diff --git a/src/authd/client.cr b/src/authd/client.cr index 65badb1..ae221fb 100644 --- a/src/authd/client.cr +++ b/src/authd/client.cr @@ -242,12 +242,8 @@ module AuthD end end - def delete(user : Int32 | String, key : String) - send_now Request::Delete.new user, key - delete_ - end - def delete(user : Int32 | String, login : String, pass : String) - send_now Request::Delete.new user, login, pass + def delete(user : Int32 | String) + send_now Request::Delete.new user delete_ end def delete_ diff --git a/src/client.cr b/src/client.cr index b3c9eb2..09cfec0 100644 --- a/src/client.cr +++ b/src/client.cr @@ -80,6 +80,8 @@ class Actions password = Actions.ask_password exit 1 unless password + # TODO: login. + # By default: no phone, not admin. pp! authd.add_user login, password.not_nil!, false, email, nil, profile: profile rescue e : AuthD::Exception @@ -120,6 +122,8 @@ class Actions email = Context.email phone = Context.phone + # TODO: login. + Baguette::Log.error "This function shouldn't be used for now." Baguette::Log.error "It is way too cumbersome." @@ -131,12 +135,10 @@ class Actions args = Context.args.not_nil! userid = args[0].to_i - # Check if the request comes from an admin or the user. - res = if Context.shared_key.nil? - authd.delete userid, Context.authd_login, Context.authd_pass - else - authd.delete userid, Context.shared_key - end + # Context.authd_login, Context.authd_pass + # TODO: login. + + res = authd.delete userid puts res end @@ -159,6 +161,7 @@ class Actions def user_recovery args = Context.args.not_nil! login, email = args[0..1] + # TODO: login. pp! authd.ask_password_recovery login, email end @@ -167,6 +170,7 @@ class Actions user, application, resource = args[0..2] # pp! user, application, resource + # TODO: login. res = @authd.check_permission user.to_i, application, resource puts res end @@ -176,6 +180,7 @@ class Actions user, application, resource, permission = args[0..3] # pp! user, application, resource, permission + # TODO: login. perm = AuthD::User::PermissionLevel.parse(permission) res = @authd.set_permission user.to_i, application, resource, perm puts res diff --git a/src/requests/permissions.cr b/src/requests/permissions.cr index 4900632..c2818d0 100644 --- a/src/requests/permissions.cr +++ b/src/requests/permissions.cr @@ -1,42 +1,21 @@ class AuthD::Request IPC::JSON.message CheckPermission, 9 do - property shared_key : String? = nil - property token : String? = nil - property user : Int32 | String property service : String property resource : String - def initialize(@shared_key, @user, @service, @resource) + def initialize(@user, @service, @resource) end def handle(authd : AuthD::Service, fd : Int32) - authorized = false - - if key = @shared_key - if key == authd.configuration.shared_key - authorized = true - else - return Response::Error.new "invalid key provided" - end + # Get currently logged user. + logged_user = authd.get_logged_user? fd + if logged_user.nil? + return Response::Error.new "you must be logged" end - if token = @token - user = authd.get_user_from_token token - - if user.nil? - return Response::Error.new "token does not match user" - end - - if user.login != @user && user.uid != @user - return Response::Error.new "token does not match user" - end - - authorized = true - end - - unless authorized - return Response::Error.new "unauthorized" + unless logged_user.admin + return Response::Error.new "unauthorized (not admin)" end user = case u = @user