User deletion.

src/main.cr

@@ -62,11 +62,11 @@ class AuthD::Service
 				return Response::Error.new "invalid credentials"
 			end
 
-			if user.password_hash != hash_password request.password
+			if user.nil?
 				return Response::Error.new "invalid credentials"
 			end
 
-			if user.nil?
+			if user.password_hash != hash_password request.password
 				return Response::Error.new "invalid credentials"
 			end
 
@@ -517,6 +517,55 @@ class AuthD::Service
 			@users_per_uid.update user
 
 			Response::UserEdited.new user.uid
+		when Request::Delete
+			uid_or_login = request.user
+			user_to_delete = if uid_or_login.is_a? Int32
+				@users_per_uid.get? uid_or_login.to_s
+			else
+				@users_per_login.get? uid_or_login
+			end
+
+			if user_to_delete.nil?
+				return Response::Error.new "invalid user"
+			end
+
+			# Either the request comes from an admin or the user.
+			# Shared key == admin, check the key.
+			if key = request.shared_key
+				return Response::Error.new "unauthorized (wrong shared key)" unless key == @jwt_key
+			else
+				login = request.login
+				pass = request.password
+				if login.nil? || pass.nil?
+					return Response::Error.new "authentication failed (no shared key, no login)"
+				end
+
+				# authenticate the user
+				begin
+					user = @users_per_login.get login
+				rescue e : DODB::MissingEntry
+					return Response::Error.new "invalid credentials"
+				end
+
+				if user.nil?
+					return Response::Error.new "invalid credentials"
+				end
+
+				if user.password_hash != hash_password pass
+					return Response::Error.new "invalid credentials"
+				end
+
+				# Is the user to delete the requesting user?
+				if user.uid != user_to_delete.uid
+					return Response::Error.new "invalid credentials"
+				end
+			end
+
+			# User or admin is now verified: let's proceed with the user deletion.
+			@users_per_login.delete user_to_delete.login
+
+			# TODO: better response
+			Response::User.new user_to_delete.to_public
 		else
 			Response::Error.new "unhandled request type"
 		end

utils/authc.cr

@@ -136,7 +136,7 @@ class Actions
 
 	def user_deletion
 		args = Context.args.not_nil!
-		userid = args[0]
+		userid = args[0].to_i
 
 		# Check if the request comes from an admin or the user.
 		res = if Context.shared_key.nil?

utils/better-parser.cr

@@ -113,7 +113,7 @@ parser = OptionParser.new do |parser|
 		parser.on "delete", "Remove user." do
 			parser.banner = "Usage: user delete userid [opt]"
 			Baguette::Log.info "Remove user."
-			Context.command = "delete"
+			Context.command = "user-delete"
 			# You can either be the owner of the account, or an admin.
 			opt_authd_login.call parser
 			opt_authd_admin.call parser