AskPasswordRecovery now compliant with the netlib.re interface. New email index.
This commit is contained in:
parent
2df24a583e
commit
af696b8768
@ -1,12 +1,24 @@
|
||||
class AuthD::Request
|
||||
IPC::JSON.message AskPasswordRecovery, 3 do
|
||||
property user : UserID
|
||||
property login : String? = nil
|
||||
property email : String? = nil
|
||||
|
||||
def initialize(@user)
|
||||
def initialize(@login = nil, @email = nil)
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
user = authd.user? @user
|
||||
if @login.nil? && @email.nil?
|
||||
return Response::ErrorUserNotFound.new
|
||||
end
|
||||
|
||||
user = if l = @login
|
||||
authd.user? l
|
||||
elsif mail = @email
|
||||
authd.users_per_email.get? Base64.encode(mail)
|
||||
else
|
||||
nil
|
||||
end
|
||||
|
||||
# This is a way for an attacker to know what are the valid logins.
|
||||
# Not sure I care enough to fix this.
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
@ -25,6 +25,7 @@ class AuthD::Service < IPC
|
||||
property users : DODB::DataBase(User)
|
||||
property users_per_uid : DODB::Index(User)
|
||||
property users_per_login : DODB::Index(User)
|
||||
property users_per_email : DODB::Index(User)
|
||||
|
||||
property logged_users : Hash(Int32, AuthD::User::Public)
|
||||
|
||||
@ -37,6 +38,13 @@ class AuthD::Service < IPC
|
||||
@users = DODB::DataBase(User).new @configuration.storage
|
||||
@users_per_uid = @users.new_index "uid", &.uid.to_s
|
||||
@users_per_login = @users.new_index "login", &.login
|
||||
@users_per_email = @users.new_index "email" do |user|
|
||||
if mail = user.contact.email
|
||||
Base64.encode mail
|
||||
else
|
||||
""
|
||||
end
|
||||
end
|
||||
|
||||
@last_uid_file = "#{@configuration.storage}/last_used_uid"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user