From 3d44c7c6e852140f89c4cd23f658c0582a67beb9 Mon Sep 17 00:00:00 2001 From: Philippe PITTOLI Date: Mon, 1 Jul 2024 20:39:32 +0200 Subject: [PATCH] Change login policy: accept more characters and don't mind the order. --- bin/migration-filter.awk | 19 +++++++++++++++++++ makefile | 4 ++-- src/configuration.cr | 17 +++++++++++++++++ src/requests/register.cr | 2 +- src/requests/search.cr | 3 +++ src/service.cr | 16 +--------------- 6 files changed, 43 insertions(+), 18 deletions(-) create mode 100755 bin/migration-filter.awk create mode 100644 src/configuration.cr diff --git a/bin/migration-filter.awk b/bin/migration-filter.awk new file mode 100755 index 0000000..c9185ba --- /dev/null +++ b/bin/migration-filter.awk @@ -0,0 +1,19 @@ +#!/usr/bin/gawk -f + +BEGIN { + OFS="\t" + should_print = 0 +} + +$1 ~ /^[-_ %ùÙêÊçÇéÉàÀ+a-zA-Z0-9'@.,;&]+$/ { + should_print = 1 +} + +should_print == 0 { + print "INVALID:", $1, $2 +} + +should_print == 1 { + print $1 "\t" $2 + should_print = 0 +} diff --git a/makefile b/makefile index 05bc98c..f155f5c 100644 --- a/makefile +++ b/makefile @@ -43,8 +43,8 @@ register:; $(Q)./bin/authc user register $(NAME) $(EMAIL) validate:; $(Q)./bin/authc user validate $(NAME) $(ACTIVATION_KEY) get-user:; $(Q)./bin/authc user get $(NAME) $(LOGIN_OPT) -USER_DB ?= /tmp/authd-migration-user-db.txt -$(USER_DB): ; cat /tmp/usrdb | awk '{ print $$1 "\t" $$2 }' | sort | uniq > $(USER_DB) +USER_DB ?= /tmp/migration-authd-user-db.txt +$(USER_DB): ; ./bin/migration-filter.awk < /tmp/usrdb | grep -a -v "^INVALID" | sort | uniq > $(USER_DB) migration-file: $(USER_DB) migrate-user:; ./bin/authc user migrate $(NAME) $(PASSWORD_HASH) $(LOGIN_OPT) migrate-all-users:; ./bin/authc migration-script $(USER_DB) $(LOGIN_OPT) diff --git a/src/configuration.cr b/src/configuration.cr new file mode 100644 index 0000000..885add5 --- /dev/null +++ b/src/configuration.cr @@ -0,0 +1,17 @@ +require "baguette-crystal-base" + +class Baguette::Configuration + class Auth < IPC + property service_name : String = "auth" + property recreate_indexes : Bool = false + property storage : String = "storage" + property registrations : Bool = false + property require_email : Bool = false + property activation_template : String = "email-activation" + property recovery_template : String = "email-recovery" + property mailer_exe : String = "/usr/local/bin/mailer" + property read_only_profile_keys : Array(String) = Array(String).new + + property print_password_recovery_parameters : Bool = false + end +end diff --git a/src/requests/register.cr b/src/requests/register.cr index 9ebea28..4cbd90b 100644 --- a/src/requests/register.cr +++ b/src/requests/register.cr @@ -17,7 +17,7 @@ class AuthD::Request return Response::ErrorAlreadyUsedLogin.new end - acceptable_login_regex = "[a-zA-Z][-_ a-zA-Z0-9']*[a-zA-Z0-9]" + acceptable_login_regex = "[-_ %ùÙêÊçÇéÉàÀ+a-zA-Z0-9'@.,;&]+" pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login diff --git a/src/requests/search.cr b/src/requests/search.cr index ce82e3d..474ddf3 100644 --- a/src/requests/search.cr +++ b/src/requests/search.cr @@ -21,14 +21,17 @@ class AuthD::Request result = if regex = @regex pattern = Regex.new regex, Regex::Options::IGNORE_CASE users.each do |u| + puts "trying to match user #{u.login}" if pattern =~ u.login || u.profile.try do |profile| full_name = profile["full_name"]? + puts "login didn't work, trying to match its full name: #{full_name}" if full_name.nil? false else pattern =~ full_name.as_s end end || u.contact.email.try do |email| + puts "full name didn't work, trying to match its email: #{email}" pattern =~ email end Baguette::Log.debug "#{u.login} matches #{pattern}" diff --git a/src/service.cr b/src/service.cr index ea93a26..9e27909 100644 --- a/src/service.cr +++ b/src/service.cr @@ -3,21 +3,7 @@ require "sodium" extend AuthD -class Baguette::Configuration - class Auth < IPC - property service_name : String = "auth" - property recreate_indexes : Bool = false - property storage : String = "storage" - property registrations : Bool = false - property require_email : Bool = false - property activation_template : String = "email-activation" - property recovery_template : String = "email-recovery" - property mailer_exe : String = "/usr/local/bin/mailer" - property read_only_profile_keys : Array(String) = Array(String).new - - property print_password_recovery_parameters : Bool = false - end -end +require "./configuration" # Provides a JWT-based authentication scheme for service-specific users. class AuthD::Service < IPC