WIP: remove "shared keys logic" and use logged user hash.

master
Philippe Pittoli 2023-06-10 18:27:50 +02:00
parent 2a267ea7a2
commit 4989218a79
3 changed files with 20 additions and 40 deletions

View File

@ -242,12 +242,8 @@ module AuthD
end
end
def delete(user : Int32 | String, key : String)
send_now Request::Delete.new user, key
delete_
end
def delete(user : Int32 | String, login : String, pass : String)
send_now Request::Delete.new user, login, pass
def delete(user : Int32 | String)
send_now Request::Delete.new user
delete_
end
def delete_

View File

@ -80,6 +80,8 @@ class Actions
password = Actions.ask_password
exit 1 unless password
# TODO: login.
# By default: no phone, not admin.
pp! authd.add_user login, password.not_nil!, false, email, nil, profile: profile
rescue e : AuthD::Exception
@ -120,6 +122,8 @@ class Actions
email = Context.email
phone = Context.phone
# TODO: login.
Baguette::Log.error "This function shouldn't be used for now."
Baguette::Log.error "It is way too cumbersome."
@ -131,12 +135,10 @@ class Actions
args = Context.args.not_nil!
userid = args[0].to_i
# Check if the request comes from an admin or the user.
res = if Context.shared_key.nil?
authd.delete userid, Context.authd_login, Context.authd_pass
else
authd.delete userid, Context.shared_key
end
# Context.authd_login, Context.authd_pass
# TODO: login.
res = authd.delete userid
puts res
end
@ -159,6 +161,7 @@ class Actions
def user_recovery
args = Context.args.not_nil!
login, email = args[0..1]
# TODO: login.
pp! authd.ask_password_recovery login, email
end
@ -167,6 +170,7 @@ class Actions
user, application, resource = args[0..2]
# pp! user, application, resource
# TODO: login.
res = @authd.check_permission user.to_i, application, resource
puts res
end
@ -176,6 +180,7 @@ class Actions
user, application, resource, permission = args[0..3]
# pp! user, application, resource, permission
# TODO: login.
perm = AuthD::User::PermissionLevel.parse(permission)
res = @authd.set_permission user.to_i, application, resource, perm
puts res

View File

@ -1,42 +1,21 @@
class AuthD::Request
IPC::JSON.message CheckPermission, 9 do
property shared_key : String? = nil
property token : String? = nil
property user : Int32 | String
property service : String
property resource : String
def initialize(@shared_key, @user, @service, @resource)
def initialize(@user, @service, @resource)
end
def handle(authd : AuthD::Service, fd : Int32)
authorized = false
if key = @shared_key
if key == authd.configuration.shared_key
authorized = true
else
return Response::Error.new "invalid key provided"
end
# Get currently logged user.
logged_user = authd.get_logged_user? fd
if logged_user.nil?
return Response::Error.new "you must be logged"
end
if token = @token
user = authd.get_user_from_token token
if user.nil?
return Response::Error.new "token does not match user"
end
if user.login != @user && user.uid != @user
return Response::Error.new "token does not match user"
end
authorized = true
end
unless authorized
return Response::Error.new "unauthorized"
unless logged_user.admin
return Response::Error.new "unauthorized (not admin)"
end
user = case u = @user