kanidm/kanidm_tools/src/cli/common.rs

use crate::login::read_tokens;
use crate::CommonOpt;
use kanidm_client::{KanidmClient, KanidmClientBuilder};

impl CommonOpt {
    pub fn to_unauth_client(&self) -> KanidmClient {
        let config_path: String = shellexpand::tilde("~/.config/kanidm").into_owned();

        debug!("Attempting to use config {}", "/etc/kanidm/config");
        let client_builder = match KanidmClientBuilder::new()
            .read_options_from_optional_config("/etc/kanidm/config")
            .and_then(|cb| {
                debug!("Attempting to use config {}", config_path);
                cb.read_options_from_optional_config(config_path)
            }) {
            Ok(c) => c,
            Err(e) => {
                error!("Failed to parse config (if present) -- {:?}", e);
                std::process::exit(1);
            }
        };

        let client_builder = match &self.addr {
            Some(a) => client_builder.address(a.to_string()),
            None => client_builder,
        };

        let ca_path: Option<&str> = self.ca_path.as_ref().map(|p| p.to_str()).flatten();
        let client_builder = match ca_path {
            Some(p) => match client_builder.add_root_certificate_filepath(p) {
                Ok(cb) => cb,
                Err(e) => {
                    error!("Failed to add ca certificate -- {:?}", e);
                    std::process::exit(1);
                }
            },
            None => client_builder,
        };

        match client_builder.build() {
            Ok(c) => c,
            Err(e) => {
                error!("Failed to build client instance -- {:?}", e);
                std::process::exit(1);
            }
        }
    }

    pub fn to_client(&self) -> KanidmClient {
        let mut client = self.to_unauth_client();
        // Read the token file.
        let tokens = match read_tokens() {
            Ok(t) => t,
            Err(_e) => {
                error!("Error retrieving authentication token store");
                std::process::exit(1);
            }
        };

        if tokens.is_empty() {
            error!(
                "No valid authentication tokens found. Please login with the 'login' subcommand."
            );
            std::process::exit(1);
        }

        // If we have a username, use that to select tokens
        let token = match &self.username {
            Some(username) => {
                // Is it in the store?
                match tokens.get(username) {
                    Some(t) => t.clone(),
                    None => {
                        error!("No valid authentication tokens found for {}.", username);
                        std::process::exit(1);
                    }
                }
            }
            None => {
                if tokens.len() == 1 {
                    #[allow(clippy::expect_used)]
                    let (f_uname, f_token) = tokens.iter().next().expect("Memory Corruption");
                    // else pick the first token
                    info!("Authenticated as {}", f_uname);
                    f_token.clone()
                } else {
                    // Unable to select
                    error!("Multiple authentication tokens exist. Please select one with --name.");
                    std::process::exit(1);
                }
            }
        };

        // Set it into the client
        client.set_token(token);

        client
    }
}
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`use crate::login::read_tokens;`
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?). 2021-02-13 04:46:22 +01:00			`use crate::CommonOpt;`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`use kanidm_client::{KanidmClient, KanidmClientBuilder};`

			`impl CommonOpt {`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`pub fn to_unauth_client(&self) -> KanidmClient {`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`let config_path: String = shellexpand::tilde("~/.config/kanidm").into_owned();`

			`debug!("Attempting to use config {}", "/etc/kanidm/config");`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`let client_builder = match KanidmClientBuilder::new()`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`.read_options_from_optional_config("/etc/kanidm/config")`
			`.and_then(\|cb\| {`
			`debug!("Attempting to use config {}", config_path);`
			`cb.read_options_from_optional_config(config_path)`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`}) {`
			`Ok(c) => c,`
			`Err(e) => {`
			`error!("Failed to parse config (if present) -- {:?}", e);`
			`std::process::exit(1);`
			`}`
			`};`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00
			`let client_builder = match &self.addr {`
			`Some(a) => client_builder.address(a.to_string()),`
			`None => client_builder,`
			`};`

Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`let ca_path: Option<&str> = self.ca_path.as_ref().map(\|p\| p.to_str()).flatten();`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`let client_builder = match ca_path {`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`Some(p) => match client_builder.add_root_certificate_filepath(p) {`
			`Ok(cb) => cb,`
			`Err(e) => {`
			`error!("Failed to add ca certificate -- {:?}", e);`
			`std::process::exit(1);`
			`}`
			`},`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`None => client_builder,`
			`};`

Account valid-from and expiry (#322) Fixes #59 account policy and lockout. This is achived with a valid_from and expire attribute that are timestamps. Cli tools are added to manage these. 2020-10-10 02:31:51 +02:00			`match client_builder.build() {`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`Ok(c) => c,`
			`Err(e) => {`
			`error!("Failed to build client instance -- {:?}", e);`
			`std::process::exit(1);`
			`}`
Account valid-from and expiry (#322) Fixes #59 account policy and lockout. This is achived with a valid_from and expire attribute that are timestamps. Cli tools are added to manage these. 2020-10-10 02:31:51 +02:00			`}`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`}`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`pub fn to_client(&self) -> KanidmClient {`
			`let mut client = self.to_unauth_client();`
			`// Read the token file.`
			`let tokens = match read_tokens() {`
			`Ok(t) => t,`
			`Err(_e) => {`
			`error!("Error retrieving authentication token store");`
			`std::process::exit(1);`
			`}`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`};`

Account valid-from and expiry (#322) Fixes #59 account policy and lockout. This is achived with a valid_from and expire attribute that are timestamps. Cli tools are added to manage these. 2020-10-10 02:31:51 +02:00			`if tokens.is_empty() {`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`error!(`
			`"No valid authentication tokens found. Please login with the 'login' subcommand."`
			`);`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`std::process::exit(1);`
			`}`

250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`// If we have a username, use that to select tokens`
			`let token = match &self.username {`
			`Some(username) => {`
			`// Is it in the store?`
			`match tokens.get(username) {`
			`Some(t) => t.clone(),`
			`None => {`
			`error!("No valid authentication tokens found for {}.", username);`
			`std::process::exit(1);`
			`}`
			`}`
			`}`
			`None => {`
			`if tokens.len() == 1 {`
Account valid-from and expiry (#322) Fixes #59 account policy and lockout. This is achived with a valid_from and expire attribute that are timestamps. Cli tools are added to manage these. 2020-10-10 02:31:51 +02:00			`#[allow(clippy::expect_used)]`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`let (f_uname, f_token) = tokens.iter().next().expect("Memory Corruption");`
			`// else pick the first token`
			`info!("Authenticated as {}", f_uname);`
			`f_token.clone()`
			`} else {`
			`// Unable to select`
			`error!("Multiple authentication tokens exist. Please select one with --name.");`
			`std::process::exit(1);`
			`}`
			`}`
			`};`

			`// Set it into the client`
			`client.set_token(token);`

20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`client`
			`}`
			`}`