Users can now safely change their email address.

This commit is contained in:
Philippe PITTOLI 2024-06-26 01:33:58 +02:00
parent 16b2869827
commit 11f5b0872b
2 changed files with 16 additions and 5 deletions

View File

@ -4,6 +4,8 @@ require "uuid"
class AuthD::User
include JSON::Serializable
def_clone
enum PermissionLevel
None
Read
@ -18,6 +20,8 @@ class AuthD::User
class Contact
include JSON::Serializable
def_clone
# the activation key is removed once the user is validated
property activation_key : String? = nil
property email : String?

View File

@ -12,6 +12,7 @@ class AuthD::Request
logged_user = authd.get_logged_user_full? fd
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
# The user will be modified, we should get a COPY of the user.
user = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
authd.user? u
@ -20,23 +21,29 @@ class AuthD::Request
end
return Response::ErrorUserNotFound.new if user.nil?
cloned_user : AuthD::User = user.clone
# Only an admin can uprank or downrank someone.
if admin = @admin
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
user.admin = admin
cloned_user.admin = admin
end
@password.try do |s|
user.password_hash = authd.hash_password s
cloned_user.password_hash = authd.hash_password s
end
@email.try do |email|
user.contact.email = email
cloned_user.contact.email = email
end
authd.users_per_uid.update user.uid.to_s, user
begin
authd.users_per_uid.update cloned_user.uid.to_s, cloned_user
rescue e
return Response::Error.new "could not update the user (email may already be used)"
end
Response::UserEdited.new user.uid
Response::UserEdited.new cloned_user.uid
end
end
AuthD.requests << ModUser