config s01 ldapGidNumber gidNumber
# EDIT: list of application groups
occ ldap:set-config s01 ldapGroupFilter "(&(objectclass=groupOfUniqueNames)(|(cn=friends)(cn=family)))"
# EDIT: list of application groups
occ ldap:set-config s01 ldapGroupFilterGroups "friends;family"
occ ldap:set-config s01 ldapGroupFilterMode 0
occ ldap:set-config s01 ldapGroupDisplayName cn
occ ldap:set-config s01 ldapGroupFilterObjectclass groupOfUniqueNames
occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
occ ldap:set-config s01 ldapEmailAttribute "mail"
occ ldap:set-config s01 ldapLoginFilterEmail 0
occ ldap:set-config s01 ldapLoginFilterUsername 1
occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
occ ldap:set-config s01 ldapNestedGroups 0
occ ldap:set-config s01 ldapPagingSize 500
occ ldap:set-config s01 ldapTLS 0
occ ldap:set-config s01 ldapUserAvatarRule default
occ ldap:set-config s01 ldapUserDisplayName displayname
occ ldap:set-config s01 ldapUserFilterMode 1
occ ldap:set-config s01 ldapUuidGroupAttribute auto
occ ldap:set-config s01 ldapUuidUserAttribute auto
```
With a bit of of luck, you should be able to log in your nextcloud instance with LLDAP accounts in the `nextcloud_users` group.
## Nextcloud config : the GUI way
1. enable LDAP application (installed but not enabled by default)
2. setup your ldap server in Settings > Administration > LDAP / AD integration
3. setup Group limitations
### LDAP server config
Fill the LLDAP domain and port, DN + password of your technical account and base DN (as usual : change `example.com` by your own domain) :
![ldap configuration page](images/nextcloud_ldap_srv.png)
### Users tab
Select `person` as object class and then choose `Edit LDAP Query` : the `only from these groups` option is not functional.
We want only users from the `nextcloud_users` group to be allowed to log in Nextcloud :
```
(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))
```
![login configuration page](images/nextcloud_loginfilter.png)
You can check with `Verify settings and count users` that your filter is working properly (here your accounts `admin` and `ro_admin` will not be counted as users).
### Login attributes
Select `Edit LDAP Query` and enter :
```
(&(objectclass=person)(uid=%uid))
```
![login attributes page](images/nextcloud_login_attributes.png)
Enter a valid username in lldap and check if your filter is working.
### Groups
You can use the menus for this part : select `groupOfUniqueNames` in the first menu and check every group you want members to be allowed to view their group member / share files with.
![groups configuration page](images/nextcloud_groups.png)
## Sharing restrictions
Go to Settings > Administration > Sharing and check following boxes :
* "Allow username autocompletion to users within the same groups"
![sharing options](images/nextcloud_sharing_options.png)

90
example_configs/nextcloud_oidc_authelia.md
View File

@ -1,90 +0,0 @@
## Assumptions
If you're here, there are some assumptions being made about access and capabilities you have on your system:
1. You have Authelia up and running, understand its functionality, and have read through the documentation.
2. You have [LLDAP](https://github.com/nitnelave/lldap) up and running.
3. You have Nextcloud and LLDAP communicating and without any config errors. See the [example config for Nextcloud](nextcloud.md)
## Authelia
Set up Authelia according to its [documentation](https://www.authelia.com/overview/prologue/introduction/), including the [OpenID Connect](https://www.authelia.com/configuration/identity-providers/open-id-connect/) and [Nextcloud instructions](https://www.authelia.com/integration/openid-connect/nextcloud/).
## LLDAP
With LLDAP up and running, add a group and note the name you use. For this tutorial, we're using the group `nextcloud_users`. Create a new user and add it to the `nextcloud_users` group.
#### Optional:
Once setup, add an admin or config user and add to the `lldap_strict_readonly` or `lldap_password_manager` group. This will be the config account used for Nextcloud to read your groups and users from the server.
## Nextcloud
**_When we get to the OpenID section, we will be using the same defaults as Authelia's documentation. As a reminder, they are:_**
* **Application Root URL:** https://nextcloud.example.com
* **Authelia Root URL:** https://auth.example.com
* [**Client ID:**](https://www.authelia.com/configuration/identity-providers/open-id-connect/#id) nextcloud
* [**Client Secret:**](https://www.authelia.com/configuration/identity-providers/open-id-connect/#secret) nextcloud_client_secret
Login to your Nextcloud instance as an admin. By now, you should have correctly setup Nextcloud and LLDAP to be communicating and working as expected. [See assumptions, above](#assumptions)
Next, navigate to the `Apps` section.
![nextcloud_apps.png](images/nextcloud_apps.png)
Search for the Nextcloud app [Social Login](https://apps.nextcloud.com/apps/sociallogin). Enable the app.
Once enabled, navigate to Settings > Administration > Social Login.
You'll see many different options for various auth methods, including major 3rd party integrations. For the top section, check off these three options:
* Allow Users to Connect Social Logins with their Account
* Prevent creating an account if the email address exists in another account
* Update user profile every login
![nextcloud_sociallogin_checkboxes](images/nextcloud_sociallogin_checkboxes.png)
_You can test out the other options such as preventing users without a group, but I haven't tested all the options. These are just the ones I know that worked so far._
Scroll down and select **Custom OpenID Connect**. Fill out the following options:
_The first two can be any string you'd like to identify the connection with. The Title is the string that will show up on the button at the login screen and the Internal Name will be used in the Redirect uri. [See point 3 in the section below](#some-notes)._
| Field | Value |
|--|--|
| Internal Name | Authelia |
|Title | Authelia OpenID |
|Authorize URL | https://auth.example.com/api/oidc/authorization |
|Token URL | https://auth.example.com/api/oidc/token |
|Display Name Claim (Optional) | display_name |
|User info URL (Optional) | |
|Logout URL (Optional) | |
|Client ID: | nextcloud |
|Client Secret: | nextcloud_client_secret |
|Scope: | openid profile email groups |
|Groups Claim (Optional) | |
|Button Style | None |
|Default Group | nextcloud_users |
#### Some Notes
* The *scope* should be the same as the scope that was setup in [Authelia's OpenID Integration](https://www.authelia.com/integration/openid-connect/nextcloud/#authelia). Here's an example from Authelia:
![Authelia OpenID Config](images/authelia_openid_config.png)
* *_Do not_* use commas in the Nextcloud Social Login app scope! This caused many issues for me.
* Be sure you update your Authelia `configuration.yml`. Specifically, the line: `redirect_uris`. The new URL should be
`https://auth.example.com/index.php/apps/sociallogin/custom_oidc/Authelia`.
* The final field in the URL (Authelia) needs to be the same value you used in the Social Login "Internal Name" field.
* If you've setup LLDAP correctly in nextcloud, the last dropdown for _Default Group_ should show you the `nextcloud_users` group you setup in LLDAP.
Once you've filled out the fields correctly, scroll to the bottom and hit save and confirm that you don't recieve any errors from Nextcloud.
#### Config.php
Lastly, we need to add the following line to your `config.php` file on your Nextcloud Server.
* `'social_login_auto_redirect' => false,`
If this is set to *false* your login screen will show the standard User/Email and Password input fields with an additional button underneath that should say: `Login with Authelia OpenID` (the name is coming from the Title field in the Social Login options we setup earlier).
If this is set to *true* then the user flow will _skip_ the login page and automatically bring you to the Authelia Consent Page at `https://auth.example.com/consent?consent_id=alphanuber-uuid-string`
### Conclusion
And that's it! Assuming all the settings that worked for me, work for you, you should be able to login using OpenID Connect via Authelia. If you find any errors, it's a good idea to keep a document of all your settings from Authelia/Nextcloud/LLDAP etc so that you can easily reference and ensure everything lines up.
If you have any issues, please create a [discussion](https://github.com/nitnelave/lldap/discussions) or join the [Discord](https://discord.gg/h5PEdRMNyP).

56
example_configs/nexus.md
View File

@ -1,56 +0,0 @@
# Configuration for Sonatype Nexus Repository Manager 3
In Nexus log in as an administrator, go to `Server Administration and configuration (gear icon)`
Select `LDAP` under the `Security` section
Click `Create connection`
* Host: A name for the connection e.g. lldap
* Type: ldap
* Host: Your lldap server's ip/hostname
* Port: Your lldap server's port (3890 by default)
* Base DN: `dc=example,dc=com`
* Authentication Method: Simple Authentication
* Username or DN: `uid=admin,ou=people,dc=example,dc=com` or preferably create a read only user in lldap with the lldap_strict_readonly group.
* Password: The password for the user specified above
Click `Verify connection` if successful click `Next`
* Select a template: Generic ldap server
* User Relative DN: `ou=people`
* User subtree: Leave unchecked
* Object class: person
* User Filter: Leave empty to allow all users to log in or `(memberOf=uid=nexus_users,ou=groups,dc=example,dc=com)` for a specific group
* Username Attribute: `uid`
* Real Name Attribute: `cn`
* Email Attribute: `mail`
* Password Attribute: Leave blank
* Check `Enable User Synchronization`
Test user login credentials with `Verify login`
## Set up group mapping as roles
Check `Map LDAP groups as roles`
* Group Type: `Static Groups`
* Group relative DN: `ou=groups`
* Group subtree: Leave unchecked
* Group object class: `groupOfUniqueNames`
* Group ID attribute: `cn`
* Group member attribute: `member`
* Group member format: `uid=${username},ou=people,dc=example,dc=com`
Check user mapping with `Verify user mapping`
## Map specific roles to groups
In Nexus log in as an administrator, go to `Server Administration and configuration (gear icon)`
Select `Roles` under the `Security` section
Click `Create Role`
* Role ID: e.g. nexus_admin (name in nexus)
* Role Name: e.g. nexus_admin (group in lldap)
* Add privileges/roles as needed e.g. under Roles add nx-admin to the "contained" list
Click `Save`

95
example_configs/rancher.md
View File

@ -1,95 +0,0 @@
# Configuration for SUSE Rancher (any version)
### Left (hamburger) menu > Users & Authentication > OpenLDAP (yes, we are using the OpenLDAP config page)
---
## LDAP configuration
#### Hostname/IP
```
ip-address, DNS name or when running in Kubernetes (see https://github.com/Evantage-WS/lldap-kubernetes), lldap-service.lldap.svc.cluster.local
```
#### Port
```
3890
```
#### Service Account Distinguished name
A better option is to use a readonly account for accessing the LLDAP server
```
cn=admin,ou=people,dc=example,dc=com
```
#### Service Account Password
```
xxx
```
#### User Search Base
```
ou=people,dc=example,dc=com
```
#### Group Search Base
```
ou=groups,dc=example,dc=com
```
#### Object Class (users)
```
inetOrgPerson
```
#### Object Class (groups)
```
groupOfUniqueNames
```
#### Username Attribute
```
uid
```
#### Name Attribute
```
cn
```
#### Login Attribute
```
uid
```
#### Group Member User Attribute
```
dn
```
#### User Member Attribute
```
memberOf
```
#### Search Attribute (groups)
```
cn
```
#### Search Attribute (users)
```
uid|sn|givenName
```
#### Group Member Mapping Attribute
```
member
```
#### Group DN Attribute
```
dn
```
##### Choose "Search direct and nested group memberships"
##### Fill in the username and password of an admin user at Test and Enable Authentication and hit save
## Rancher OpenLDAP config page
![Rancher OpenLDAP config page](images/rancher_ldap_config.png)

11
example_configs/shaarli.md
View File

@ -1,11 +0,0 @@
# Configuration for shaarli
LDAP configuration is in ```/data/config.json.php```
Just add the following lines:
```
"ldap": {
"host": "ldap://lldap_server:3890",
"dn": "uid=%s,ou=people,dc=example,dc=com"
}
```

32
example_configs/vaultwarden.md
View File

@ -1,32 +0,0 @@
# Configuration for Vaultwarden
https://github.com/ViViDboarder/vaultwarden_ldap will send an invitation to any member of the group `vaultwarden`.
Replace `dc=example,dc=com` with your LLDAP configured domain.
`docker-compose.yml` to run `vaultwarden_ldap`
```
version: '3'
services:
ldap_sync:
image: vividboarder/vaultwarden_ldap:0.6-alpine
volumes:
- ./config.toml:/config.toml:ro
environment:
CONFIG_PATH: /config.toml
RUST_BACKTRACE: 1
restart: always
```
Configuration to use LDAP in `config.toml`
```toml
vaultwarden_url = "http://your_bitwarden_url:port"
vaultwarden_admin_token = "insert_admin_token_vaultwarden"
ldap_host = "insert_ldap_host"
ldap_port = 3890
ldap_bind_dn = "uid=admin,ou=people,dc=example,dc=com"
ldap_bind_password = "insert_admin_pw_ldap"
ldap_search_base_dn = "dc=example,dc=com"
ldap_search_filter = "(&(objectClass=person)(memberOf=uid=vaultwarden,ou=groups,dc=example,dc=com))"
ldap_sync_interval_seconds = 300
```
Will check every 300 seconds your ldap group ```vaultwarden``` and send an invitation by email to any new member of this group.

39
example_configs/wekan.md
View File

@ -1,39 +0,0 @@
# Configuration for WeKan
WeKan provides quite sophisticated LDAP authentication.
Their wiki page is here: https://github.com/wekan/wekan/wiki/LDAP
Their Docker Compose file with all possible LDAP configuration values and their explanation is here: https://github.com/wekan/wekan/blob/master/docker-compose.yml
## Docker Sample Settings
Here is a working example for an LDAP confiuration via Docker Compose Environment variables:
```
environment:
# Other values for your WeKan installation
- ...
# LDAP Section
- DEFAULT_AUTHENTICATION_METHOD=ldap
- LDAP_ENABLE=true
- LDAP_PORT=3890
- LDAP_HOST=localhost
- LDAP_USER_AUTHENTICATION=true
- LDAP_USER_AUTHENTICATION_FIELD=uid
- LDAP_BASEDN=ou=people,dc=example,dc=com
- LDAP_RECONNECT=true
- LDAP_AUTHENTIFICATION=true
- LDAP_AUTHENTIFICATION_USERDN=uid=admin,ou=people,dc=example,dc=com
- LDAP_AUTHENTIFICATION_PASSWORD=replacewithyoursecret
- LDAP_LOG_ENABLED=true
# If using LDAPS: LDAP_ENCRYPTION=ssl
- LDAP_ENCRYPTION=false
# The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
#- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
# Use this if you want to limit to a specific group
- LDAP_USER_SEARCH_FILTER=(&(objectClass=person)(memberof=cn=wekan_users,ou=groups,dc=example,dc=com))
- LDAP_USER_SEARCH_SCOPE=one
- LDAP_USER_SEARCH_FIELD=uid
- LDAP_USERNAME_FIELD=uid
- LDAP_FULLNAME_FIELD=cn
- LDAP_EMAIL_FIELD=mail
```

64
example_configs/wikijs.md
View File

@ -1,64 +0,0 @@
# Configuration for WikiJS
Replace `dc=example,dc=com` with your LLDAP configured domain.
### LDAP URL
```
ldap://lldap:3890
```
### Admin Bind DN
```
uid=admin,ou=people,dc=example,dc=com
```
or
```
uid=readonlyuser,ou=people,dc=example,dc=com
```
### Admin Bind Credentials
```
ADMINPASSWORD
```
or
```
READONLYUSERPASSWORD
```
### Search Base
```
ou=people,dc=example,dc=com
```
### Search Filter
If you wish the permitted users to be restricted to just the `wiki` group:
```
(&(memberof=cn=wiki,ou=groups,dc=example,dc=com)(|(uid={{username}})(mail={{username}))(objectClass=person))
```
If you wish any of the registered LLDAP users to be permitted to use WikiJS:
```
(&(|(uid={{username}})(mail={{username}))(objectClass=person))
```
### Use TLS
Left toggled off
### Verify TLS Certificate
Left toggled off
### TLS Certificate Path
Left blank
### Unique ID Field Mapping
```
uid
```
### Email Field Mapping
```
mail
```
### Display Name Field Mapping
```
givenname
```
### Avatar Picture Field Mapping
```
jpegPhoto
```
### Allow self-registration
Toggled on
### Limit to specific email domains
Left blank
### Assign to group
I created a group called `users` and assign my LDAP users to that by default.
You can use the local admin account to login and promote an LDAP user to `admin` group if you wish and then deactivate the local login option

21
example_configs/xbackbone_config.php
View File

@ -1,21 +0,0 @@
<?php
return array (
'ldap' =>
array (
'enabled' => true,
'schema' => 'ldap',
// If using same docker network, use 'lldap', otherwise put ip/hostname
'host' => 'lldap',
// Normal ldap port is 389, standard in LLDAP is 3890
'port' => 3890,
'base_domain' => 'ou=people,dc=example,dc=com',
// ???? is replaced with user-provided username, authenticates users in an lldap group called "xbackbone"
// Remove the "(memberof=...)" if you want to allow all users.
'search_filter' => '(&(uid=????)(objectClass=person)(memberof=cn=xbackbone,ou=groups,dc=example,dc=com))',
// the attribute to use as username
'rdn_attribute' => 'uid',
// LDAP admin/service account info below
'service_account_dn' => 'cn=admin,ou=people,dc=example,dc=com',
'service_account_password' => 'REPLACE_ME',
),
);

18
example_configs/zendto.md
View File

@ -1,18 +0,0 @@
# Configuration for Zendto
You setup https://zend.to/ for using LDAP by editing `/opt/zendto/config/preferences.php`. The relevant part for LDAP-settings is
```
'authenticator' => 'LDAP',
'authLDAPBaseDN' => 'DC=example,DC=com',
'authLDAPServers' => array('ldap://ldap_server_ip:3890'),
'authLDAPAccountSuffix' => '@example.com',
'authLDAPUseSSL' => false,
'authLDAPStartTLS' => false,
'authLDAPBindDn' => 'uid=admin,ou=people,dc=example,dc=com',
'authLDAPBindPass' => 'your_password',
'authLDAPUsernameAttr' => 'uid',
'authLDAPEmailAttr' => 'mail',
'authLDAPMemberKey' => 'memberOf',
'authLDAPMemberRole' => 'uid=zendto,ou=groups,dc=example,dc=com',
```
Every user of the group `zendto` is allowed to login.

33
lldap_config.docker_template.toml
View File

@ -7,21 +7,9 @@
## You can set it with the LLDAP_VERBOSE environment variable. ## You can set it with the LLDAP_VERBOSE environment variable.
# verbose=false # verbose=false
## The host address that the LDAP server will be bound to.
## To enable IPv6 support, simply switch "ldap_host" to "::":
## To only allow connections from localhost (if you want to restrict to local self-hosted services),
## change it to "127.0.0.1" ("::1" in case of IPv6)".
#ldap_host = "0.0.0.0"
## The port on which to have the LDAP server. ## The port on which to have the LDAP server.
#ldap_port = 3890 #ldap_port = 3890
## The host address that the HTTP server will be bound to.
## To enable IPv6 support, simply switch "http_host" to "::".
## To only allow connections from localhost (if you want to restrict to local self-hosted services),
## change it to "127.0.0.1" ("::1" in case of IPv6)".
#http_host = "0.0.0.0"
## The port on which to have the HTTP server, for user login and ## The port on which to have the HTTP server, for user login and
## administration. ## administration.
#http_port = 17170 #http_port = 17170
@ -39,7 +27,7 @@
## This can also be set from a file's contents by specifying the file path ## This can also be set from a file's contents by specifying the file path
## in the LLDAP_JWT_SECRET_FILE environment variable ## in the LLDAP_JWT_SECRET_FILE environment variable
## You can generate it with (on linux): ## You can generate it with (on linux):
## LC_ALL=C tr -dc 'A-Za-z0-9!#%&'\''()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32; echo '' ## LC_ALL=C tr -dc 'A-Za-z0-9!"#%&'\''()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32; echo ''
#jwt_secret = "REPLACE_WITH_RANDOM" #jwt_secret = "REPLACE_WITH_RANDOM"
## Base DN for LDAP. ## Base DN for LDAP.
@ -57,11 +45,6 @@
## For the administration interface, this is the username. ## For the administration interface, this is the username.
#ldap_user_dn = "admin" #ldap_user_dn = "admin"
## Admin email.
## Email for the admin account. It is only used when initially creating
## the admin user, and can safely be omitted.
#ldap_user_email = "admin@example.com"
## Admin password. ## Admin password.
## Password for the admin account, both for the LDAP bind and for the ## Password for the admin account, both for the LDAP bind and for the
## administration interface. It is only used when initially creating ## administration interface. It is only used when initially creating
@ -75,16 +58,16 @@
#ldap_user_pass = "REPLACE_WITH_PASSWORD" #ldap_user_pass = "REPLACE_WITH_PASSWORD"
## Database URL. ## Database URL.
## This encodes the type of database (SQlite, MySQL, or PostgreSQL) ## This encodes the type of database (SQlite, Mysql and so
## , the path, the user, password, and sometimes the mode (when ## on), the path, the user, password, and sometimes the mode (when
## relevant). ## relevant).
## Note: SQlite should come with "?mode=rwc" to create the DB ## Note: Currently, only SQlite is supported. SQlite should come with
## if not present. ## "?mode=rwc" to create the DB if not present.
## Example URLs: ## Example URLs:
## - "postgres://postgres-user:password@postgres-server/my-database" ## - "postgres://postgres-user:password@postgres-server/my-database"
## - "mysql://mysql-user:password@mysql-server/my-database" ## - "mysql://mysql-user:password@mysql-server/my-database"
## ##
## This can be overridden with the LLDAP_DATABASE_URL env variable. ## This can be overridden with the DATABASE_URL env variable.
database_url = "sqlite:///data/users.db?mode=rwc" database_url = "sqlite:///data/users.db?mode=rwc"
## Private key file. ## Private key file.
@ -113,8 +96,8 @@ key_file = "/data/private_key"
#server="smtp.gmail.com" #server="smtp.gmail.com"
## The SMTP port. ## The SMTP port.
#port=587 #port=587
## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS". ## Whether to connect with TLS.
#smtp_encryption = "TLS" #tls_required=true
## The SMTP user, usually your email address. ## The SMTP user, usually your email address.
#user="sender@gmail.com" #user="sender@gmail.com"
## The SMTP password. ## The SMTP password.

22
migration-tool/Cargo.toml
View File

@ -1,33 +1,23 @@
[package] [package]
name = "migration-tool" name = "migration-tool"
version = "0.4.2" version = "0.3.0-alpha.1"
edition = "2021" edition = "2021"
authors = ["Valentin Tolmer <valentin@tolmer.fr>"] authors = ["Valentin Tolmer <valentin@tolmer.fr>"]
[dependencies] [dependencies]
anyhow = "*" anyhow = "*"
base64 = "0.13" graphql_client = "0.10"
ldap3 = "*"
rand = "0.8" rand = "0.8"
requestty = "0.4.1" requestty = "*"
serde = "1" serde = "1"
serde_json = "1" serde_json = "1"
smallvec = "*" smallvec = "*"
[dependencies.lldap_auth] [dependencies.lldap_auth]
path = "../auth" path = "../auth"
features = ["opaque_client"] features = [ "opaque_client" ]
[dependencies.graphql_client]
features = ["graphql_query_derive", "reqwest-rustls"]
default-features = false
version = "0.11"
[dependencies.reqwest] [dependencies.reqwest]
version = "*" version = "*"
default-features = false features = [ "json", "blocking" ]
features = ["json", "blocking", "rustls-tls"]
[dependencies.ldap3]
version = "*"
default-features = false
features = ["sync", "tls-rustls"]

41
migration-tool/src/ldap.rs
View File

@ -131,7 +131,7 @@ fn bind_ldap(
}; };
if let Err(e) = ldap_connection if let Err(e) = ldap_connection
.simple_bind(&binddn, &password) .simple_bind(&binddn, &password)
.and_then(ldap3::LdapResult::success) .and_then(|r| r.success())
{ {
println!("Error connecting as '{}': {}", binddn, e); println!("Error connecting as '{}': {}", binddn, e);
bind_ldap(ldap_connection, Some(binddn)) bind_ldap(ldap_connection, Some(binddn))
@ -150,11 +150,12 @@ impl TryFrom<ResultEntry> for User {
.attrs .attrs
.get(attr) .get(attr)
.ok_or_else(|| anyhow!("Missing {} for user", attr)) .ok_or_else(|| anyhow!("Missing {} for user", attr))
.and_then(|u| -> Result<String> { .and_then(|u| {
u.iter() if u.len() > 1 {
.next() Err(anyhow!("Too many {}s", attr))
.map(String::to_owned) } else {
.ok_or_else(|| anyhow!("Too many {}s", attr)) Ok(u.first().unwrap().to_owned())
}
}) })
}; };
let id = get_required_attribute("uid") let id = get_required_attribute("uid")
@ -169,8 +170,13 @@ impl TryFrom<ResultEntry> for User {
.attrs .attrs
.get(attr) .get(attr)
.and_then(|v| v.first().map(|s| s.as_str())) .and_then(|v| v.first().map(|s| s.as_str()))
.filter(|s| !s.is_empty()) .and_then(|s| {
.map(str::to_owned) if s.is_empty() {
None
} else {
Some(s.to_owned())
}
})
}; };
let last_name = get_optional_attribute("sn").or_else(|| get_optional_attribute("surname")); let last_name = get_optional_attribute("sn").or_else(|| get_optional_attribute("surname"));
let display_name = get_optional_attribute("cn") let display_name = get_optional_attribute("cn")
@ -178,23 +184,14 @@ impl TryFrom<ResultEntry> for User {
.or_else(|| get_optional_attribute("name")) .or_else(|| get_optional_attribute("name"))
.or_else(|| get_optional_attribute("displayName")); .or_else(|| get_optional_attribute("displayName"));
let first_name = get_optional_attribute("givenName"); let first_name = get_optional_attribute("givenName");
let avatar = entry
.attrs
.get("jpegPhoto")
.map(|v| v.iter().map(|s| s.as_bytes().to_vec()).collect::<Vec<_>>())
.or_else(|| entry.bin_attrs.get("jpegPhoto").map(Clone::clone))
.and_then(|v| v.into_iter().next().filter(|s| !s.is_empty()));
let password = let password =
get_optional_attribute("userPassword").or_else(|| get_optional_attribute("password")); get_optional_attribute("userPassword").or_else(|| get_optional_attribute("password"));
Ok(User::new( Ok(User::new(
crate::lldap::CreateUserInput { id,
id, email,
email, display_name,
display_name, first_name,
first_name, last_name,
last_name,
avatar: avatar.map(base64::encode),
},
password, password,
entry.dn, entry.dn,
)) ))

23
migration-tool/src/lldap.rs
View File

@ -30,7 +30,7 @@ impl GraphQLClient {
where where
QueryType: GraphQLQuery + 'static, QueryType: GraphQLQuery + 'static,
{ {
let unwrap_graphql_response = |graphql_client::Response { data, errors, .. }| { let unwrap_graphql_response = |graphql_client::Response { data, errors }| {
data.ok_or_else(|| { data.ok_or_else(|| {
anyhow!( anyhow!(
"Errors: [{}]", "Errors: [{}]",
@ -69,13 +69,24 @@ pub struct User {
impl User { impl User {
// https://github.com/graphql-rust/graphql-client/issues/386 // https://github.com/graphql-rust/graphql-client/issues/386
#[allow(non_snake_case)]
pub fn new( pub fn new(
user_input: create_user::CreateUserInput, id: String,
email: String,
displayName: Option<String>,
firstName: Option<String>,
lastName: Option<String>,
password: Option<String>, password: Option<String>,
dn: String, dn: String,
) -> User { ) -> User {
User { User {
user_input, user_input: create_user::CreateUserInput {
id,
email,
displayName,
firstName,
lastName,
},
password, password,
dn, dn,
} }
@ -92,8 +103,6 @@ impl User {
)] )]
struct CreateUser; struct CreateUser;
pub type CreateUserInput = create_user::CreateUserInput;
#[derive(GraphQLQuery)] #[derive(GraphQLQuery)]
#[graphql( #[graphql(
schema_path = "../schema.graphql", schema_path = "../schema.graphql",
@ -166,9 +175,7 @@ fn try_login(
response.status().as_str() response.status().as_str()
); );
} }
let json = serde_json::from_str::<lldap_auth::login::ServerLoginResponse>(&response.text()?) Ok(response.text()?)
.context("Could not parse response")?;
Ok(json.token)
} }
pub fn get_lldap_user_and_password( pub fn get_lldap_user_and_password(

2
migration-tool/src/main.rs
View File

@ -1,5 +1,3 @@
#![allow(clippy::uninlined_format_args)]
use std::collections::HashSet; use std::collections::HashSet;
use anyhow::{anyhow, Result}; use anyhow::{anyhow, Result};

6
schema.graphql
View File

@ -17,8 +17,6 @@ type Mutation {
type Group { type Group {
id: Int! id: Int!
displayName: String! displayName: String!
creationDate: DateTimeUtc!
uuid: String!
"The groups to which this user belongs." "The groups to which this user belongs."
users: [User!]! users: [User!]!
} }
@ -60,7 +58,6 @@ input CreateUserInput {
displayName: String displayName: String
firstName: String firstName: String
lastName: String lastName: String
avatar: String
} }
type User { type User {
@ -69,9 +66,7 @@ type User {
displayName: String! displayName: String!
firstName: String! firstName: String!
lastName: String! lastName: String!
avatar: String
creationDate: DateTimeUtc! creationDate: DateTimeUtc!
uuid: String!
"The groups to which this user belongs." "The groups to which this user belongs."
groups: [Group!]! groups: [Group!]!
} }
@ -87,7 +82,6 @@ input UpdateUserInput {
displayName: String displayName: String
firstName: String firstName: String
lastName: String lastName: String
avatar: String
} }
schema { schema {

Some files were not shown because too many files have changed in this diff Show More