From af696b8768a49375019131031b6fa991c655a7b0 Mon Sep 17 00:00:00 2001 From: Philippe Pittoli Date: Tue, 19 Mar 2024 01:49:30 +0100 Subject: [PATCH] AskPasswordRecovery now compliant with the netlib.re interface. New email index. --- src/requests/password.cr | 18 +++++++++++++++--- src/service.cr | 8 ++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/requests/password.cr b/src/requests/password.cr index 40c3a20..eb4d22e 100644 --- a/src/requests/password.cr +++ b/src/requests/password.cr @@ -1,12 +1,24 @@ class AuthD::Request IPC::JSON.message AskPasswordRecovery, 3 do - property user : UserID + property login : String? = nil + property email : String? = nil - def initialize(@user) + def initialize(@login = nil, @email = nil) end def handle(authd : AuthD::Service, fd : Int32) - user = authd.user? @user + if @login.nil? && @email.nil? + return Response::ErrorUserNotFound.new + end + + user = if l = @login + authd.user? l + elsif mail = @email + authd.users_per_email.get? Base64.encode(mail) + else + nil + end + # This is a way for an attacker to know what are the valid logins. # Not sure I care enough to fix this. return Response::ErrorUserNotFound.new if user.nil? diff --git a/src/service.cr b/src/service.cr index 9d9c95a..c56e375 100644 --- a/src/service.cr +++ b/src/service.cr @@ -25,6 +25,7 @@ class AuthD::Service < IPC property users : DODB::DataBase(User) property users_per_uid : DODB::Index(User) property users_per_login : DODB::Index(User) + property users_per_email : DODB::Index(User) property logged_users : Hash(Int32, AuthD::User::Public) @@ -37,6 +38,13 @@ class AuthD::Service < IPC @users = DODB::DataBase(User).new @configuration.storage @users_per_uid = @users.new_index "uid", &.uid.to_s @users_per_login = @users.new_index "login", &.login + @users_per_email = @users.new_index "email" do |user| + if mail = user.contact.email + Base64.encode mail + else + "" + end + end @last_uid_file = "#{@configuration.storage}/last_used_uid"