Baguette/authd
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configuration simplification.

Browse source
This commit is contained in:
Karchnu 2020-11-08 22:50:24 +01:00
parent b70443409b
commit b717be649f
2 changed files with 42 additions and 68 deletions

2
src/authd.cr
View file

@ -8,7 +8,7 @@ require "./user.cr"
# Allows get configuration from a provided file. # Allows get configuration from a provided file.
# See Baguette::Configuration::Base.get # See Baguette::Configuration::Base.get
class Baguette::Configuration class Baguette::Configuration
class Auth < Base class Auth < IPC
include YAML::Serializable include YAML::Serializable
property login : String? = nil property login : String? = nil

108
src/main.cr
View file

@ -15,7 +15,7 @@ require "./authd.cr"
extend AuthD extend AuthD
class Baguette::Configuration class Baguette::Configuration
class Auth < Base class Auth < IPC
property recreate_indexes : Bool = false property recreate_indexes : Bool = false
property storage : String = "storage" property storage : String = "storage"
property registrations : Bool = false property registrations : Bool = false
@ -26,37 +26,23 @@ class Baguette::Configuration
property read_only_profile_keys : Array(String) = Array(String).new property read_only_profile_keys : Array(String) = Array(String).new
property print_password_recovery_parameters : Bool = false property print_password_recovery_parameters : Bool = false
property verbosity : Int32 = 3
property print_ipc_timer : Bool = false
property ipc_timer : Int32 = 30_000
end end
end end
class AuthD::Service class AuthD::Service
property timer = 30_000 # 30 seconds property configuration : Baguette::Configuration::Auth
property print_timer = false
property registrations_allowed = false
property require_email = false
property mailer_activation_url : String? = nil
property mailer_field_from : String? = nil
property mailer_field_subject : String? = nil
property read_only_profile_keys = Array(String).new
property print_password_recovery_parameters : Bool = false
@users_per_login : DODB::Index(User) @users_per_login : DODB::Index(User)
@users_per_uid : DODB::Index(User) @users_per_uid : DODB::Index(User)
def initialize(@storage_root : String, @jwt_key : String, recreate_indexes : Bool) def initialize(@configuration)
@users = DODB::DataBase(User).new @storage_root @users = DODB::DataBase(User).new @configuration.storage
@users_per_uid = @users.new_index "uid", &.uid.to_s @users_per_uid = @users.new_index "uid", &.uid.to_s
@users_per_login = @users.new_index "login", &.login @users_per_login = @users.new_index "login", &.login
@last_uid_file = "#{@storage_root}/last_used_uid" @last_uid_file = "#{@configuration.storage}/last_used_uid"
if recreate_indexes if @configuration.recreate_indexes
@users.reindex_everything! @users.reindex_everything!
end end
end end
@ -104,11 +90,11 @@ class AuthD::Service
# change the date of the last connection # change the date of the last connection
@users_per_uid.update user.uid.to_s, user @users_per_uid.update user.uid.to_s, user
Response::Token.new (token.to_s @jwt_key), user.uid Response::Token.new (token.to_s @configuration.shared_key), user.uid
when Request::AddUser when Request::AddUser
# No verification of the users' informations when an admin adds it. # No verification of the users' informations when an admin adds it.
# No mail address verification. # No mail address verification.
if request.shared_key != @jwt_key if request.shared_key != @configuration.shared_key
return Response::Error.new "invalid authentication key" return Response::Error.new "invalid authentication key"
end end
@ -116,7 +102,7 @@ class AuthD::Service
return Response::Error.new "login already used" return Response::Error.new "login already used"
end end
if @require_email && request.email.nil? if @configuration.require_email && request.email.nil?
return Response::Error.new "email required" return Response::Error.new "email required"
end end
@ -190,7 +176,7 @@ class AuthD::Service
Response::User.new user.to_public Response::User.new user.to_public
when Request::ModUser when Request::ModUser
if request.shared_key != @jwt_key if request.shared_key != @configuration.shared_key
return Response::Error.new "invalid authentication key" return Response::Error.new "invalid authentication key"
end end
@ -221,7 +207,7 @@ class AuthD::Service
Response::UserEdited.new user.uid Response::UserEdited.new user.uid
when Request::Register when Request::Register
if ! @registrations_allowed if ! @configuration.registrations
return Response::Error.new "registrations not allowed" return Response::Error.new "registrations not allowed"
end end
@ -229,12 +215,12 @@ class AuthD::Service
return Response::Error.new "login already used" return Response::Error.new "login already used"
end end
if @require_email && request.email.nil? if @configuration.require_email && request.email.nil?
return Response::Error.new "email required" return Response::Error.new "email required"
end end
mailer_activation_url = @mailer_activation_url activation_url = @configuration.activation_url
if mailer_activation_url.nil? if activation_url.nil?
# In this case we should not accept its registration. # In this case we should not accept its registration.
return Response::Error.new "No activation URL were entered. Cannot send activation mails." return Response::Error.new "No activation URL were entered. Cannot send activation mails."
end end
@ -269,9 +255,9 @@ class AuthD::Service
user.date_registration = Time.local user.date_registration = Time.local
begin begin
mailer_field_subject = @mailer_field_subject.not_nil! field_subject = @configuration.field_subject.not_nil!
mailer_field_from = @mailer_field_from.not_nil! field_from = @configuration.field_from.not_nil!
mailer_activation_url = @mailer_activation_url.not_nil! activation_url = @configuration.activation_url.not_nil!
u_login = user.login u_login = user.login
u_email = user.contact.email.not_nil! u_email = user.contact.email.not_nil!
@ -281,9 +267,9 @@ class AuthD::Service
unless Process.run("activation-mailer", [ unless Process.run("activation-mailer", [
"-l", u_login, "-l", u_login,
"-e", u_email, "-e", u_email,
"-t", mailer_field_subject, "-t", field_subject,
"-f", mailer_field_from, "-f", field_from,
"-u", mailer_activation_url, "-u", activation_url,
"-a", u_activation_key "-a", u_activation_key
]).success? ]).success?
raise "cannot contact user #{user.login} address #{user.contact.email}" raise "cannot contact user #{user.login} address #{user.contact.email}"
@ -324,7 +310,7 @@ class AuthD::Service
end end
request.key.try do |key| request.key.try do |key|
return Response::Error.new "unauthorized (wrong shared key)" unless key == @jwt_key return Response::Error.new "unauthorized (wrong shared key)" unless key == @configuration.shared_key
end end
return Response::Error.new "unauthorized (no key nor token)" unless request.key || request.token return Response::Error.new "unauthorized (no key nor token)" unless request.key || request.token
@ -334,7 +320,7 @@ class AuthD::Service
authorized = false authorized = false
if key = request.shared_key if key = request.shared_key
if key == @jwt_key if key == @configuration.shared_key
authorized = true authorized = true
else else
return Response::Error.new "invalid key provided" return Response::Error.new "invalid key provided"
@ -385,7 +371,7 @@ class AuthD::Service
return Response::PermissionCheck.new service, request.resource, user.uid, resource_permissions return Response::PermissionCheck.new service, request.resource, user.uid, resource_permissions
when Request::SetPermission when Request::SetPermission
unless request.shared_key == @jwt_key unless request.shared_key == @configuration.shared_key
return Response::Error.new "unauthorized" return Response::Error.new "unauthorized"
end end
@ -434,18 +420,18 @@ class AuthD::Service
@users_per_uid.update user.uid.to_s, user @users_per_uid.update user.uid.to_s, user
unless (mailer_activation_url = @mailer_activation_url).nil? unless (activation_url = @configuration.activation_url).nil?
mailer_field_from = @mailer_field_from.not_nil! field_from = @configuration.field_from.not_nil!
mailer_activation_url = @mailer_activation_url.not_nil! activation_url = @configuration.activation_url.not_nil!
# Once the user is created and stored, we try to contact him # Once the user is created and stored, we try to contact him
if @print_password_recovery_parameters if @configuration.print_password_recovery_parameters
pp! user.login, pp! user.login,
user.contact.email.not_nil!, user.contact.email.not_nil!,
mailer_field_from, field_from,
mailer_activation_url, activation_url,
user.password_renew_key.not_nil! user.password_renew_key.not_nil!
end end
@ -453,8 +439,8 @@ class AuthD::Service
"-l", user.login, "-l", user.login,
"-e", user.contact.email.not_nil!, "-e", user.contact.email.not_nil!,
"-t", "Password recovery email", "-t", "Password recovery email",
"-f", mailer_field_from, "-f", field_from,
"-u", mailer_activation_url, "-u", activation_url,
"-a", user.password_renew_key.not_nil! "-a", user.password_renew_key.not_nil!
]).success? ]).success?
@ -518,7 +504,7 @@ class AuthD::Service
profile = user.profile || Hash(String, JSON::Any).new profile = user.profile || Hash(String, JSON::Any).new
@read_only_profile_keys.each do |key| @configuration.read_only_profile_keys.each do |key|
if new_profile[key]? != profile[key]? if new_profile[key]? != profile[key]?
return Response::Error.new "tried to edit read only key" return Response::Error.new "tried to edit read only key"
end end
@ -537,7 +523,7 @@ class AuthD::Service
user user
elsif shared_key = request.shared_key elsif shared_key = request.shared_key
return Response::Error.new "invalid shared key" if shared_key != @jwt_key return Response::Error.new "invalid shared key" if shared_key != @configuration.shared_key
user = request.user user = request.user
@ -559,7 +545,7 @@ class AuthD::Service
new_profile = user.profile || Hash(String, JSON::Any).new new_profile = user.profile || Hash(String, JSON::Any).new
unless request.shared_key unless request.shared_key
@read_only_profile_keys.each do |key| @configuration.read_only_profile_keys.each do |key|
if request.new_profile.has_key? key if request.new_profile.has_key? key
return Response::Error.new "tried to edit read only key" return Response::Error.new "tried to edit read only key"
end end
@ -604,7 +590,7 @@ class AuthD::Service
# Either the request comes from an admin or the user. # Either the request comes from an admin or the user.
# Shared key == admin, check the key. # Shared key == admin, check the key.
if key = request.shared_key if key = request.shared_key
return Response::Error.new "unauthorized (wrong shared key)" unless key == @jwt_key return Response::Error.new "unauthorized (wrong shared key)" unless key == @configuration.shared_key
else else
login = request.login login = request.login
pass = request.password pass = request.password
@ -652,7 +638,7 @@ class AuthD::Service
end end
def get_user_from_token(token : String) def get_user_from_token(token : String)
token_payload = Token.from_s(@jwt_key, token) token_payload = Token.from_s(@configuration.shared_key, token)
@users_per_uid.get? token_payload.uid.to_s @users_per_uid.get? token_payload.uid.to_s
end end
@ -661,8 +647,8 @@ class AuthD::Service
## ##
# Provides a JWT-based authentication scheme for service-specific users. # Provides a JWT-based authentication scheme for service-specific users.
server = IPC::Server.new "auth" server = IPC::Server.new "auth"
server.base_timer = @timer server.base_timer = @configuration.ipc_timer
server.timer = @timer server.timer = @configuration.ipc_timer
server.loop do |event| server.loop do |event|
if event.is_a? IPC::Exception if event.is_a? IPC::Exception
Baguette::Log.error "IPC::Exception" Baguette::Log.error "IPC::Exception"
@ -672,7 +658,7 @@ class AuthD::Service
case event case event
when IPC::Event::Timer when IPC::Event::Timer
Baguette::Log.debug "Timer" if @print_timer Baguette::Log.debug "Timer" if @configuration.print_ipc_timer
when IPC::Event::MessageReceived when IPC::Event::MessageReceived
begin begin
request = Request.from_ipc(event.message) request = Request.from_ipc(event.message)
@ -770,20 +756,8 @@ begin
exit 0 exit 0
end end
AuthD::Service.new(configuration.storage, AuthD::Service.new(configuration).run
configuration.shared_key,
configuration.recreate_indexes,
).tap do |authd|
authd.registrations_allowed = configuration.registrations
authd.require_email = configuration.require_email
authd.mailer_activation_url = configuration.activation_url
authd.mailer_field_subject = configuration.field_subject
authd.mailer_field_from = configuration.field_from
authd.read_only_profile_keys = configuration.read_only_profile_keys
authd.print_timer = configuration.print_ipc_timer
authd.timer = configuration.ipc_timer
authd.print_password_recovery_parameters = configuration.print_password_recovery_parameters
end.run
rescue e : OptionParser::Exception rescue e : OptionParser::Exception
Baguette::Log.error e.message Baguette::Log.error e.message
rescue e rescue e