mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow account locking with expire-at 'epoch' and 'now' (#1757)

Browse source 
Fixes #1755
This commit is contained in:
James Hodgkinson 2023-06-21 11:46:59 +10:00 committed by GitHub
parent 8d2565773e
commit a9547d7150
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 51 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libs/client/src/lib.rs
View file

@ -475,7 +475,11 @@ impl KanidmClient {
warn!(server_version = ?ver, client_version = ?EXPECT_VERSION, "Mismatched client and server version - features may not work, or other unforeseen errors may occur.") warn!(server_version = ?ver, client_version = ?EXPECT_VERSION, "Mismatched client and server version - features may not work, or other unforeseen errors may occur.")
} }
debug_assert!(matching); #[cfg(debug_assertions)]
if !matching {
error!("You're in debug/dev mode, so we're going to quit here.");
std::process::exit(1);
}
// Check is done once, mark as no longer needing to occur // Check is done once, mark as no longer needing to occur
*guard = false; *guard = false;

42
tools/cli/src/cli/person.rs
View file

@ -417,6 +417,36 @@ impl PersonOpt {
Err(e) => error!("Error -> {:?}", e), Err(e) => error!("Error -> {:?}", e),
_ => println!("Success"), _ => println!("Success"),
} }
} else if matches!(ano.datetime.as_str(), "now") {
// set the expiry to *now*
let now = OffsetDateTime::now_utc().format(&Rfc3339).unwrap();
debug!("Setting expiry to {}", now);
match client
.idm_person_account_set_attr(
ano.aopts.account_id.as_str(),
"account_expire",
&[&now],
)
.await
{
Err(e) => error!("Error setting expiry to 'now' -> {:?}", e),
_ => println!("Success"),
}
} else if matches!(ano.datetime.as_str(), "epoch") {
// set the expiry to the epoch
let epoch_str = OffsetDateTime::UNIX_EPOCH.format(&Rfc3339).unwrap();
debug!("Setting expiry to {}", epoch_str);
match client
.idm_person_account_set_attr(
ano.aopts.account_id.as_str(),
"account_expire",
&[&epoch_str],
)
.await
{
Err(e) => error!("Error setting expiry to 'epoch' -> {:?}", e),
_ => println!("Success"),
}
} else { } else {
if let Err(e) = OffsetDateTime::parse(ano.datetime.as_str(), &Rfc3339) { if let Err(e) = OffsetDateTime::parse(ano.datetime.as_str(), &Rfc3339) {
error!("Error -> {:?}", e); error!("Error -> {:?}", e);
@ -447,7 +477,11 @@ impl PersonOpt {
) )
.await .await
{ {
Err(e) => error!("Error -> {:?}", e), Err(e) => error!(
"Error setting begin-from to '{}' -> {:?}",
ano.datetime.as_str(),
e
),
_ => println!("Success"), _ => println!("Success"),
} }
} else { } else {
@ -465,7 +499,11 @@ impl PersonOpt {
) )
.await .await
{ {
Err(e) => error!("Error -> {:?}", e), Err(e) => error!(
"Error setting begin-from to '{}' -> {:?}",
ano.datetime.as_str(),
e
),
_ => println!("Success"), _ => println!("Success"),
} }
} }

9
tools/cli/src/opt/kanidm.rs
View file

@ -119,9 +119,12 @@ pub struct AccountNamedExpireDateTimeOpt {
aopts: AccountCommonOpt, aopts: AccountCommonOpt,
#[clap(flatten)] #[clap(flatten)]
copt: CommonOpt, copt: CommonOpt,
#[clap(name = "datetime")] #[clap(name = "datetime", verbatim_doc_comment)]
/// An rfc3339 time of the format "YYYY-MM-DDTHH:MM:SS+TZ", "2020-09-25T11:22:02+10:00" /// This accepts mulitple options:
/// or the word "never", "clear" to remove account expiry. /// - An RFC3339 time of the format "YYYY-MM-DDTHH:MM:SS+TZ", "2020-09-25T11:22:02+10:00"
/// - One of "any", "clear" or "never" to remove account expiry.
/// - "epoch" to set the expiry to the UNIX epoch
/// - "now" to expire immediately (this will affect authentication with Kanidm, but external systems may not be aware of the change until next time it's validated, typically ~15 minutes)
datetime: String, datetime: String,
} }