WIP: remove "shared keys logic" and use logged user hash.
parent
2a267ea7a2
commit
4989218a79
|
|
@ -242,12 +242,8 @@ module AuthD
|
|||
end
|
||||
end
|
||||
|
||||
def delete(user : Int32 | String, key : String)
|
||||
send_now Request::Delete.new user, key
|
||||
delete_
|
||||
end
|
||||
def delete(user : Int32 | String, login : String, pass : String)
|
||||
send_now Request::Delete.new user, login, pass
|
||||
def delete(user : Int32 | String)
|
||||
send_now Request::Delete.new user
|
||||
delete_
|
||||
end
|
||||
def delete_
|
||||
|
|
|
|||
|
|
@ -80,6 +80,8 @@ class Actions
|
|||
password = Actions.ask_password
|
||||
exit 1 unless password
|
||||
|
||||
# TODO: login.
|
||||
|
||||
# By default: no phone, not admin.
|
||||
pp! authd.add_user login, password.not_nil!, false, email, nil, profile: profile
|
||||
rescue e : AuthD::Exception
|
||||
|
|
@ -120,6 +122,8 @@ class Actions
|
|||
email = Context.email
|
||||
phone = Context.phone
|
||||
|
||||
# TODO: login.
|
||||
|
||||
Baguette::Log.error "This function shouldn't be used for now."
|
||||
Baguette::Log.error "It is way too cumbersome."
|
||||
|
||||
|
|
@ -131,12 +135,10 @@ class Actions
|
|||
args = Context.args.not_nil!
|
||||
userid = args[0].to_i
|
||||
|
||||
# Check if the request comes from an admin or the user.
|
||||
res = if Context.shared_key.nil?
|
||||
authd.delete userid, Context.authd_login, Context.authd_pass
|
||||
else
|
||||
authd.delete userid, Context.shared_key
|
||||
end
|
||||
# Context.authd_login, Context.authd_pass
|
||||
# TODO: login.
|
||||
|
||||
res = authd.delete userid
|
||||
|
||||
puts res
|
||||
end
|
||||
|
|
@ -159,6 +161,7 @@ class Actions
|
|||
def user_recovery
|
||||
args = Context.args.not_nil!
|
||||
login, email = args[0..1]
|
||||
# TODO: login.
|
||||
pp! authd.ask_password_recovery login, email
|
||||
end
|
||||
|
||||
|
|
@ -167,6 +170,7 @@ class Actions
|
|||
user, application, resource = args[0..2]
|
||||
# pp! user, application, resource
|
||||
|
||||
# TODO: login.
|
||||
res = @authd.check_permission user.to_i, application, resource
|
||||
puts res
|
||||
end
|
||||
|
|
@ -176,6 +180,7 @@ class Actions
|
|||
user, application, resource, permission = args[0..3]
|
||||
# pp! user, application, resource, permission
|
||||
|
||||
# TODO: login.
|
||||
perm = AuthD::User::PermissionLevel.parse(permission)
|
||||
res = @authd.set_permission user.to_i, application, resource, perm
|
||||
puts res
|
||||
|
|
|
|||
|
|
@ -1,42 +1,21 @@
|
|||
class AuthD::Request
|
||||
IPC::JSON.message CheckPermission, 9 do
|
||||
property shared_key : String? = nil
|
||||
property token : String? = nil
|
||||
|
||||
property user : Int32 | String
|
||||
property service : String
|
||||
property resource : String
|
||||
|
||||
def initialize(@shared_key, @user, @service, @resource)
|
||||
def initialize(@user, @service, @resource)
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
authorized = false
|
||||
|
||||
if key = @shared_key
|
||||
if key == authd.configuration.shared_key
|
||||
authorized = true
|
||||
else
|
||||
return Response::Error.new "invalid key provided"
|
||||
end
|
||||
# Get currently logged user.
|
||||
logged_user = authd.get_logged_user? fd
|
||||
if logged_user.nil?
|
||||
return Response::Error.new "you must be logged"
|
||||
end
|
||||
|
||||
if token = @token
|
||||
user = authd.get_user_from_token token
|
||||
|
||||
if user.nil?
|
||||
return Response::Error.new "token does not match user"
|
||||
end
|
||||
|
||||
if user.login != @user && user.uid != @user
|
||||
return Response::Error.new "token does not match user"
|
||||
end
|
||||
|
||||
authorized = true
|
||||
end
|
||||
|
||||
unless authorized
|
||||
return Response::Error.new "unauthorized"
|
||||
unless logged_user.admin
|
||||
return Response::Error.new "unauthorized (not admin)"
|
||||
end
|
||||
|
||||
user = case u = @user
|
||||
|
|
|
|||
Loading…
Reference in New Issue