authd/src/requests/admin.cr

class AuthD::Request
	IPC::JSON.message AddUser, 9 do
		property login      : String
		property password   : String
		property admin      : Bool                     = false
		property email      : String?                  = nil
		property profile    : Hash(String, JSON::Any)? = nil

		def initialize(@login, @password, @admin, @email, @profile)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			logged_user = authd.get_logged_user_full? fd
			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?

			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)

			if authd.users_per_login.get? @login
				return Response::ErrorAlreadyUsedLogin.new
			end

			# No verification of the user's informations when an admin adds it.
			# No mail address verification.
			if authd.configuration.require_email && @email.nil?
				return Response::ErrorMailRequired.new
			end

			password_hash = authd.hash_password @password

			uid = authd.new_uid

			user = User.new uid, @login, password_hash
			user.contact.email = @email unless @email.nil?
			user.admin         = @admin

			@profile.try do |profile|
				user.profile = profile
			end

			# We consider adding the user as a registration.
			user.date_registration = Time.local

			authd.users << user
			authd.new_uid_commit uid
			Response::UserAdded.new user.to_public
		end
	end
	AuthD.requests << AddUser

	IPC::JSON.message BootstrapFirstAdmin, 13 do
		property login      : String
		property password   : String
		property email      : String?                  = nil
		property profile    : Hash(String, JSON::Any)? = nil

		def initialize(@login, @password, @email, @profile = nil)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			# Check if there already is a registered user.
			if authd.users.to_a.size > 0
				return Response::ErrorAlreadyUsersInDB.new
			end

			password_hash = authd.hash_password @password

			uid = authd.new_uid

			user = User.new uid, @login, password_hash
			user.contact.email = @email unless @email.nil?
			user.admin         = true

			@profile.try do |profile|
				user.profile = profile
			end

			# We consider adding the user as a registration.
			user.date_registration = Time.local

			authd.users << user
			authd.new_uid_commit uid
			Response::UserAdded.new user.to_public
		end
	end
	AuthD.requests << BootstrapFirstAdmin

	IPC::JSON.message DecodeToken, 14 do
		property token   : String

		def initialize(@token)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			logged_user = authd.get_logged_user_full? fd
			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
			logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)

			token_payload = AuthD::Token.from_s authd.configuration.secret_key, token
			user = authd.users_per_uid.get? token_payload.uid.to_s
			if user
				Response::User.new user.to_public
			else
				Response::ErrorUserNotFound.new
			end
		end
	end
	AuthD.requests << DecodeToken
end
New authd code structure. 2020-11-22 13:49:34 +01:00			`class AuthD::Request`
Change message numbers. 2023-06-13 03:15:08 +02:00			`IPC::JSON.message AddUser, 9 do`
New authd code structure. 2020-11-22 13:49:34 +01:00			`property login : String`
			`property password : String`
Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`property admin : Bool = false`
New authd code structure. 2020-11-22 13:49:34 +01:00			`property email : String? = nil`
			`property profile : Hash(String, JSON::Any)? = nil`

Removing "phone" and EditContact message (ModUser could be used instead). 2023-06-12 23:24:49 +02:00			`def initialize(@login, @password, @admin, @email, @profile)`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`def handle(authd : AuthD::Service, fd : Int32)`
More fine-grained authorizations and remove useless message GetUserByCredentials. 2023-06-12 14:40:03 +02:00			`logged_user = authd.get_logged_user_full? fd`
Errors now have dedicated messages. 2023-06-14 01:46:38 +02:00			`return Response::ErrorMustBeAuthenticated.new if logged_user.nil?`
More fine-grained authorizations and remove useless message GetUserByCredentials. 2023-06-12 14:40:03 +02:00
			`logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)`
New authd code structure. 2020-11-22 13:49:34 +01:00
			`if authd.users_per_login.get? @login`
Errors now have dedicated messages. 2023-06-14 01:46:38 +02:00			`return Response::ErrorAlreadyUsedLogin.new`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

Slowly embrace the logged-authenticated-user logic. 2023-06-11 16:39:16 +02:00			`# No verification of the user's informations when an admin adds it.`
			`# No mail address verification.`
New authd code structure. 2020-11-22 13:49:34 +01:00			`if authd.configuration.require_email && @email.nil?`
Errors now have dedicated messages. 2023-06-14 01:46:38 +02:00			`return Response::ErrorMailRequired.new`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

			`password_hash = authd.hash_password @password`

			`uid = authd.new_uid`

			`user = User.new uid, @login, password_hash`
			`user.contact.email = @email unless @email.nil?`
Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`user.admin = @admin`
New authd code structure. 2020-11-22 13:49:34 +01:00
			`@profile.try do \|profile\|`
			`user.profile = profile`
			`end`

Slowly embrace the logged-authenticated-user logic. 2023-06-11 16:39:16 +02:00			`# We consider adding the user as a registration.`
New authd code structure. 2020-11-22 13:49:34 +01:00			`user.date_registration = Time.local`

			`authd.users << user`
Update whole structure + new LibIPC API. 2023-02-09 17:55:34 +01:00			`authd.new_uid_commit uid`
New authd code structure. 2020-11-22 13:49:34 +01:00			`Response::UserAdded.new user.to_public`
			`end`
			`end`
			`AuthD.requests << AddUser`
s/shared key/secret key/ + new bootstrap request + some cleaning. 2023-06-13 23:40:34 +02:00
			`IPC::JSON.message BootstrapFirstAdmin, 13 do`
			`property login : String`
			`property password : String`
			`property email : String? = nil`
			`property profile : Hash(String, JSON::Any)? = nil`

			`def initialize(@login, @password, @email, @profile = nil)`
			`end`

			`def handle(authd : AuthD::Service, fd : Int32)`
			`# Check if there already is a registered user.`
			`if authd.users.to_a.size > 0`
All explicit errors in requests are now dedicated errors. 2023-06-14 02:07:03 +02:00			`return Response::ErrorAlreadyUsersInDB.new`
s/shared key/secret key/ + new bootstrap request + some cleaning. 2023-06-13 23:40:34 +02:00			`end`

			`password_hash = authd.hash_password @password`

			`uid = authd.new_uid`

			`user = User.new uid, @login, password_hash`
			`user.contact.email = @email unless @email.nil?`
			`user.admin = true`

			`@profile.try do \|profile\|`
			`user.profile = profile`
			`end`

			`# We consider adding the user as a registration.`
			`user.date_registration = Time.local`

			`authd.users << user`
			`authd.new_uid_commit uid`
			`Response::UserAdded.new user.to_public`
			`end`
			`end`
			`AuthD.requests << BootstrapFirstAdmin`
New DecodeToken request. 2023-06-14 18:39:23 +02:00
			`IPC::JSON.message DecodeToken, 14 do`
			`property token : String`

			`def initialize(@token)`
			`end`

			`def handle(authd : AuthD::Service, fd : Int32)`
			`logged_user = authd.get_logged_user_full? fd`
			`return Response::ErrorMustBeAuthenticated.new if logged_user.nil?`
			`logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)`

			`token_payload = AuthD::Token.from_s authd.configuration.secret_key, token`
			`user = authd.users_per_uid.get? token_payload.uid.to_s`
			`if user`
			`Response::User.new user.to_public`
			`else`
			`Response::ErrorUserNotFound.new`
			`end`
			`end`
			`end`
			`AuthD.requests << DecodeToken`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`