Baguette
/
authd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Slowly embrace the logged-authenticated-user logic.

master
Philippe Pittoli 2023-06-11 16:39:16 +02:00
parent 4989218a79
commit 7958e7812e
4 changed files with 45 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/requests/admin.cr
View File

@ -11,14 +11,17 @@ class AuthD::Request
end
def handle(authd : AuthD::Service, fd : Int32)
# No verification of the users' informations when an admin adds it.
# No mail address verification.
# TODO: ADMIN OPERATION, verify the logged user is an admin.
logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
if authd.users_per_login.get? @login
return Response::Error.new "login already used"
end
# No verification of the user's informations when an admin adds it.
# No mail address verification.
if authd.configuration.require_email && @email.nil?
return Response::Error.new "email required"
end
@ -36,7 +39,7 @@ class AuthD::Request
user.profile = profile
end
# We consider adding the user as a registration
# We consider adding the user as a registration.
user.date_registration = Time.local
authd.users << user
@ -48,8 +51,6 @@ class AuthD::Request
IPC::JSON.message ModUser, 5 do
property shared_key : String
property user : Int32 | String
property admin : Bool = false
property password : String? = nil
@ -57,23 +58,21 @@ class AuthD::Request
property phone : String? = nil
property avatar : String? = nil
def initialize(@shared_key, @user)
def initialize(@user, @admin, @password, @email, @phone, @avatar)
end
def handle(authd : AuthD::Service, fd : Int32)
if @shared_key != authd.configuration.shared_key
return Response::Error.new "invalid authentication key"
end
logged_user = authd.get_logged_user? fd
uid_or_login = @user
user = if uid_or_login.is_a? Int32
authd.users_per_uid.get? uid_or_login.to_s
else
authd.users_per_login.get? uid_or_login
end
return Response::Error.new "you must be logged" if logged_user.nil?
unless user
return Response::Error.new "user not found"
user = authd.user? @user
return Response::Error.new "user not found" if user.nil?
# Only an admin can create an admin.
if @admin
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
end
@password.try do |s|

27
src/requests/contact.cr
View File

@ -1,17 +1,18 @@
class AuthD::Request
IPC::JSON.message EditContacts, 16 do
property token : String
property email : String? = nil
property phone : String? = nil
def initialize(@token)
def initialize(@email, @phone)
end
def handle(authd : AuthD::Service, fd : Int32)
user = authd.get_user_from_token @token
logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "invalid user" unless user
# Get the full AuthD::User instance, not just the public view.
user = authd.user? logged_user.uid
return Response::Error.new "unknown user" if user.nil?
if email = @email
# FIXME: This *should* require checking the new mail, with
@ -19,6 +20,10 @@ class AuthD::Request
user.contact.email = email
end
if phone = @phone
user.contact.phone = phone
end
authd.users_per_uid.update user
Response::UserEdited.new user.uid
@ -27,18 +32,18 @@ class AuthD::Request
AuthD.requests << EditContacts
IPC::JSON.message GetContacts, 18 do
property token : String
def initialize(@token)
def initialize()
end
def handle(authd : AuthD::Service, fd : Int32)
user = authd.get_user_from_token @token
logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "invalid user" unless user
# Get the full AuthD::User instance, not just the public view.
user = authd.user? logged_user.uid
return Response::Error.new "unknown user" if user.nil?
_c = user.contact
Response::Contacts.new user.uid, _c.email, _c.phone
end
end

5
src/requests/login.cr
View File

@ -24,9 +24,12 @@ class AuthD::Request
user.date_last_connection = Time.local
token = user.to_token
# change the date of the last connection
# Change the date of the last connection.
authd.users_per_uid.update user.uid.to_s, user
# On successuful connection: store the authenticated user in a hash.
authd.logged_users[fd] = user.to_public
Response::Login.new (token.to_s authd.configuration.shared_key), user.uid
end
end

24
src/requests/permissions.cr
View File

@ -8,15 +8,10 @@ class AuthD::Request
end
def handle(authd : AuthD::Service, fd : Int32)
# Get currently logged user.
logged_user = authd.get_logged_user? fd
if logged_user.nil?
return Response::Error.new "you must be logged"
end
unless logged_user.admin
return Response::Error.new "unauthorized (not admin)"
end
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
user = case u = @user
when .is_a? Int32
@ -48,26 +43,23 @@ class AuthD::Request
AuthD.requests << CheckPermission
IPC::JSON.message SetPermission, 10 do
property shared_key : String
property user : Int32 | String
property service : String
property resource : String
property permission : ::AuthD::User::PermissionLevel
def initialize(@shared_key, @user, @service, @resource, @permission)
def initialize(@user, @service, @resource, @permission)
end
def handle(authd : AuthD::Service, fd : Int32)
unless @shared_key == authd.configuration.shared_key
return Response::Error.new "unauthorized"
end
logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
user = authd.users_per_uid.get? @user.to_s
if user.nil?
return Response::Error.new "no such user"
end
return Response::Error.new "no such user" if user.nil?
service = @service
service_permissions = user.permissions[service]?