From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id DD30A1FF38E for ; Tue, 11 Jun 2024 14:51:45 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A917836DBE; Tue, 11 Jun 2024 14:52:20 +0200 (CEST) Date: Tue, 11 Jun 2024 14:51:46 +0200 From: Wolfgang Bumiller To: Shannon Sterz Message-ID: References: <20240610154214.356689-1-s.sterz@proxmox.com> <20240610154214.356689-3-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240610154214.356689-3-s.sterz@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -1.208 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy ENA_SUBJ_ODD_CASE 2.6 Subject has odd case KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox 2/5] access: define shared `User`, `UserWithTokens` and `ApiTokens types X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Cc: pbs-devel@lists.proxmox.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On Mon, Jun 10, 2024 at 05:42:11PM GMT, Shannon Sterz wrote: > +#[api( > + properties: { > + userid: { > + type: Userid, > + }, > + comment: { > + optional: true, > + schema: COMMENT_SCHEMA, > + }, > + enable: { > + optional: true, > + schema: ENABLE_USER_SCHEMA, > + }, > + expire: { > + optional: true, > + schema: EXPIRE_USER_SCHEMA, > + }, > + firstname: { > + optional: true, > + schema: FIRST_NAME_SCHEMA, > + }, > + lastname: { > + schema: LAST_NAME_SCHEMA, > + optional: true, > + }, > + email: { > + schema: EMAIL_SCHEMA, > + optional: true, > + }, > + tokens: { > + type: Array, > + optional: true, > + description: "List of user's API tokens.", > + items: { > + type: ApiToken > + }, > + }, > + "totp-locked": { > + type: bool, > + optional: true, > + default: false, > + description: "True if the user is currently locked out of TOTP factors", > + }, > + "tfa-locked-until": { > + optional: true, > + description: "Contains a timestamp until when a user is locked out of 2nd factors", > + }, > + } > +)] > +#[derive(Serialize, Deserialize, Clone, PartialEq)] > +#[serde(rename_all = "kebab-case")] > +/// User properties with added list of ApiTokens > +pub struct UserWithTokens { While already moving things around, can we make this just contain a nested `User` with `#[serde(flatten)]`? > + pub userid: Userid, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub comment: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub enable: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub expire: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub firstname: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub lastname: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub email: Option, > + #[serde(skip_serializing_if = "Vec::is_empty", default)] > + pub tokens: Vec, > + #[serde(skip_serializing_if = "bool_is_false", default)] > + pub totp_locked: bool, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub tfa_locked_until: Option, > +} > + > +fn bool_is_false(b: &bool) -> bool { > + !b > +} > + > +#[api( > + properties: { > + tokenid: { > + schema: PROXMOX_TOKEN_ID_SCHEMA, > + }, > + comment: { > + optional: true, > + schema: COMMENT_SCHEMA, > + }, > + enable: { > + optional: true, > + schema: ENABLE_USER_SCHEMA, > + }, > + expire: { > + optional: true, > + schema: EXPIRE_USER_SCHEMA, > + }, > + } > +)] > +#[derive(Serialize, Deserialize, Clone, PartialEq)] > +/// ApiToken properties. > +pub struct ApiToken { > + pub tokenid: Authid, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub comment: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub enable: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub expire: Option, > +} > + > +impl ApiToken { > + pub fn is_active(&self) -> bool { > + if !self.enable.unwrap_or(true) { > + return false; > + } > + if let Some(expire) = self.expire { > + let now = proxmox_time::epoch_i64(); > + if expire > 0 && expire <= now { > + return false; > + } > + } > + true > + } > +} > + > +#[api( > + properties: { > + userid: { > + type: Userid, > + }, > + comment: { > + optional: true, > + schema: COMMENT_SCHEMA, > + }, > + enable: { > + optional: true, > + schema: ENABLE_USER_SCHEMA, > + }, > + expire: { > + optional: true, > + schema: EXPIRE_USER_SCHEMA, > + }, > + firstname: { > + optional: true, > + schema: FIRST_NAME_SCHEMA, > + }, > + lastname: { > + schema: LAST_NAME_SCHEMA, > + optional: true, > + }, > + email: { > + schema: EMAIL_SCHEMA, > + optional: true, > + }, > + } > +)] > +#[derive(Serialize, Deserialize, Updater, PartialEq, Eq)] > +/// User properties. > +pub struct User { > + #[updater(skip)] > + pub userid: Userid, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub comment: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub enable: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub expire: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub firstname: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub lastname: Option, > + #[serde(skip_serializing_if = "Option::is_none")] > + pub email: Option, > +} > + > +impl User { > + pub fn is_active(&self) -> bool { > + if !self.enable.unwrap_or(true) { > + return false; > + } > + if let Some(expire) = self.expire { > + let now = proxmox_time::epoch_i64(); > + if expire > 0 && expire <= now { > + return false; > + } > + } > + true > + } > +} > -- > 2.39.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel