Imposed authentication on a few requests.

ipc07
Luka Vandervelden 2019-10-10 20:58:44 +02:00
parent e956d36260
commit a5247fd9f0
2 changed files with 20 additions and 1 deletions

View File

@ -21,6 +21,7 @@ module AuthD
InvalidCredentials InvalidCredentials
InvalidUser InvalidUser
UserNotFound # For UID-based GetUser requests. UserNotFound # For UID-based GetUser requests.
AuthenticationError
end end
class GetTokenRequest class GetTokenRequest
@ -33,6 +34,10 @@ module AuthD
class AddUserRequest class AddUserRequest
JSON.mapping({ JSON.mapping({
# Only clients that have the right shared key will be allowed
# to create users.
shared_key: String,
login: String, login: String,
password: String, password: String,
uid: Int32?, uid: Int32?,
@ -57,6 +62,8 @@ module AuthD
class ModUserRequest class ModUserRequest
JSON.mapping({ JSON.mapping({
shared_key: String,
uid: Int32, uid: Int32,
password: String?, password: String?,
avatar: String? avatar: String?
@ -129,6 +136,7 @@ module AuthD
# FIXME: Extra options may be useful to implement here. # FIXME: Extra options may be useful to implement here.
def add_user(login : String, password : String) : AuthD::User | Exception def add_user(login : String, password : String) : AuthD::User | Exception
send RequestTypes::AddUser, { send RequestTypes::AddUser, {
:shared_key => @key,
:login => login, :login => login,
:password => password :password => password
}.to_json }.to_json
@ -147,6 +155,7 @@ module AuthD
def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception
payload = Hash(String, String|Int32).new payload = Hash(String, String|Int32).new
payload["uid"] = uid payload["uid"] = uid
payload["shared_key"] = @key
password.try do |password| password.try do |password|
payload["password"] = password payload["password"] = password

View File

@ -21,7 +21,7 @@ authd_passwd_file = "passwd"
authd_group_file = "group" authd_group_file = "group"
authd_jwt_key = "nico-nico-nii" authd_jwt_key = "nico-nico-nii"
OptionParser.parse! do |parser| OptionParser.parse do |parser|
parser.on "-u file", "--passwd-file file", "passwd file." do |name| parser.on "-u file", "--passwd-file file", "passwd file." do |name|
authd_passwd_file = name authd_passwd_file = name
end end
@ -88,6 +88,11 @@ IPC::Service.new "auth" do |event|
next next
end end
if request.shared_key != authd_jwt_key
client.send ResponseTypes::AuthenticationError, "Invalid authentication key."
next
end
if passwd.user_exists? request.login if passwd.user_exists? request.login
client.send ResponseTypes::InvalidUser, "Another user with the same login already exists." client.send ResponseTypes::InvalidUser, "Another user with the same login already exists."
@ -135,6 +140,11 @@ IPC::Service.new "auth" do |event|
next next
end end
if request.shared_key != authd_jwt_key
client.send ResponseTypes::AuthenticationError, "Invalid authentication key."
next
end
password_hash = request.password.try do |s| password_hash = request.password.try do |s|
Passwd.hash_password s Passwd.hash_password s
end end