server: Add an option to force reset the admin password
This commit is contained in:
Valentin Tolmer
committed by
nitnelave
nitnelave
parent
9ac96e8c6e
commit
ff0ea51121
@@ -78,6 +78,12 @@
|
|||||||
## is just the default one.
|
## is just the default one.
|
||||||
#ldap_user_pass = "REPLACE_WITH_PASSWORD"
|
#ldap_user_pass = "REPLACE_WITH_PASSWORD"
|
||||||
|
|
||||||
|
## Force reset of the admin password.
|
||||||
|
## Break glass in case of emergency: if you lost the admin password, you
|
||||||
|
## can set this to true to force a reset of the admin password to the value
|
||||||
|
## of ldap_user_pass above.
|
||||||
|
# force_reset_admin_password = false
|
||||||
|
|
||||||
## Database URL.
|
## Database URL.
|
||||||
## This encodes the type of database (SQlite, MySQL, or PostgreSQL)
|
## This encodes the type of database (SQlite, MySQL, or PostgreSQL)
|
||||||
## , the path, the user, password, and sometimes the mode (when
|
## , the path, the user, password, and sometimes the mode (when
|
||||||
|
|||||||
@@ -89,6 +89,10 @@ pub struct RunOpts {
|
|||||||
#[clap(short, long, env = "LLDAP_DATABASE_URL")]
|
#[clap(short, long, env = "LLDAP_DATABASE_URL")]
|
||||||
pub database_url: Option<String>,
|
pub database_url: Option<String>,
|
||||||
|
|
||||||
|
/// Force admin password reset to the config value.
|
||||||
|
#[clap(short, long, env = "LLDAP_FORCE_LADP_USER_PASS_RESET")]
|
||||||
|
pub force_ldap_user_pass_reset: Option<bool>,
|
||||||
|
|
||||||
#[clap(flatten)]
|
#[clap(flatten)]
|
||||||
pub smtp_opts: SmtpOpts,
|
pub smtp_opts: SmtpOpts,
|
||||||
|
|
||||||
|
|||||||
@@ -83,6 +83,8 @@ pub struct Configuration {
|
|||||||
pub ldap_user_email: String,
|
pub ldap_user_email: String,
|
||||||
#[builder(default = r#"SecUtf8::from("password")"#)]
|
#[builder(default = r#"SecUtf8::from("password")"#)]
|
||||||
pub ldap_user_pass: SecUtf8,
|
pub ldap_user_pass: SecUtf8,
|
||||||
|
#[builder(default = "false")]
|
||||||
|
pub force_ldap_user_pass_reset: bool,
|
||||||
#[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)]
|
#[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)]
|
||||||
pub database_url: String,
|
pub database_url: String,
|
||||||
#[builder(default)]
|
#[builder(default)]
|
||||||
@@ -244,6 +246,10 @@ impl ConfigOverrider for RunOpts {
|
|||||||
if let Some(database_url) = self.database_url.as_ref() {
|
if let Some(database_url) = self.database_url.as_ref() {
|
||||||
config.database_url = database_url.to_string();
|
config.database_url = database_url.to_string();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if let Some(force_ldap_user_pass_reset) = self.force_ldap_user_pass_reset {
|
||||||
|
config.force_ldap_user_pass_reset = force_ldap_user_pass_reset;
|
||||||
|
}
|
||||||
self.smtp_opts.override_config(config);
|
self.smtp_opts.override_config(config);
|
||||||
self.ldaps_opts.override_config(config);
|
self.ldaps_opts.override_config(config);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -107,6 +107,18 @@ async fn set_up_server(config: Configuration) -> Result<ServerBuilder> {
|
|||||||
.await
|
.await
|
||||||
.map_err(|e| anyhow!("Error setting up admin login/account: {:#}", e))
|
.map_err(|e| anyhow!("Error setting up admin login/account: {:#}", e))
|
||||||
.context("while creating the admin user")?;
|
.context("while creating the admin user")?;
|
||||||
|
} else if config.force_ldap_user_pass_reset {
|
||||||
|
warn!("Forcing admin password reset to the config-provided password");
|
||||||
|
register_password(
|
||||||
|
&backend_handler,
|
||||||
|
&config.ldap_user_dn,
|
||||||
|
&config.ldap_user_pass,
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.context(format!(
|
||||||
|
"while resetting admin password for {}",
|
||||||
|
&config.ldap_user_dn
|
||||||
|
))?;
|
||||||
}
|
}
|
||||||
let server_builder = infra::ldap_server::build_ldap_server(
|
let server_builder = infra::ldap_server::build_ldap_server(
|
||||||
&config,
|
&config,
|
||||||
|
|||||||
Reference in New Issue
Block a user