Change login policy: accept more characters and don't mind the order.

migration
Philippe PITTOLI 2024-07-01 20:39:32 +02:00
parent 68f8b141c0
commit 3d44c7c6e8
6 changed files with 43 additions and 18 deletions

19
bin/migration-filter.awk Executable file
View File

@ -0,0 +1,19 @@
#!/usr/bin/gawk -f
BEGIN {
OFS="\t"
should_print = 0
}
$1 ~ /^[-_ %ùÙêÊçÇéÉàÀ+a-zA-Z0-9'@.,;&]+$/ {
should_print = 1
}
should_print == 0 {
print "INVALID:", $1, $2
}
should_print == 1 {
print $1 "\t" $2
should_print = 0
}

View File

@ -43,8 +43,8 @@ register:; $(Q)./bin/authc user register $(NAME) $(EMAIL)
validate:; $(Q)./bin/authc user validate $(NAME) $(ACTIVATION_KEY) validate:; $(Q)./bin/authc user validate $(NAME) $(ACTIVATION_KEY)
get-user:; $(Q)./bin/authc user get $(NAME) $(LOGIN_OPT) get-user:; $(Q)./bin/authc user get $(NAME) $(LOGIN_OPT)
USER_DB ?= /tmp/authd-migration-user-db.txt USER_DB ?= /tmp/migration-authd-user-db.txt
$(USER_DB): ; cat /tmp/usrdb | awk '{ print $$1 "\t" $$2 }' | sort | uniq > $(USER_DB) $(USER_DB): ; ./bin/migration-filter.awk < /tmp/usrdb | grep -a -v "^INVALID" | sort | uniq > $(USER_DB)
migration-file: $(USER_DB) migration-file: $(USER_DB)
migrate-user:; ./bin/authc user migrate $(NAME) $(PASSWORD_HASH) $(LOGIN_OPT) migrate-user:; ./bin/authc user migrate $(NAME) $(PASSWORD_HASH) $(LOGIN_OPT)
migrate-all-users:; ./bin/authc migration-script $(USER_DB) $(LOGIN_OPT) migrate-all-users:; ./bin/authc migration-script $(USER_DB) $(LOGIN_OPT)

17
src/configuration.cr Normal file
View File

@ -0,0 +1,17 @@
require "baguette-crystal-base"
class Baguette::Configuration
class Auth < IPC
property service_name : String = "auth"
property recreate_indexes : Bool = false
property storage : String = "storage"
property registrations : Bool = false
property require_email : Bool = false
property activation_template : String = "email-activation"
property recovery_template : String = "email-recovery"
property mailer_exe : String = "/usr/local/bin/mailer"
property read_only_profile_keys : Array(String) = Array(String).new
property print_password_recovery_parameters : Bool = false
end
end

View File

@ -17,7 +17,7 @@ class AuthD::Request
return Response::ErrorAlreadyUsedLogin.new return Response::ErrorAlreadyUsedLogin.new
end end
acceptable_login_regex = "[a-zA-Z][-_ a-zA-Z0-9']*[a-zA-Z0-9]" acceptable_login_regex = "[-_ %ùÙêÊçÇéÉàÀ+a-zA-Z0-9'@.,;&]+"
pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE
return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login

View File

@ -21,14 +21,17 @@ class AuthD::Request
result = if regex = @regex result = if regex = @regex
pattern = Regex.new regex, Regex::Options::IGNORE_CASE pattern = Regex.new regex, Regex::Options::IGNORE_CASE
users.each do |u| users.each do |u|
puts "trying to match user #{u.login}"
if pattern =~ u.login || u.profile.try do |profile| if pattern =~ u.login || u.profile.try do |profile|
full_name = profile["full_name"]? full_name = profile["full_name"]?
puts "login didn't work, trying to match its full name: #{full_name}"
if full_name.nil? if full_name.nil?
false false
else else
pattern =~ full_name.as_s pattern =~ full_name.as_s
end end
end || u.contact.email.try do |email| end || u.contact.email.try do |email|
puts "full name didn't work, trying to match its email: #{email}"
pattern =~ email pattern =~ email
end end
Baguette::Log.debug "#{u.login} matches #{pattern}" Baguette::Log.debug "#{u.login} matches #{pattern}"

View File

@ -3,21 +3,7 @@ require "sodium"
extend AuthD extend AuthD
class Baguette::Configuration require "./configuration"
class Auth < IPC
property service_name : String = "auth"
property recreate_indexes : Bool = false
property storage : String = "storage"
property registrations : Bool = false
property require_email : Bool = false
property activation_template : String = "email-activation"
property recovery_template : String = "email-recovery"
property mailer_exe : String = "/usr/local/bin/mailer"
property read_only_profile_keys : Array(String) = Array(String).new
property print_password_recovery_parameters : Bool = false
end
end
# Provides a JWT-based authentication scheme for service-specific users. # Provides a JWT-based authentication scheme for service-specific users.
class AuthD::Service < IPC class AuthD::Service < IPC