From 4d31f8de68ed713a1eb3f0a3c87d5334f56102e2 Mon Sep 17 00:00:00 2001 From: valentinkolb Date: Tue, 14 May 2024 14:18:20 +0200 Subject: [PATCH] feat(app): chnaged users table in the past ldapUsers had their own table (ldapUsers) and guest users the (guestUsers) table. They are now stored in the same table but with a REALM field BREAKING CHANGE: ldap users are now stored in the "users" table --- ldapApi/main.go | 3 +-- ldapSync/db.go | 1 + ldapSync/ldapSync.go | 1 + ldapSync/models.go | 1 + ldapSync/tables.go | 34 +++++++++++++++++++++------------- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/ldapApi/main.go b/ldapApi/main.go index b21fd6c..1988767 100644 --- a/ldapApi/main.go +++ b/ldapApi/main.go @@ -44,7 +44,7 @@ func UserIsInAdminGroup(app *pocketbase.PocketBase, c echo.Context) error { } // return error if user is not in admin group - return apis.NewUnauthorizedError("Unauthorized: user must be in admin group for ldap search", nil) + return apis.NewUnauthorizedError("Unauthorized", nil) } // initLdapLogin @@ -138,7 +138,6 @@ func initLdapSearch(app *pocketbase.PocketBase, e *core.ServeEvent) { } // Connect to the LDAP server - conn, err := ldap.DialURL(os.Getenv("LDAP_URL")) if err != nil { return apis.NewBadRequestError("unable to connect to ldap server", err) diff --git a/ldapSync/db.go b/ldapSync/db.go index 488fe8c..b90af32 100644 --- a/ldapSync/db.go +++ b/ldapSync/db.go @@ -122,6 +122,7 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error { record.Set("dn", ldapUser.dn) record.Set("cn", ldapUser.cn) record.Set("memberOf", memberOfGroupIds) + record.Set("REALM", ldapUser.REALM) if err := app.Dao().SaveRecord(record); err != nil { return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err) diff --git a/ldapSync/ldapSync.go b/ldapSync/ldapSync.go index 78dba3c..c10a023 100644 --- a/ldapSync/ldapSync.go +++ b/ldapSync/ldapSync.go @@ -169,6 +169,7 @@ func syncLdapUsers(app *pocketbase.PocketBase, ldapClient *ldap.Conn) SyncResult cn: entry.GetAttributeValue("cn"), msSFU30NisDomain: entry.GetAttributeValue("msSFU30NisDomain"), memberOf: entry.GetAttributeValues("memberOf"), + REALM: "LDAP", }) if err != nil { errors = append(errors, err) diff --git a/ldapSync/models.go b/ldapSync/models.go index 4623fa6..0727019 100644 --- a/ldapSync/models.go +++ b/ldapSync/models.go @@ -10,6 +10,7 @@ type LDAPUser struct { cn string msSFU30NisDomain string // must be STUVE memberOf []string + REALM string } type LDAPGroup struct { diff --git a/ldapSync/tables.go b/ldapSync/tables.go index 9207660..0a3e482 100644 --- a/ldapSync/tables.go +++ b/ldapSync/tables.go @@ -12,7 +12,7 @@ import ( "github.com/pocketbase/pocketbase/tools/types" ) -const ldapUsersTableName string = "ldap_users" +const ldapUsersTableName string = "users" const ldapGroupsTableName string = "ldap_groups" const ldapSyncLogsTableName string = "ldap_sync_logs" @@ -124,17 +124,17 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error { form := forms.NewCollectionUpsert(app, collection) form.Name = ldapUsersTableName // collection name form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work - form.ListRule = nil // list rule (only user self can list their own data - form.ViewRule = nil // view rule (only user self can view their own data) - form.CreateRule = nil // create rule (anyone can create) - form.UpdateRule = nil // update rule (anyone can update) - form.DeleteRule = nil // delete rule (anyone can delete) + form.ListRule = nil // list rule (only admins can list) + form.ViewRule = nil // view rule (only admins can view) + form.CreateRule = nil // create rule (only admins can create) + form.UpdateRule = nil // update rule (only admins can update) + form.DeleteRule = nil // delete rule (only admins can delete) // add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function form.Schema.AddField(&schema.SchemaField{ Name: "cn", Type: schema.FieldTypeText, - Required: true, + Required: false, Presentable: true, }) @@ -142,28 +142,28 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error { form.Schema.AddField(&schema.SchemaField{ Name: "objectGUID", Type: schema.FieldTypeText, - Required: true, + Required: false, }) // add distinguished name field form.Schema.AddField(&schema.SchemaField{ Name: "dn", Type: schema.FieldTypeText, - Required: true, + Required: false, }) // add surname field form.Schema.AddField(&schema.SchemaField{ Name: "sn", Type: schema.FieldTypeText, - Required: true, + Required: false, }) // add given name field form.Schema.AddField(&schema.SchemaField{ Name: "givenName", Type: schema.FieldTypeText, - Required: true, + Required: false, }) // add account expires field @@ -173,6 +173,13 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error { Required: false, }) + // add account expires field + form.Schema.AddField(&schema.SchemaField{ + Name: "REALM", + Type: schema.FieldTypeDate, + Required: true, + }) + // add groups field form.Schema.AddField(&schema.SchemaField{ Name: "memberOf", @@ -186,8 +193,9 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error { // create index on username form.Indexes = types.JsonArray[string]{ - "CREATE UNIQUE INDEX idx_ldapUsers_cn ON " + ldapGroupsTableName + " (cn)", - "CREATE UNIQUE INDEX idx_ldapUsers_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)", + "CREATE UNIQUE INDEX idx_users_username ON " + ldapGroupsTableName + " (username, REALM)", // username must be unique for each realm + "CREATE UNIQUE INDEX idx_users_cn ON " + ldapGroupsTableName + " (cn)", + "CREATE UNIQUE INDEX idx_users_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)", } return form.Submit()