src/service/emergency/mod.rs

use std::sync::Arc;

use async_trait::async_trait;
use conduwuit::{Result, error, warn};
use ruma::{
	events::{
		GlobalAccountDataEvent, GlobalAccountDataEventType, push_rules::PushRulesEventContent,
	},
	push::Ruleset,
};

use crate::{Dep, account_data, config, globals, users};

pub struct Service {
	services: Services,
}

struct Services {
	account_data: Dep<account_data::Service>,
	config: Dep<config::Service>,
	globals: Dep<globals::Service>,
	users: Dep<users::Service>,
}

#[async_trait]
impl crate::Service for Service {
	fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
		Ok(Arc::new(Self {
			services: Services {
				account_data: args.depend::<account_data::Service>("account_data"),
				config: args.depend::<config::Service>("config"),

				globals: args.depend::<globals::Service>("globals"),
				users: args.depend::<users::Service>("users"),
			},
		}))
	}

	async fn worker(self: Arc<Self>) -> Result {
		if self.services.globals.is_read_only() {
			return Ok(());
		}

		if self.services.config.ldap.enable {
			warn!("emergency password feature not available with LDAP enabled.");
			return Ok(());
		}

		self.set_emergency_access().await.inspect_err(|e| {
			error!("Could not set the configured emergency password for the server user: {e}");
		})
	}

	fn name(&self) -> &str { crate::service::make_name(std::module_path!()) }
}

impl Service {
	/// Sets the emergency password and push rules for the server user account
	/// in case emergency password is set
	async fn set_emergency_access(&self) -> Result {
		let server_user = &self.services.globals.server_user;

		self.services
			.users
			.set_password(server_user, self.services.config.emergency_password.as_deref())
			.await?;

		let (ruleset, pwd_set) = match self.services.config.emergency_password {
			| Some(_) => (Ruleset::server_default(server_user), true),
			| None => (Ruleset::new(), false),
		};

		self.services
			.account_data
			.update(
				None,
				server_user,
				GlobalAccountDataEventType::PushRules.to_string().into(),
				&serde_json::to_value(&GlobalAccountDataEvent {
					content: PushRulesEventContent { global: ruleset },
				})
				.expect("to json value always works"),
			)
			.await?;

		if pwd_set {
			warn!(
				"The server account emergency password is set! Please unset it as soon as you \
				 finish admin account recovery! You will be logged out of the server service \
				 account when you finish."
			);
			Ok(())
		} else {
			// logs out any users still in the server service account and removes sessions
			self.services.users.deactivate_account(server_user).await
		}
	}
}
de-global services for services 2024-07-18 06:37:47 +00:00			`use std::sync::Arc;`

			`use async_trait::async_trait;`
run cargo fix for rust 2024 changes and rustfmt 2025-02-23 01:17:45 -05:00			`use conduwuit::{Result, error, warn};`
de-global services for services 2024-07-18 06:37:47 +00:00			`use ruma::{`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`events::{`
run cargo fix for rust 2024 changes and rustfmt 2025-02-23 01:17:45 -05:00			`GlobalAccountDataEvent, GlobalAccountDataEventType, push_rules::PushRulesEventContent,`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`},`
de-global services for services 2024-07-18 06:37:47 +00:00			`push::Ruleset,`
			`};`

refactor+fix various issues with regs/logins and admin user commands 2025-03-02 23:16:30 -05:00			`use crate::{Dep, account_data, config, globals, users};`
de-global services for services 2024-07-18 06:37:47 +00:00
			`pub struct Service {`
			`services: Services,`
			`}`

			`struct Services {`
			`account_data: Dep<account_data::Service>,`
refactor+fix various issues with regs/logins and admin user commands 2025-03-02 23:16:30 -05:00			`config: Dep<config::Service>,`
de-global services for services 2024-07-18 06:37:47 +00:00			`globals: Dep<globals::Service>,`
			`users: Dep<users::Service>,`
			`}`

			`#[async_trait]`
			`impl crate::Service for Service {`
			`fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {`
			`Ok(Arc::new(Self {`
			`services: Services {`
			`account_data: args.depend::<account_data::Service>("account_data"),`
refactor+fix various issues with regs/logins and admin user commands 2025-03-02 23:16:30 -05:00			`config: args.depend::<config::Service>("config"),`

de-global services for services 2024-07-18 06:37:47 +00:00			`globals: args.depend::<globals::Service>("globals"),`
			`users: args.depend::<users::Service>("users"),`
			`},`
			`}))`
			`}`

apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`async fn worker(self: Arc<Self>) -> Result {`
add rocksdb secondary; fix read_only mode. 2024-10-01 04:20:31 +00:00			`if self.services.globals.is_read_only() {`
			`return Ok(());`
			`}`

feat: ldap login 2025-08-09 15:06:48 +02:00			`if self.services.config.ldap.enable {`
			`warn!("emergency password feature not available with LDAP enabled.");`
			`return Ok(());`
			`}`

apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`self.set_emergency_access().await.inspect_err(\|e\| {`
			`error!("Could not set the configured emergency password for the server user: {e}");`
			`})`
de-global services for services 2024-07-18 06:37:47 +00:00			`}`

			`fn name(&self) -> &str { crate::service::make_name(std::module_path!()) }`
			`}`

			`impl Service {`
rename conduit to conduwuit finally 2024-12-14 21:58:01 -05:00			`/// Sets the emergency password and push rules for the server user account`
			`/// in case emergency password is set`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`async fn set_emergency_access(&self) -> Result {`
rename conduit to conduwuit finally 2024-12-14 21:58:01 -05:00			`let server_user = &self.services.globals.server_user;`
de-global services for services 2024-07-18 06:37:47 +00:00
			`self.services`
			`.users`
feat: ldap login 2025-08-09 15:06:48 +02:00			`.set_password(server_user, self.services.config.emergency_password.as_deref())`
			`.await?;`
de-global services for services 2024-07-18 06:37:47 +00:00
refactor+fix various issues with regs/logins and admin user commands 2025-03-02 23:16:30 -05:00			`let (ruleset, pwd_set) = match self.services.config.emergency_password {`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`\| Some(_) => (Ruleset::server_default(server_user), true),`
			`\| None => (Ruleset::new(), false),`
de-global services for services 2024-07-18 06:37:47 +00:00			`};`

Database Refactor 2024-08-08 17:18:30 +00:00			`self.services`
			`.account_data`
			`.update(`
			`None,`
rename conduit to conduwuit finally 2024-12-14 21:58:01 -05:00			`server_user,`
Database Refactor 2024-08-08 17:18:30 +00:00			`GlobalAccountDataEventType::PushRules.to_string().into(),`
			`&serde_json::to_value(&GlobalAccountDataEvent {`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`content: PushRulesEventContent { global: ruleset },`
Database Refactor 2024-08-08 17:18:30 +00:00			`})`
			`.expect("to json value always works"),`
			`)`
			`.await?;`
de-global services for services 2024-07-18 06:37:47 +00:00
			`if pwd_set {`
			`warn!(`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`"The server account emergency password is set! Please unset it as soon as you \`
			`finish admin account recovery! You will be logged out of the server service \`
			`account when you finish."`
de-global services for services 2024-07-18 06:37:47 +00:00			`);`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`Ok(())`
de-global services for services 2024-07-18 06:37:47 +00:00			`} else {`
			`// logs out any users still in the server service account and removes sessions`
apply new rustfmt.toml changes, fix some clippy lints 2024-12-15 00:05:47 -05:00			`self.services.users.deactivate_account(server_user).await`
de-global services for services 2024-07-18 06:37:47 +00:00			`}`
			`}`
			`}`