From 55573dd330d8308f2c139f73a382a51bc9417e9c Mon Sep 17 00:00:00 2001 From: Luka Vandervelden Date: Fri, 3 Apr 2020 16:42:45 +0200 Subject: [PATCH 1/4] shared_key no longer required to validate users. --- src/authd.cr | 11 ++--------- src/main.cr | 7 +------ 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/src/authd.cr b/src/authd.cr index d96ac3a..d90a596 100644 --- a/src/authd.cr +++ b/src/authd.cr @@ -223,14 +223,10 @@ class AuthD::Request end class ValidateUser < Request - # Only clients that have the right shared key will be allowed - # to validate users. - property shared_key : String - property login : String property activation_key : String - initialize :shared_key, :login, :activation_key + initialize :login, :activation_key end class GetUser < Request @@ -452,10 +448,7 @@ module AuthD end def validate_user(login : String, activation_key : String) : ::AuthD::User::Public | Exception - - pp! login - pp! activation_key - send Request::ValidateUser.new @key, login, activation_key + send Request::ValidateUser.new login, activation_key response = Response.from_ipc read diff --git a/src/main.cr b/src/main.cr index 6bdccb2..7617713 100644 --- a/src/main.cr +++ b/src/main.cr @@ -106,10 +106,6 @@ class AuthD::Service Response::UserAdded.new user.to_public when Request::ValidateUser - if request.shared_key != @jwt_key - return Response::Error.new "invalid authentication key" - end - user = @users_per_login.get? request.login if user.nil? @@ -124,7 +120,7 @@ class AuthD::Service if user.contact.activation_key == request.activation_key user.contact.activation_key = nil else - return Response::Error.new "Wrong activation key" + return Response::Error.new "wrong activation key" end @users_per_uid.update user.uid.to_s, user @@ -392,7 +388,6 @@ class AuthD::Service users = @users.to_a users.each do |u| - # pp! u if pattern =~ u.login puts "#{u.login} matches #{pattern}" matching_users << u.to_public From e47f7e7f75488c004ce6bc39912bf2760d695ed6 Mon Sep 17 00:00:00 2001 From: Luka Vandervelden Date: Wed, 15 Apr 2020 11:39:34 +0200 Subject: [PATCH 2/4] Registration dates sent to clients on GetUser and similar. --- src/user.cr | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/user.cr b/src/user.cr index 7188415..3fbb08d 100644 --- a/src/user.cr +++ b/src/user.cr @@ -63,12 +63,14 @@ class AuthD::User property uid : Int32 property profile : JSON::Any? - def initialize(@uid, @login, @profile) + property date_registration : Time? + + def initialize(@uid, @login, @profile, @date_registration) end end def to_public : Public - Public.new @uid, @login, @profile + Public.new @uid, @login, @profile, @date_registration end end From f6bbf77732698571c925ec5afe4fc7aba799f5f3 Mon Sep 17 00:00:00 2001 From: Luka Vandervelden Date: Sat, 18 Apr 2020 21:21:17 +0200 Subject: [PATCH 3/4] Profile edition request. --- src/authd.cr | 7 +++++++ src/main.cr | 12 +++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/authd.cr b/src/authd.cr index d90a596..a6540d4 100644 --- a/src/authd.cr +++ b/src/authd.cr @@ -319,6 +319,13 @@ class AuthD::Request initialize :user end + class EditProfile < Request + property token : String + property new_profile : JSON::Any + + initialize :token, :new_profile + end + # This creates a Request::Type enumeration. One entry for each request type. {% begin %} enum Type diff --git a/src/main.cr b/src/main.cr index 7617713..8c513b6 100644 --- a/src/main.cr +++ b/src/main.cr @@ -397,13 +397,23 @@ class AuthD::Service end Response::MatchingUsers.new matching_users + when Request::EditProfile + user = get_user_from_token request.token + + return Response::Error.new "invalid user" unless user + + user.profile = request.new_profile + + @users_per_uid.update user.uid.to_s, user + + Response::User.new user.to_public else Response::Error.new "unhandled request type" end end def get_user_from_token(token : String) - token_payload = Token.from_s(token, @jwt_key) + token_payload = Token.from_s(@jwt_key, token) @users_per_uid.get? token_payload.uid.to_s end From e1567258f499678b456e05c7ab26e48ab2f68ac1 Mon Sep 17 00:00:00 2001 From: Luka Vandervelden Date: Sat, 25 Apr 2020 10:34:07 +0200 Subject: [PATCH 4/4] Token responses send the UID as well. --- src/authd.cr | 3 ++- src/main.cr | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/authd.cr b/src/authd.cr index a6540d4..b85e1b8 100644 --- a/src/authd.cr +++ b/src/authd.cr @@ -55,9 +55,10 @@ class AuthD::Response end class Token < Response + property uid : Int32 property token : String - initialize :token + initialize :token, :uid end class User < Response diff --git a/src/main.cr b/src/main.cr index 8c513b6..5db8ebc 100644 --- a/src/main.cr +++ b/src/main.cr @@ -71,7 +71,7 @@ class AuthD::Service # change the date of the last connection @users_per_uid.update user.uid.to_s, user - Response::Token.new token.to_s @jwt_key + Response::Token.new (token.to_s @jwt_key), user.uid when Request::AddUser # No verification of the users' informations when an admin adds it. # No mail address verification.