fraport/fradrive-old
fraport/fradrive-old
Archived
3
1
Fork 0
Code Issues 65 Pull Requests 5 Actions Packages Projects Releases 197 Wiki Activity

chore(ldap): use separate source-id for ldap instance identification

Browse Source
This commit is contained in:
Sarah Vaupel 2024-02-28 15:50:47 +01:00
parent 064645d1b3
commit ac5bca2fcd
5 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Handler/SAP.hs
View File

@ -100,13 +100,8 @@ getQualificationSAPDirectR = do
let let
ldapSources = case userAuthConf of ldapSources = case userAuthConf of
UserAuthConfSingleSource (AuthSourceConfLdap LdapConf{..}) UserAuthConfSingleSource (AuthSourceConfLdap LdapConf{..})
-> [ AuthSourceIdLdap -> singleton $ AuthSourceIdLdap ldapConfSourceId
{ authSourceIdLdapHost = tshow ldapConfHost -- TODO: ugh... what to do in case of tls? _other -> mempty
, authSourceIdLdapPort = fromInteger $ toInteger ldapConfPort -- TODO: ugh...
}
]
_other
-> mempty
ldapCutoff = addDiffDaysRollOver (fromMonths $ -3) now ldapCutoff = addDiffDaysRollOver (fromMonths $ -3) now
qualUsers <- runDB $ E.select $ do qualUsers <- runDB $ E.select $ do

7
src/Jobs/HealthReport.hs
View File

@ -110,10 +110,13 @@ dispatchHealthCheckHTTPReachable = fmap HealthHTTPReachable . yesodTimeout (^. _
dispatchHealthCheckLDAPAdmins :: Handler HealthReport dispatchHealthCheckLDAPAdmins :: Handler HealthReport
dispatchHealthCheckLDAPAdmins = fmap HealthLDAPAdmins . yesodTimeout (^. _appHealthCheckLDAPAdminsTimeout) (Just 0) $ do dispatchHealthCheckLDAPAdmins = fmap HealthLDAPAdmins . yesodTimeout (^. _appHealthCheckLDAPAdminsTimeout) (Just 0) $ do
ldapPool' <- getsYesod appLdapPool ldapPool' <- getsYesod appLdapPool
--reTestAfter <- getsYesod $ view _appUserdbRetestFailover userAuthConf <- getsYesod $ view _appUserAuthConf
case ldapPool' of case ldapPool' of
Just ldapPool -> do Just ldapPool -> do
currentLdapSources <- return [] -- TODO: fetch from current user-auth config let currentLdapSources = case userAuthConf of
UserAuthConfSingleSource (AuthSourceConfLdap LdapConf{..})
-> singleton $ AuthSourceIdLdap ldapConfSourceId
_other -> mempty
ldapAdminUsers' <- fmap (map E.unValue) . runDB . E.select . E.from $ \(user `E.InnerJoin` userFunction) -> E.distinctOnOrderBy [E.asc $ user E.^. UserId] $ do ldapAdminUsers' <- fmap (map E.unValue) . runDB . E.select . E.from $ \(user `E.InnerJoin` userFunction) -> E.distinctOnOrderBy [E.asc $ user E.^. UserId] $ do
E.on $ user E.^. UserId E.==. userFunction E.^. UserFunctionUser E.on $ user E.^. UserId E.==. userFunction E.^. UserFunctionUser
E.where_ $ userFunction E.^. UserFunctionFunction E.==. E.val SchoolAdmin E.where_ $ userFunction E.^. UserFunctionFunction E.==. E.val SchoolAdmin

4
src/Model/Types/Auth.hs
View File

@ -43,7 +43,6 @@ import Data.Universe
import Data.Universe.Instances.Reverse () import Data.Universe.Instances.Reverse ()
import Data.Universe.Instances.Reverse.MonoTraversable () import Data.Universe.Instances.Reverse.MonoTraversable ()
import Data.UUID (UUID) import Data.UUID (UUID)
import Data.Word (Word16)
import Database.Persist.Sql import Database.Persist.Sql
@ -79,8 +78,7 @@ data AuthSourceIdent
{ authSourceIdAzureClientId :: UUID { authSourceIdAzureClientId :: UUID
} }
| AuthSourceIdLdap | AuthSourceIdLdap
{ authSourceIdLdapHost :: Text -- See comment above for why we do not use Ldap.Host directly { authSourceIdLdapHost :: Text -- normally either just the hostname, or hostname and port
, authSourceIdLdapPort :: Word16 -- See comment above for why we do not use Ldap.PortNumber directly
} }
deriving (Eq, Ord, Read, Show, Data, Generic) deriving (Eq, Ord, Read, Show, Data, Generic)
deriving anyclass (NFData) deriving anyclass (NFData)

9
src/Settings/Ldap.hs
View File

@ -26,6 +26,7 @@ import Ldap.Client.Instances ()
data LdapConf = LdapConf data LdapConf = LdapConf
{ ldapConfHost :: Ldap.Host { ldapConfHost :: Ldap.Host
, ldapConfPort :: Ldap.PortNumber , ldapConfPort :: Ldap.PortNumber
, ldapConfSourceId :: Text -- ^ Some unique identifier for this LDAP instance, e.g. hostname or hostname:port
, ldapConfDn :: Ldap.Dn , ldapConfDn :: Ldap.Dn
, ldapConfPassword :: Ldap.Password , ldapConfPassword :: Ldap.Password
, ldapConfBase :: Ldap.Dn , ldapConfBase :: Ldap.Dn
@ -48,8 +49,12 @@ instance FromJSON LdapConf where
| null spec -> return Nothing | null spec -> return Nothing
Nothing -> return Nothing Nothing -> return Nothing
_otherwise -> fail "Could not parse LDAP TLSSettings" _otherwise -> fail "Could not parse LDAP TLSSettings"
ldapConfHost <- maybe Ldap.Plain (flip Ldap.Tls) tlsSettings <$> o .:? "host" .!= "" hostname :: Text <- o .: "host"
ldapConfPort <- (fromIntegral :: Int -> Ldap.PortNumber) <$> o .: "port" port :: Int <- o .: "port"
let
ldapConfHost = maybe Ldap.Plain (flip Ldap.Tls) tlsSettings $ show hostname
ldapConfPort = fromIntegral port
ldapConfSourceId <- o .:? "source-id" .!= hostname
ldapConfDn <- Ldap.Dn <$> o .:? "user" .!= "" ldapConfDn <- Ldap.Dn <$> o .:? "user" .!= ""
ldapConfPassword <- Ldap.Password . Text.encodeUtf8 <$> o .:? "pass" .!= "" ldapConfPassword <- Ldap.Password . Text.encodeUtf8 <$> o .:? "pass" .!= ""
ldapConfBase <- Ldap.Dn <$> o .:? "baseDN" .!= "" ldapConfBase <- Ldap.Dn <$> o .:? "baseDN" .!= ""

2
templates/profileData.hamlet
View File

@ -134,7 +134,7 @@ $# SPDX-License-Identifier: AGPL-3.0-or-later
$case sourceIdent $case sourceIdent
$of AuthSourceIdAzure _clientId $of AuthSourceIdAzure _clientId
_{MsgAuthKindAzure}: # _{MsgAuthKindAzure}: #
$of AuthSourceIdLdap _host _port $of AuthSourceIdLdap _sourceId
_{MsgAuthKindLDAP}: # _{MsgAuthKindLDAP}: #
#{authIdent} # #{authIdent} #
<span .comment> <span .comment>