Errors now have dedicated messages.
This commit is contained in:
parent
33b47766e5
commit
d66afffc15
@ -11,18 +11,18 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
|
||||
|
||||
if authd.users_per_login.get? @login
|
||||
return Response::Error.new "login already used"
|
||||
return Response::ErrorAlreadyUsedLogin.new
|
||||
end
|
||||
|
||||
# No verification of the user's informations when an admin adds it.
|
||||
# No mail address verification.
|
||||
if authd.configuration.require_email && @email.nil?
|
||||
return Response::Error.new "email required"
|
||||
return Response::ErrorMailRequired.new
|
||||
end
|
||||
|
||||
password_hash = authd.hash_password @password
|
||||
|
@ -8,7 +8,7 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
|
||||
user_to_delete = if u = @user
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
|
||||
@ -16,7 +16,7 @@ class AuthD::Request
|
||||
else
|
||||
logged_user
|
||||
end
|
||||
return Response::Error.new "unknown user" if user_to_delete.nil?
|
||||
return Response::ErrorUserNotFound.new if user_to_delete.nil?
|
||||
|
||||
# User or admin is now verified: let's proceed with the user deletion.
|
||||
authd.users_per_login.delete user_to_delete.login
|
||||
|
@ -10,7 +10,7 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
|
||||
user = if u = @user
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
|
||||
@ -18,7 +18,7 @@ class AuthD::Request
|
||||
else
|
||||
logged_user
|
||||
end
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
# Only an admin can uprank or downrank someone.
|
||||
if admin = @admin
|
||||
|
@ -9,7 +9,7 @@ class AuthD::Request
|
||||
user = authd.user? @user
|
||||
# This is a way for an attacker to know what are the valid logins.
|
||||
# Not sure I care enough to fix this.
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
# Create a new random key for password renewal.
|
||||
user.password_renew_key = UUID.random.to_s
|
||||
@ -58,7 +58,7 @@ class AuthD::Request
|
||||
user = authd.user? @user
|
||||
# This is a way for an attacker to know what are the valid logins.
|
||||
# Not sure I care enough to fix this.
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
if user.password_renew_key == @password_renew_key
|
||||
user.password_hash = authd.hash_password @new_password
|
||||
|
@ -9,7 +9,7 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
|
||||
user = if u = @user
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
|
||||
@ -17,7 +17,7 @@ class AuthD::Request
|
||||
else
|
||||
logged_user
|
||||
end
|
||||
return Response::Error.new "no such user" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
service_permissions = user.permissions[@service]?
|
||||
resource_permissions = if service_permissions.nil?
|
||||
@ -44,7 +44,7 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
|
||||
|
||||
user = if u = @user
|
||||
@ -52,7 +52,7 @@ class AuthD::Request
|
||||
else
|
||||
logged_user
|
||||
end
|
||||
return Response::Error.new "no such user" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
service_permissions = user.permissions[@service]?
|
||||
|
||||
|
@ -10,7 +10,7 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
|
||||
user = if u = @user
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
|
||||
@ -18,7 +18,7 @@ class AuthD::Request
|
||||
else
|
||||
logged_user
|
||||
end
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
new_profile_entries = user.profile || Hash(String, JSON::Any).new
|
||||
|
||||
|
@ -9,16 +9,20 @@ class AuthD::Request
|
||||
end
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
if ! authd.configuration.registrations
|
||||
return Response::Error.new "registrations not allowed"
|
||||
unless authd.configuration.registrations
|
||||
return Response::ErrorRegistrationsClosed.new
|
||||
end
|
||||
|
||||
if authd.users_per_login.get? @login
|
||||
return Response::Error.new "login already used"
|
||||
return Response::ErrorAlreadyUsedLogin.new
|
||||
end
|
||||
|
||||
acceptable_login_regex = "[a-zA-Z][a-zA-Z0-9 _-']+"
|
||||
pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE
|
||||
return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login
|
||||
|
||||
if authd.configuration.require_email && @email.nil?
|
||||
return Response::Error.new "email required"
|
||||
return Response::ErrorMailRequired.new
|
||||
end
|
||||
|
||||
if ! @email.nil?
|
||||
@ -28,14 +32,12 @@ class AuthD::Request
|
||||
email = result["email"]?
|
||||
|
||||
if email.nil?
|
||||
return Response::Error.new "invalid email format"
|
||||
return Response::ErrorInvalidEmailFormat.new
|
||||
end
|
||||
end
|
||||
|
||||
# In this case we should not accept its registration.
|
||||
if @password.size < 20
|
||||
return Response::Error.new "password too short (< 20 characters)"
|
||||
end
|
||||
return Response::ErrorPasswordTooShort.new if @password.size < 20
|
||||
|
||||
uid = authd.new_uid
|
||||
password = authd.hash_password @password
|
||||
|
@ -11,7 +11,7 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user_full? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
|
||||
|
||||
users = authd.users.to_a
|
||||
|
@ -10,7 +10,7 @@ class AuthD::Request
|
||||
user = authd.user? @user
|
||||
# This is a way for an attacker to know what are the valid logins.
|
||||
# Not sure I care enough to fix this.
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
if user.contact.activation_key.nil?
|
||||
return Response::Error.new "user already validated"
|
||||
@ -38,12 +38,12 @@ class AuthD::Request
|
||||
|
||||
def handle(authd : AuthD::Service, fd : Int32)
|
||||
logged_user = authd.get_logged_user? fd
|
||||
return Response::Error.new "you must be logged" if logged_user.nil?
|
||||
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
||||
|
||||
user = authd.user? @user
|
||||
# This is a way for an attacker to know what are the valid logins.
|
||||
# Not sure I care enough to fix this.
|
||||
return Response::Error.new "user not found" if user.nil?
|
||||
return Response::ErrorUserNotFound.new if user.nil?
|
||||
|
||||
Response::User.new user.to_public
|
||||
end
|
||||
|
@ -5,4 +5,58 @@ class AuthD::Response
|
||||
end
|
||||
end
|
||||
AuthD.responses << Error
|
||||
|
||||
IPC::JSON.message ErrorMustBeAuthenticated, 20 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorMustBeAuthenticated
|
||||
|
||||
IPC::JSON.message ErrorAlreadyUsedLogin, 21 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorAlreadyUsedLogin
|
||||
|
||||
IPC::JSON.message ErrorMailRequired, 22 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorMailRequired
|
||||
|
||||
IPC::JSON.message ErrorUserNotFound, 23 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorUserNotFound
|
||||
|
||||
IPC::JSON.message ErrorPasswordTooShort, 24 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorPasswordTooShort
|
||||
|
||||
IPC::JSON.message ErrorInvalidCredentials, 25 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorInvalidCredentials
|
||||
|
||||
IPC::JSON.message ErrorRegistrationsClosed, 26 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorRegistrationsClosed
|
||||
|
||||
IPC::JSON.message ErrorInvalidLoginFormat, 27 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorInvalidLoginFormat
|
||||
|
||||
IPC::JSON.message ErrorInvalidEmailFormat, 28 do
|
||||
def initialize()
|
||||
end
|
||||
end
|
||||
AuthD.responses << ErrorInvalidEmailFormat
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user