Baguette/authd
3
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Slowly embrace the logged-authenticated-user logic.

Browse Source
This commit is contained in:
Philippe Pittoli 2023-06-11 16:39:16 +02:00
parent 4989218a79
commit 7958e7812e
4 changed files with 45 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/requests/admin.cr
View File

@ -11,14 +11,17 @@ class AuthD::Request
end end
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
# No verification of the users' informations when an admin adds it. logged_user = authd.get_logged_user? fd
# No mail address verification.
# TODO: ADMIN OPERATION, verify the logged user is an admin. return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
if authd.users_per_login.get? @login if authd.users_per_login.get? @login
return Response::Error.new "login already used" return Response::Error.new "login already used"
end end
# No verification of the user's informations when an admin adds it.
# No mail address verification.
if authd.configuration.require_email && @email.nil? if authd.configuration.require_email && @email.nil?
return Response::Error.new "email required" return Response::Error.new "email required"
end end
@ -36,7 +39,7 @@ class AuthD::Request
user.profile = profile user.profile = profile
end end
# We consider adding the user as a registration # We consider adding the user as a registration.
user.date_registration = Time.local user.date_registration = Time.local
authd.users << user authd.users << user
@ -48,8 +51,6 @@ class AuthD::Request
IPC::JSON.message ModUser, 5 do IPC::JSON.message ModUser, 5 do
property shared_key : String
property user : Int32 | String property user : Int32 | String
property admin : Bool = false property admin : Bool = false
property password : String? = nil property password : String? = nil
@ -57,23 +58,21 @@ class AuthD::Request
property phone : String? = nil property phone : String? = nil
property avatar : String? = nil property avatar : String? = nil
def initialize(@shared_key, @user) def initialize(@user, @admin, @password, @email, @phone, @avatar)
end end
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
if @shared_key != authd.configuration.shared_key logged_user = authd.get_logged_user? fd
return Response::Error.new "invalid authentication key"
end
uid_or_login = @user return Response::Error.new "you must be logged" if logged_user.nil?
user = if uid_or_login.is_a? Int32
authd.users_per_uid.get? uid_or_login.to_s
else
authd.users_per_login.get? uid_or_login
end
unless user user = authd.user? @user
return Response::Error.new "user not found"
return Response::Error.new "user not found" if user.nil?
# Only an admin can create an admin.
if @admin
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
end end
@password.try do |s| @password.try do |s|

27
src/requests/contact.cr
View File

@ -1,17 +1,18 @@
class AuthD::Request class AuthD::Request
IPC::JSON.message EditContacts, 16 do IPC::JSON.message EditContacts, 16 do
property token : String
property email : String? = nil property email : String? = nil
property phone : String? = nil property phone : String? = nil
def initialize(@token) def initialize(@email, @phone)
end end
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
user = authd.get_user_from_token @token logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "invalid user" unless user # Get the full AuthD::User instance, not just the public view.
user = authd.user? logged_user.uid
return Response::Error.new "unknown user" if user.nil?
if email = @email if email = @email
# FIXME: This *should* require checking the new mail, with # FIXME: This *should* require checking the new mail, with
@ -19,6 +20,10 @@ class AuthD::Request
user.contact.email = email user.contact.email = email
end end
if phone = @phone
user.contact.phone = phone
end
authd.users_per_uid.update user authd.users_per_uid.update user
Response::UserEdited.new user.uid Response::UserEdited.new user.uid
@ -27,18 +32,18 @@ class AuthD::Request
AuthD.requests << EditContacts AuthD.requests << EditContacts
IPC::JSON.message GetContacts, 18 do IPC::JSON.message GetContacts, 18 do
property token : String def initialize()
def initialize(@token)
end end
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
user = authd.get_user_from_token @token logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "invalid user" unless user # Get the full AuthD::User instance, not just the public view.
user = authd.user? logged_user.uid
return Response::Error.new "unknown user" if user.nil?
_c = user.contact _c = user.contact
Response::Contacts.new user.uid, _c.email, _c.phone Response::Contacts.new user.uid, _c.email, _c.phone
end end
end end

5
src/requests/login.cr
View File

@ -24,9 +24,12 @@ class AuthD::Request
user.date_last_connection = Time.local user.date_last_connection = Time.local
token = user.to_token token = user.to_token
# change the date of the last connection # Change the date of the last connection.
authd.users_per_uid.update user.uid.to_s, user authd.users_per_uid.update user.uid.to_s, user
# On successuful connection: store the authenticated user in a hash.
authd.logged_users[fd] = user.to_public
Response::Login.new (token.to_s authd.configuration.shared_key), user.uid Response::Login.new (token.to_s authd.configuration.shared_key), user.uid
end end
end end

24
src/requests/permissions.cr
View File

@ -8,15 +8,10 @@ class AuthD::Request
end end
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
# Get currently logged user.
logged_user = authd.get_logged_user? fd logged_user = authd.get_logged_user? fd
if logged_user.nil?
return Response::Error.new "you must be logged"
end
unless logged_user.admin return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "unauthorized (not admin)" return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
end
user = case u = @user user = case u = @user
when .is_a? Int32 when .is_a? Int32
@ -48,26 +43,23 @@ class AuthD::Request
AuthD.requests << CheckPermission AuthD.requests << CheckPermission
IPC::JSON.message SetPermission, 10 do IPC::JSON.message SetPermission, 10 do
property shared_key : String
property user : Int32 | String property user : Int32 | String
property service : String property service : String
property resource : String property resource : String
property permission : ::AuthD::User::PermissionLevel property permission : ::AuthD::User::PermissionLevel
def initialize(@shared_key, @user, @service, @resource, @permission) def initialize(@user, @service, @resource, @permission)
end end
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
unless @shared_key == authd.configuration.shared_key logged_user = authd.get_logged_user? fd
return Response::Error.new "unauthorized"
end return Response::Error.new "you must be logged" if logged_user.nil?
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
user = authd.users_per_uid.get? @user.to_s user = authd.users_per_uid.get? @user.to_s
if user.nil? return Response::Error.new "no such user" if user.nil?
return Response::Error.new "no such user"
end
service = @service service = @service
service_permissions = user.permissions[service]? service_permissions = user.permissions[service]?