User deletion.
This commit is contained in:
parent
90ccd50c80
commit
baa86bf667
53
src/main.cr
53
src/main.cr
@ -62,11 +62,11 @@ class AuthD::Service
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
if user.password_hash != hash_password request.password
|
||||
if user.nil?
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
if user.nil?
|
||||
if user.password_hash != hash_password request.password
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
@ -517,6 +517,55 @@ class AuthD::Service
|
||||
@users_per_uid.update user
|
||||
|
||||
Response::UserEdited.new user.uid
|
||||
when Request::Delete
|
||||
uid_or_login = request.user
|
||||
user_to_delete = if uid_or_login.is_a? Int32
|
||||
@users_per_uid.get? uid_or_login.to_s
|
||||
else
|
||||
@users_per_login.get? uid_or_login
|
||||
end
|
||||
|
||||
if user_to_delete.nil?
|
||||
return Response::Error.new "invalid user"
|
||||
end
|
||||
|
||||
# Either the request comes from an admin or the user.
|
||||
# Shared key == admin, check the key.
|
||||
if key = request.shared_key
|
||||
return Response::Error.new "unauthorized (wrong shared key)" unless key == @jwt_key
|
||||
else
|
||||
login = request.login
|
||||
pass = request.password
|
||||
if login.nil? || pass.nil?
|
||||
return Response::Error.new "authentication failed (no shared key, no login)"
|
||||
end
|
||||
|
||||
# authenticate the user
|
||||
begin
|
||||
user = @users_per_login.get login
|
||||
rescue e : DODB::MissingEntry
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
if user.nil?
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
if user.password_hash != hash_password pass
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
# Is the user to delete the requesting user?
|
||||
if user.uid != user_to_delete.uid
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
end
|
||||
|
||||
# User or admin is now verified: let's proceed with the user deletion.
|
||||
@users_per_login.delete user_to_delete.login
|
||||
|
||||
# TODO: better response
|
||||
Response::User.new user_to_delete.to_public
|
||||
else
|
||||
Response::Error.new "unhandled request type"
|
||||
end
|
||||
|
@ -136,7 +136,7 @@ class Actions
|
||||
|
||||
def user_deletion
|
||||
args = Context.args.not_nil!
|
||||
userid = args[0]
|
||||
userid = args[0].to_i
|
||||
|
||||
# Check if the request comes from an admin or the user.
|
||||
res = if Context.shared_key.nil?
|
||||
|
@ -113,7 +113,7 @@ parser = OptionParser.new do |parser|
|
||||
parser.on "delete", "Remove user." do
|
||||
parser.banner = "Usage: user delete userid [opt]"
|
||||
Baguette::Log.info "Remove user."
|
||||
Context.command = "delete"
|
||||
Context.command = "user-delete"
|
||||
# You can either be the owner of the account, or an admin.
|
||||
opt_authd_login.call parser
|
||||
opt_authd_admin.call parser
|
||||
|
Loading…
Reference in New Issue
Block a user