Slowly embrace the logged-authenticated-user logic.
This commit is contained in:
parent
4989218a79
commit
7958e7812e
@ -11,14 +11,17 @@ class AuthD::Request
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
# No verification of the users' informations when an admin adds it.
|
||||
# No mail address verification.
|
||||
# TODO: ADMIN OPERATION, verify the logged user is an admin.
|
||||
logged_user = authd.get_logged_user? fd
|
||||
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
|
||||
|
||||
if authd.users_per_login.get? @login
|
||||
return Response::Error.new "login already used"
|
||||
end
|
||||
|
||||
# No verification of the user's informations when an admin adds it.
|
||||
# No mail address verification.
|
||||
if authd.configuration.require_email && @email.nil?
|
||||
return Response::Error.new "email required"
|
||||
end
|
||||
@ -36,7 +39,7 @@ class AuthD::Request
|
||||
user.profile = profile
|
||||
end
|
||||
|
||||
# We consider adding the user as a registration
|
||||
# We consider adding the user as a registration.
|
||||
user.date_registration = Time.local
|
||||
|
||||
authd.users << user
|
||||
@ -48,8 +51,6 @@ class AuthD::Request
|
||||
|
||||
|
||||
IPC::JSON.message ModUser, 5 do
|
||||
property shared_key : String
|
||||
|
||||
property user : Int32 | String
|
||||
property admin : Bool = false
|
||||
property password : String? = nil
|
||||
@ -57,23 +58,21 @@ class AuthD::Request
|
||||
property phone : String? = nil
|
||||
property avatar : String? = nil
|
||||
|
||||
def initialize(@shared_key, @user)
|
||||
def initialize(@user, @admin, @password, @email, @phone, @avatar)
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
if @shared_key != authd.configuration.shared_key
|
||||
return Response::Error.new "invalid authentication key"
|
||||
end
|
||||
logged_user = authd.get_logged_user? fd
|
||||
|
||||
uid_or_login = @user
|
||||
user = if uid_or_login.is_a? Int32
|
||||
authd.users_per_uid.get? uid_or_login.to_s
|
||||
else
|
||||
authd.users_per_login.get? uid_or_login
|
||||
end
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
|
||||
unless user
|
||||
return Response::Error.new "user not found"
|
||||
user = authd.user? @user
|
||||
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
|
||||
# Only an admin can create an admin.
|
||||
if @admin
|
||||
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
|
||||
end
|
||||
|
||||
@password.try do |s|
|
||||
|
@ -1,17 +1,18 @@
|
||||
class AuthD::Request
|
||||
IPC::JSON.message EditContacts, 16 do
|
||||
property token : String
|
||||
|
||||
property email : String? = nil
|
||||
property phone : String? = nil
|
||||
|
||||
def initialize(@token)
|
||||
def initialize(@email, @phone)
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
user = authd.get_user_from_token @token
|
||||
logged_user = authd.get_logged_user? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
|
||||
return Response::Error.new "invalid user" unless user
|
||||
# Get the full AuthD::User instance, not just the public view.
|
||||
user = authd.user? logged_user.uid
|
||||
return Response::Error.new "unknown user" if user.nil?
|
||||
|
||||
if email = @email
|
||||
# FIXME: This *should* require checking the new mail, with
|
||||
@ -19,6 +20,10 @@ class AuthD::Request
|
||||
user.contact.email = email
|
||||
end
|
||||
|
||||
if phone = @phone
|
||||
user.contact.phone = phone
|
||||
end
|
||||
|
||||
authd.users_per_uid.update user
|
||||
|
||||
Response::UserEdited.new user.uid
|
||||
@ -27,18 +32,18 @@ class AuthD::Request
|
||||
AuthD.requests << EditContacts
|
||||
|
||||
IPC::JSON.message GetContacts, 18 do
|
||||
property token : String
|
||||
|
||||
def initialize(@token)
|
||||
def initialize()
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
user = authd.get_user_from_token @token
|
||||
logged_user = authd.get_logged_user? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
|
||||
return Response::Error.new "invalid user" unless user
|
||||
# Get the full AuthD::User instance, not just the public view.
|
||||
user = authd.user? logged_user.uid
|
||||
return Response::Error.new "unknown user" if user.nil?
|
||||
|
||||
_c = user.contact
|
||||
|
||||
Response::Contacts.new user.uid, _c.email, _c.phone
|
||||
end
|
||||
end
|
||||
|
@ -24,9 +24,12 @@ class AuthD::Request
|
||||
user.date_last_connection = Time.local
|
||||
token = user.to_token
|
||||
|
||||
# change the date of the last connection
|
||||
# Change the date of the last connection.
|
||||
authd.users_per_uid.update user.uid.to_s, user
|
||||
|
||||
# On successuful connection: store the authenticated user in a hash.
|
||||
authd.logged_users[fd] = user.to_public
|
||||
|
||||
Response::Login.new (token.to_s authd.configuration.shared_key), user.uid
|
||||
end
|
||||
end
|
||||
|
@ -8,15 +8,10 @@ class AuthD::Request
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
# Get currently logged user.
|
||||
logged_user = authd.get_logged_user? fd
|
||||
if logged_user.nil?
|
||||
return Response::Error.new "you must be logged"
|
||||
end
|
||||
|
||||
unless logged_user.admin
|
||||
return Response::Error.new "unauthorized (not admin)"
|
||||
end
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
|
||||
|
||||
user = case u = @user
|
||||
when .is_a? Int32
|
||||
@ -48,26 +43,23 @@ class AuthD::Request
|
||||
AuthD.requests << CheckPermission
|
||||
|
||||
IPC::JSON.message SetPermission, 10 do
|
||||
property shared_key : String
|
||||
|
||||
property user : Int32 | String
|
||||
property service : String
|
||||
property resource : String
|
||||
property permission : ::AuthD::User::PermissionLevel
|
||||
|
||||
def initialize(@shared_key, @user, @service, @resource, @permission)
|
||||
def initialize(@user, @service, @resource, @permission)
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
unless @shared_key == authd.configuration.shared_key
|
||||
return Response::Error.new "unauthorized"
|
||||
end
|
||||
logged_user = authd.get_logged_user? fd
|
||||
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
|
||||
|
||||
user = authd.users_per_uid.get? @user.to_s
|
||||
|
||||
if user.nil?
|
||||
return Response::Error.new "no such user"
|
||||
end
|
||||
return Response::Error.new "no such user" if user.nil?
|
||||
|
||||
service = @service
|
||||
service_permissions = user.permissions[service]?
|
||||
|
Loading…
Reference in New Issue
Block a user