2020-11-22 13:49:34 +01:00
|
|
|
class AuthD::Request
|
|
|
|
IPC::JSON.message ValidateUser, 2 do
|
2023-06-12 01:56:31 +02:00
|
|
|
property user : UserID
|
|
|
|
property activation_key : String
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-12 01:56:31 +02:00
|
|
|
def initialize(@user, @activation_key)
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
2023-06-12 01:56:31 +02:00
|
|
|
user = authd.user? @user
|
2023-06-12 14:40:03 +02:00
|
|
|
# This is a way for an attacker to know what are the valid logins.
|
|
|
|
# Not sure I care enough to fix this.
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorUserNotFound.new if user.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
if user.contact.activation_key.nil?
|
2023-06-14 02:07:03 +02:00
|
|
|
return Response::ErrorUserAlreadyValidated.new
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-12 01:56:31 +02:00
|
|
|
# Remove the user contact activation key: the email is validated.
|
2020-11-22 13:49:34 +01:00
|
|
|
if user.contact.activation_key == @activation_key
|
|
|
|
user.contact.activation_key = nil
|
|
|
|
else
|
2023-06-14 02:07:03 +02:00
|
|
|
return Response::ErrorInvalidActivationKey.new
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
authd.users_per_uid.update user.uid.to_s, user
|
|
|
|
|
|
|
|
Response::UserValidated.new user.to_public
|
|
|
|
end
|
|
|
|
end
|
|
|
|
AuthD.requests << ValidateUser
|
|
|
|
|
2023-06-13 03:15:08 +02:00
|
|
|
IPC::JSON.message GetUser, 5 do
|
2023-06-12 01:56:31 +02:00
|
|
|
property user : UserID
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
def initialize(@user)
|
|
|
|
end
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
2023-06-12 14:40:03 +02:00
|
|
|
logged_user = authd.get_logged_user? fd
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
2023-06-12 14:40:03 +02:00
|
|
|
|
2023-06-12 01:56:31 +02:00
|
|
|
user = authd.user? @user
|
2023-06-12 14:40:03 +02:00
|
|
|
# This is a way for an attacker to know what are the valid logins.
|
|
|
|
# Not sure I care enough to fix this.
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorUserNotFound.new if user.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
Response::User.new user.to_public
|
|
|
|
end
|
|
|
|
end
|
|
|
|
AuthD.requests << GetUser
|
|
|
|
end
|