summaryrefslogtreecommitdiff
path: root/fig-web/src/Fig/Web
diff options
context:
space:
mode:
Diffstat (limited to 'fig-web/src/Fig/Web')
-rw-r--r--fig-web/src/Fig/Web/Auth.hs3
-rw-r--r--fig-web/src/Fig/Web/LDAP.hs39
-rw-r--r--fig-web/src/Fig/Web/Utils.hs10
3 files changed, 50 insertions, 2 deletions
diff --git a/fig-web/src/Fig/Web/Auth.hs b/fig-web/src/Fig/Web/Auth.hs
index 3076d1f..2fb23b9 100644
--- a/fig-web/src/Fig/Web/Auth.hs
+++ b/fig-web/src/Fig/Web/Auth.hs
@@ -15,7 +15,6 @@ import qualified Jose.Jwk as Jwk
import qualified Jose.Jwt as Jwt
import qualified Web.Scotty as Sc
-import qualified Web.Scotty.Cookie as Sc.C
import Fig.Web.Utils
@@ -65,7 +64,7 @@ checkAuth cfg =
let pairs = Map.fromList $ flip mapMaybe authstr \s ->
case Text.splitOn "=" s of
[k, v] -> Just (k, Text.takeWhile (/='"') $ Text.drop 1 v)
- _ -> Nothing
+ _other -> Nothing
case (Map.lookup "token" pairs, Map.lookup "nonce" pairs) of
(Just token, Just nonce) -> do
log $ tshow token
diff --git a/fig-web/src/Fig/Web/LDAP.hs b/fig-web/src/Fig/Web/LDAP.hs
new file mode 100644
index 0000000..e9861a9
--- /dev/null
+++ b/fig-web/src/Fig/Web/LDAP.hs
@@ -0,0 +1,39 @@
+module Fig.Web.LDAP where
+
+import Fig.Prelude
+
+import System.Exit (ExitCode(..))
+import qualified System.Process as Proc
+
+import qualified Data.UUID as UUID
+import qualified Data.UUID.V4 as UUID
+import qualified Data.Text as Text
+
+import Fig.Web.Utils
+
+-- | Reset the password in LDAP for the specified user (creating the user if necessary)
+resetUserPassword :: MonadIO m => Config -> Text -> Text -> m (Maybe Text)
+resetUserPassword cfg user uid = do
+ let login = Text.toLower user
+ password <- UUID.toText <$> liftIO UUID.nextRandom
+ exitCode <- liftIO $ Proc.withCreateProcess
+ (Proc.proc cfg.lldapCli $ unpack <$>
+ [ "-H", cfg.lldapHost
+ , "-D", cfg.lldapUser
+ , "-w", cfg.lldapPassword
+ , "user", "add", login, login <> "@users.colonq.computer"
+ , "-p", password
+ , "-f", uid
+ ])
+ \_ _ _ h -> Proc.waitForProcess h
+ liftIO $ Proc.withCreateProcess
+ (Proc.proc cfg.lldapCli $ unpack <$>
+ [ "-H", cfg.lldapHost
+ , "-D", cfg.lldapUser
+ , "-w", cfg.lldapPassword
+ , "user", "group", "add", login, "fig_users"
+ ])
+ \_ _ _ h -> void $ Proc.waitForProcess h
+ case exitCode of
+ ExitSuccess -> pure $ Just password
+ ExitFailure _ -> pure Nothing
diff --git a/fig-web/src/Fig/Web/Utils.hs b/fig-web/src/Fig/Web/Utils.hs
index b6c385a..004ba5a 100644
--- a/fig-web/src/Fig/Web/Utils.hs
+++ b/fig-web/src/Fig/Web/Utils.hs
@@ -25,17 +25,27 @@ instance Exception FigWebException
data Config = Config
{ port :: !Int
+ , assetPath :: !FilePath
, clientId :: !Text
, authToken :: !Text
, dbHost :: !Text
+ , lldapCli :: !FilePath
+ , lldapHost :: !Text
+ , lldapUser :: !Text
+ , lldapPassword :: !Text
} deriving (Show, Eq, Ord)
configCodec :: Toml.TomlCodec Config
configCodec = do
port <- Toml.int "port" Toml..= (\a -> a.port)
+ assetPath <- Toml.string "asset_path" Toml..= (\a -> a.assetPath)
clientId <- Toml.text "client_id" Toml..= (\a -> a.clientId)
authToken <- Toml.text "auth_token" Toml..= (\a -> a.authToken)
dbHost <- Toml.text "db_host" Toml..= (\a -> a.dbHost)
+ lldapCli <- Toml.string "lldap_cli" Toml..= (\a -> a.lldapCli)
+ lldapHost <- Toml.text "lldap_host" Toml..= (\a -> a.lldapHost)
+ lldapUser <- Toml.text "lldap_user" Toml..= (\a -> a.lldapUser)
+ lldapPassword <- Toml.text "lldap_password" Toml..= (\a -> a.lldapPassword)
pure $ Config{..}
loadConfig :: FilePath -> IO Config
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-09 09:02:35 +0000