Implements a first bit of User management.

This commit is contained in:
Nadja Reitzenstein 2022-04-27 20:19:04 +02:00
parent fe992a9446
commit 46e3552e04
5 changed files with 82 additions and 25 deletions

View File

@ -25,31 +25,31 @@ impl User {
pub fn build_optional(&self, user: Option<UserRef>, builder: optional::Builder<user::Owned>) { pub fn build_optional(&self, user: Option<UserRef>, builder: optional::Builder<user::Owned>) {
if let Some(user) = user.and_then(|u| self.session.users.get_user(u.get_username())) { if let Some(user) = user.and_then(|u| self.session.users.get_user(u.get_username())) {
let builder = builder.init_just(); let builder = builder.init_just();
self.fill(user, builder); Self::fill(&self.session, user, builder);
} }
} }
pub fn build(session: SessionHandle, builder: user::Builder) { pub fn build(session: SessionHandle, builder: user::Builder) {
let this = Self::new_self(session); let this = Self::new_self(session);
let user = this.session.get_user(); let user = this.session.get_user();
this.fill(user, builder); Self::fill(&this.session, user, builder);
} }
pub fn fill(&self, user: db::User, mut builder: user::Builder) { pub fn fill(session: &SessionHandle, user: db::User, mut builder: user::Builder) {
builder.set_username(user.id.as_str()); builder.set_username(user.id.as_str());
let client = Self::new(self.session.clone(), UserRef::new(user.id.clone()));
// We have permissions on ourself // We have permissions on ourself
let is_me = &self.session.get_user_ref().id == &user.id; let is_me = &session.get_user_ref().id == &user.id;
if is_me || self.session.has_perm(Permission::new("bffh.users.info")) { let client = Self::new(session.clone(), UserRef::new(user.id));
if is_me || session.has_perm(Permission::new("bffh.users.info")) {
builder.set_info(capnp_rpc::new_client(client.clone())); builder.set_info(capnp_rpc::new_client(client.clone()));
} }
if is_me { if is_me {
builder.set_manage(capnp_rpc::new_client(client.clone())); builder.set_manage(capnp_rpc::new_client(client.clone()));
} }
if self.session.has_perm(Permission::new("bffh.users.admin")) { if session.has_perm(Permission::new("bffh.users.admin")) {
builder.set_admin(capnp_rpc::new_client(client.clone())); builder.set_admin(capnp_rpc::new_client(client.clone()));
} }
} }
@ -61,11 +61,12 @@ impl info::Server for User {
_: info::ListRolesParams, _: info::ListRolesParams,
mut result: info::ListRolesResults, mut result: info::ListRolesResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
let user = self.session.get_user(); if let Some(user) = self.session.users.get_user(self.user.get_username()) {
let mut builder = result.get().init_roles(user.userdata.roles.len() as u32); let mut builder = result.get().init_roles(user.userdata.roles.len() as u32);
for (i, role) in user.userdata.roles.into_iter().enumerate() { for (i, role) in user.userdata.roles.into_iter().enumerate() {
let mut b = builder.reborrow().get(i as u32); let mut b = builder.reborrow().get(i as u32);
b.set_name(role.as_str()); b.set_name(role.as_str());
}
} }
Promise::ok(()) Promise::ok(())
} }

View File

@ -7,6 +7,7 @@ use api::usersystem_capnp::user_system::{
use crate::capnp::user::User; use crate::capnp::user::User;
use crate::session::SessionHandle; use crate::session::SessionHandle;
use crate::users::db;
#[derive(Clone)] #[derive(Clone)]
@ -42,28 +43,53 @@ impl manage::Server for Users {
let users = pry!(userdb.get_all() let users = pry!(userdb.get_all()
.map_err(|e| capnp::Error::failed(format!("UserDB error: {:?}", e)))); .map_err(|e| capnp::Error::failed(format!("UserDB error: {:?}", e))));
let mut builder = result.get().init_user_list(users.len() as u32); let mut builder = result.get().init_user_list(users.len() as u32);
let me = User::new_self(self.session.clone());
for (i, (_, user)) in users.into_iter().enumerate() { for (i, (_, user)) in users.into_iter().enumerate() {
me.fill(user, builder.reborrow().get(i as u32)); User::fill(&self.session, user, builder.reborrow().get(i as u32));
} }
Promise::ok(()) Promise::ok(())
} }
fn add_user( fn add_user(
&mut self, &mut self,
_: manage::AddUserParams, params: manage::AddUserParams,
_: manage::AddUserResults, mut result: manage::AddUserResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
Promise::err(::capnp::Error::unimplemented( let params = pry!(params.get());
"method not implemented".to_string(), let username = pry!(params.get_username());
)) let password = pry!(params.get_password());
// FIXME: saslprep passwords & usernames before storing them
if !username.is_empty() && !password.is_empty() {
if self.session.users.get_user(username).is_none() {
let user = db::User::new_with_plain_pw(username, password);
self.session.users.put_user(username, &user);
let mut builder = result.get();
User::fill(&self.session, user, builder);
} else {
tracing::warn!("Failed to add user: Username taken");
}
} else {
if username.is_empty() {
tracing::warn!("Failed to add user: Username empty");
} else if password.is_empty() {
tracing::warn!("Failed to add user: Password empty");
}
}
Promise::ok(())
} }
fn remove_user( fn remove_user(
&mut self, &mut self,
_: manage::RemoveUserParams, params: manage::RemoveUserParams,
_: manage::RemoveUserResults, _: manage::RemoveUserResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
Promise::err(::capnp::Error::unimplemented( let who: &str = pry!(pry!(params.get()).get_username());
"method not implemented".to_string(),
)) if let Err(e) = self.session.users.del_user(who) {
tracing::warn!("Failed to delete user: {:?}", e);
} else {
tracing::info!("Deleted user {}", who);
}
Promise::ok(())
} }
} }

View File

@ -36,6 +36,22 @@ impl User {
Ok(false) Ok(false)
} }
} }
pub fn new_with_plain_pw(username: &str, password: impl AsRef<[u8]>) -> Self {
let config = argon2::Config::default();
let salt: [u8; 16] = rand::random();
let hash = argon2::hash_encoded(password.as_ref(), &salt, &config)
.expect(&format!("Failed to hash password for {}: ", username));
tracing::debug!("Hashed pw for {} to {}", username, hash);
User {
id: username.to_string(),
userdata: UserData {
passwd: Some(hash),
.. Default::default()
}
}
}
} }
#[derive( #[derive(
@ -43,6 +59,7 @@ Clone,
PartialEq, PartialEq,
Eq, Eq,
Debug, Debug,
Default,
rkyv::Archive, rkyv::Archive,
rkyv::Serialize, rkyv::Serialize,
rkyv::Deserialize, rkyv::Deserialize,
@ -73,6 +90,7 @@ impl UserData {
pub fn new_with_kv(roles: Vec<String>, kv: HashMap<String, String>) -> Self { pub fn new_with_kv(roles: Vec<String>, kv: HashMap<String, String>) -> Self {
Self { roles, kv, passwd: None } Self { roles, kv, passwd: None }
} }
} }
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
@ -116,6 +134,13 @@ impl UserDB {
Ok(()) Ok(())
} }
pub fn delete(&self, uid: &str) -> Result<(), db::Error> {
let mut txn = self.env.begin_rw_txn()?;
self.db.del(&mut txn, &uid)?;
txn.commit()?;
Ok(())
}
pub fn get_all(&self) -> Result<Vec<(String, User)>, db::Error> { pub fn get_all(&self) -> Result<Vec<(String, User)>, db::Error> {
let txn = self.env.begin_ro_txn()?; let txn = self.env.begin_ro_txn()?;
let iter = self.db.get_all(&txn)?; let iter = self.db.get_all(&txn)?;

View File

@ -98,6 +98,11 @@ impl Users {
self.userdb.put(uid, user) self.userdb.put(uid, user)
} }
pub fn del_user(&self, uid: &str) -> Result<(), lmdb::Error> {
tracing::trace!(uid, "Deleting user");
self.userdb.delete(uid)
}
pub fn load_file<P: AsRef<Path>>(&self, path: P) -> anyhow::Result<()> { pub fn load_file<P: AsRef<Path>>(&self, path: P) -> anyhow::Result<()> {
let f = std::fs::read(path)?; let f = std::fs::read(path)?;
let map: HashMap<String, UserData> = toml::from_slice(&f)?; let map: HashMap<String, UserData> = toml::from_slice(&f)?;

View File

@ -1,4 +1,4 @@
use clap::{Arg, Command, Parser}; use clap::{Arg, Command};
use diflouroborane::{config, Diflouroborane}; use diflouroborane::{config, Diflouroborane};