Errors now have dedicated messages.

2023-06-14 01:46:38 +02:00 · 2023-06-14 01:46:38 +02:00 · d66afffc15
parent 33b47766e5
commit d66afffc15
10 changed files with 83 additions and 27 deletions
--- a/src/requests/admin.cr
+++ b/src/requests/admin.cr
@ -11,18 +11,18 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
 			if authd.users_per_login.get? @login
-				return Response::Error.new "login already used"
+				return Response::ErrorAlreadyUsedLogin.new
 			end
 			# No verification of the user's informations when an admin adds it.
 			# No mail address verification.
 			if authd.configuration.require_email && @email.nil?
-				return Response::Error.new "email required"
+				return Response::ErrorMailRequired.new
 			end
 			password_hash = authd.hash_password @password
--- a/src/requests/delete.cr
+++ b/src/requests/delete.cr
@ -8,7 +8,7 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			user_to_delete = if u = @user
 				logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
@ -16,7 +16,7 @@ class AuthD::Request
 			else
 				logged_user
 			end
-			return Response::Error.new "unknown user" if user_to_delete.nil?
+			return Response::ErrorUserNotFound.new if user_to_delete.nil?
 			# User or admin is now verified: let's proceed with the user deletion.
 			authd.users_per_login.delete user_to_delete.login
--- a/src/requests/moduser.cr
+++ b/src/requests/moduser.cr
@ -10,7 +10,7 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			user = if u = @user
 				logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
@ -18,7 +18,7 @@ class AuthD::Request
 			else
 				logged_user
 			end
-			return Response::Error.new "user not found" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			# Only an admin can uprank or downrank someone.
 			if admin = @admin
--- a/src/requests/password.cr
+++ b/src/requests/password.cr
@ -9,7 +9,7 @@ class AuthD::Request
 			user = authd.user? @user
 			# This is a way for an attacker to know what are the valid logins.
 			# Not sure I care enough to fix this.
-			return Response::Error.new "user not found" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			# Create a new random key for password renewal.
 			user.password_renew_key = UUID.random.to_s
@ -58,7 +58,7 @@ class AuthD::Request
 			user = authd.user? @user
 			# This is a way for an attacker to know what are the valid logins.
 			# Not sure I care enough to fix this.
-			return Response::Error.new "user not found" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			if user.password_renew_key == @password_renew_key
 				user.password_hash = authd.hash_password @new_password
--- a/src/requests/permissions.cr
+++ b/src/requests/permissions.cr
@ -9,7 +9,7 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			user = if u = @user
 				logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
@ -17,7 +17,7 @@ class AuthD::Request
 			else
 				logged_user
 			end
-			return Response::Error.new "no such user" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			service_permissions = user.permissions[@service]?
 			resource_permissions = if service_permissions.nil?
@ -44,7 +44,7 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
 			user = if u = @user
@ -52,7 +52,7 @@ class AuthD::Request
 			else
 				logged_user
 			end
-			return Response::Error.new "no such user" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			service_permissions = user.permissions[@service]?
--- a/src/requests/profile.cr
+++ b/src/requests/profile.cr
@ -10,7 +10,7 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			user = if u = @user
 				logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
@ -18,7 +18,7 @@ class AuthD::Request
 			else
 				logged_user
 			end
-			return Response::Error.new "user not found" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			new_profile_entries = user.profile || Hash(String, JSON::Any).new
--- a/src/requests/register.cr
+++ b/src/requests/register.cr
@ -9,16 +9,20 @@ class AuthD::Request
 		end
 		def handle(authd : AuthD::Service, fd : Int32)
-			if ! authd.configuration.registrations
+			unless authd.configuration.registrations
-				return Response::Error.new "registrations not allowed"
+				return Response::ErrorRegistrationsClosed.new
 			end
 			if authd.users_per_login.get? @login
-				return Response::Error.new "login already used"
+				return Response::ErrorAlreadyUsedLogin.new
 			end
 			acceptable_login_regex = "[a-zA-Z][a-zA-Z0-9 _-']+"
 			pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE
 			return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login
 			if authd.configuration.require_email && @email.nil?
-				return Response::Error.new "email required"
+				return Response::ErrorMailRequired.new
 			end
 			if ! @email.nil?
@ -28,14 +32,12 @@ class AuthD::Request
 				email = result["email"]?
 				if email.nil?
-					return Response::Error.new "invalid email format"
+					return Response::ErrorInvalidEmailFormat.new
 				end
 			end
 			# In this case we should not accept its registration.
-			if @password.size < 20
+			return Response::ErrorPasswordTooShort.new if @password.size < 20
 				return Response::Error.new "password too short (< 20 characters)"
 			end
 			uid = authd.new_uid
 			password = authd.hash_password @password
--- a/src/requests/search.cr
+++ b/src/requests/search.cr
@ -11,7 +11,7 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
 			users = authd.users.to_a
--- a/src/requests/users.cr
+++ b/src/requests/users.cr
@ -10,7 +10,7 @@ class AuthD::Request
 			user = authd.user? @user
 			# This is a way for an attacker to know what are the valid logins.
 			# Not sure I care enough to fix this.
-			return Response::Error.new "user not found" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			if user.contact.activation_key.nil?
 				return Response::Error.new "user already validated"
@ -38,12 +38,12 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user? fd
-			return Response::Error.new "you must be logged" if logged_user.nil?
+			return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
 			user = authd.user? @user
 			# This is a way for an attacker to know what are the valid logins.
 			# Not sure I care enough to fix this.
-			return Response::Error.new "user not found" if user.nil?
+			return Response::ErrorUserNotFound.new if user.nil?
 			Response::User.new user.to_public
 		end
--- a/src/responses/errors.cr
+++ b/src/responses/errors.cr
@ -5,4 +5,58 @@ class AuthD::Response
 		end
 	end
 	AuthD.responses << Error
 	IPC::JSON.message ErrorMustBeAuthenticated, 20 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorMustBeAuthenticated
 	IPC::JSON.message ErrorAlreadyUsedLogin, 21 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorAlreadyUsedLogin
 	IPC::JSON.message ErrorMailRequired, 22 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorMailRequired
 	IPC::JSON.message ErrorUserNotFound, 23 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorUserNotFound
 	IPC::JSON.message ErrorPasswordTooShort, 24 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorPasswordTooShort
 	IPC::JSON.message ErrorInvalidCredentials, 25 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorInvalidCredentials
 	IPC::JSON.message ErrorRegistrationsClosed, 26 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorRegistrationsClosed
 	IPC::JSON.message ErrorInvalidLoginFormat, 27 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorInvalidLoginFormat
 	IPC::JSON.message ErrorInvalidEmailFormat, 28 do
 		def initialize()
 		end
 	end
 	AuthD.responses << ErrorInvalidEmailFormat
 end