Initial commit

src/lib.rs

@@ -0,0 +1 @@
+pub mod lldap;

src/lldap.rs

@@ -0,0 +1,48 @@
+use anyhow::{anyhow, Context};
+use lldap_auth::{opaque, registration};
+use surf::Client;
+
+pub async fn change_password(client: &Client, user_id: &str, password: &str) -> anyhow::Result<()> {
+    let mut rng = rand::rngs::OsRng;
+    let registration_start_request =
+        opaque::client::registration::start_registration(password, &mut rng)
+            .context("Could not initiate password change")?;
+
+    let start_request = registration::ClientRegistrationStartRequest {
+        username: user_id.into(),
+        registration_start_request: registration_start_request.message,
+    };
+
+    let mut response = client
+        .post("/auth/opaque/register/start")
+        .body_json(&start_request)
+        .map_err(|e| anyhow!(e))?
+        .await
+        .map_err(|e| anyhow!(e))?;
+
+    let response: registration::ServerRegistrationStartResponse =
+        response.body_json().await.map_err(|e| anyhow!(e))?;
+
+    let registration_finish = opaque::client::registration::finish_registration(
+        registration_start_request.state,
+        response.registration_response,
+        &mut rng,
+    )
+    .context("Error during password change")?;
+
+    let request = registration::ClientRegistrationFinishRequest {
+        server_data: response.server_data,
+        registration_upload: registration_finish.message,
+    };
+
+    let _response = client
+        .post("/auth/opaque/register/finish")
+        .body_json(&request)
+        .map_err(|e| anyhow!(e))?
+        .await
+        .map_err(|e| anyhow!(e))?;
+
+    println!("Changed '{user_id}' password successfully");
+
+    Ok(())
+}

src/main.rs

@@ -0,0 +1,111 @@
+use std::time::Duration;
+
+use anyhow::anyhow;
+use cynic::{http::SurfExt, MutationBuilder, QueryBuilder};
+use lldap_controller::lldap::change_password;
+use queries::{
+    AddUserToGroup, AddUserToGroupVariables, CreateManagedUserAttribute, CreateUser,
+    CreateUserVariables, DeleteUser, DeleteUserVariables, GetUserAttributes, ListManagedUsers,
+};
+use surf::{Client, Config, Url};
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let token = std::env::var("LLDAP_TOKEN")?;
+
+    let base_url = "http://localhost:17170";
+    let users = [
+        "authelia".to_owned(),
+        "grafana".to_owned(),
+        "gitea".to_owned(),
+    ];
+
+    let client: Client = Config::new()
+        .set_base_url(Url::parse(base_url)?)
+        .set_timeout(Some(Duration::from_secs(1)))
+        .add_header("Authorization", format!("Bearer {token}"))
+        .map_err(|e| anyhow!(e))?
+        .try_into()?;
+
+    let operation = GetUserAttributes::build(());
+    let response = client
+        .post("/api/graphql")
+        .run_graphql(operation)
+        .await
+        .map_err(|e| anyhow!(e))?;
+
+    let has_managed = response
+        .data
+        .as_ref()
+        .expect("Should get data")
+        .schema
+        .user_schema
+        .attributes
+        .iter()
+        .any(|attr| attr.name == "managed");
+
+    if !has_managed {
+        let operation = CreateManagedUserAttribute::build(());
+        let _response = client
+            .post("/api/graphql")
+            .run_graphql(operation)
+            .await
+            .map_err(|e| anyhow!(e))?;
+    }
+
+    let operation = ListManagedUsers::build(());
+    let response = client
+        .post("/api/graphql")
+        .run_graphql(operation)
+        .await
+        .map_err(|e| anyhow!(e))?;
+
+    let (existing, remove): (Vec<_>, Vec<_>) = response
+        .data
+        .expect("Should get data")
+        .users
+        .into_iter()
+        .map(|user| user.id)
+        .partition(|user| users.contains(user));
+
+    let (update, create): (Vec<_>, Vec<_>) = users.iter().partition(|user| existing.contains(user));
+
+    for id in &remove {
+        println!("Removing '{id}");
+
+        let operation = DeleteUser::build(DeleteUserVariables { id });
+        let _response = client
+            .post("/api/graphql")
+            .run_graphql(operation)
+            .await
+            .map_err(|e| anyhow!(e))?;
+    }
+
+    for id in create {
+        println!("Creating '{id}'");
+
+        let operation = CreateUser::build(CreateUserVariables { id });
+        let _response = client
+            .post("/api/graphql")
+            .run_graphql(operation)
+            .await
+            .map_err(|e| anyhow!(e))?;
+
+        let operation = AddUserToGroup::build(AddUserToGroupVariables { id, group: 3 });
+        let _response = client
+            .post("/api/graphql")
+            .run_graphql(operation)
+            .await
+            .map_err(|e| anyhow!(e))?;
+
+        change_password(&client, id, "JustATest").await?;
+    }
+
+    for id in update {
+        println!("Updating '{id}'");
+
+        change_password(&client, id, "JustATest").await?;
+    }
+
+    Ok(())
+}