Errors now have dedicated messages.

master
Philippe Pittoli 2023-06-14 01:46:38 +02:00
parent 33b47766e5
commit d66afffc15
10 changed files with 83 additions and 27 deletions

View File

@ -11,18 +11,18 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
if authd.users_per_login.get? @login
return Response::Error.new "login already used"
return Response::ErrorAlreadyUsedLogin.new
end
# No verification of the user's informations when an admin adds it.
# No mail address verification.
if authd.configuration.require_email && @email.nil?
return Response::Error.new "email required"
return Response::ErrorMailRequired.new
end
password_hash = authd.hash_password @password

View File

@ -8,7 +8,7 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
user_to_delete = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
@ -16,7 +16,7 @@ class AuthD::Request
else
logged_user
end
return Response::Error.new "unknown user" if user_to_delete.nil?
return Response::ErrorUserNotFound.new if user_to_delete.nil?
# User or admin is now verified: let's proceed with the user deletion.
authd.users_per_login.delete user_to_delete.login

View File

@ -10,7 +10,7 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
user = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
@ -18,7 +18,7 @@ class AuthD::Request
else
logged_user
end
return Response::Error.new "user not found" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
# Only an admin can uprank or downrank someone.
if admin = @admin

View File

@ -9,7 +9,7 @@ class AuthD::Request
user = authd.user? @user
# This is a way for an attacker to know what are the valid logins.
# Not sure I care enough to fix this.
return Response::Error.new "user not found" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
# Create a new random key for password renewal.
user.password_renew_key = UUID.random.to_s
@ -58,7 +58,7 @@ class AuthD::Request
user = authd.user? @user
# This is a way for an attacker to know what are the valid logins.
# Not sure I care enough to fix this.
return Response::Error.new "user not found" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
if user.password_renew_key == @password_renew_key
user.password_hash = authd.hash_password @new_password

View File

@ -9,7 +9,7 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
user = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
@ -17,7 +17,7 @@ class AuthD::Request
else
logged_user
end
return Response::Error.new "no such user" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
service_permissions = user.permissions[@service]?
resource_permissions = if service_permissions.nil?
@ -44,7 +44,7 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
user = if u = @user
@ -52,7 +52,7 @@ class AuthD::Request
else
logged_user
end
return Response::Error.new "no such user" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
service_permissions = user.permissions[@service]?

View File

@ -10,7 +10,7 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
user = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit)
@ -18,7 +18,7 @@ class AuthD::Request
else
logged_user
end
return Response::Error.new "user not found" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
new_profile_entries = user.profile || Hash(String, JSON::Any).new

View File

@ -9,16 +9,20 @@ class AuthD::Request
end
def handle(authd : AuthD::Service, fd : Int32)
if ! authd.configuration.registrations
return Response::Error.new "registrations not allowed"
unless authd.configuration.registrations
return Response::ErrorRegistrationsClosed.new
end
if authd.users_per_login.get? @login
return Response::Error.new "login already used"
return Response::ErrorAlreadyUsedLogin.new
end
acceptable_login_regex = "[a-zA-Z][a-zA-Z0-9 _-']+"
pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE
return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login
if authd.configuration.require_email && @email.nil?
return Response::Error.new "email required"
return Response::ErrorMailRequired.new
end
if ! @email.nil?
@ -28,14 +32,12 @@ class AuthD::Request
email = result["email"]?
if email.nil?
return Response::Error.new "invalid email format"
return Response::ErrorInvalidEmailFormat.new
end
end
# In this case we should not accept its registration.
if @password.size < 20
return Response::Error.new "password too short (< 20 characters)"
end
return Response::ErrorPasswordTooShort.new if @password.size < 20
uid = authd.new_uid
password = authd.hash_password @password

View File

@ -11,7 +11,7 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
users = authd.users.to_a

View File

@ -10,7 +10,7 @@ class AuthD::Request
user = authd.user? @user
# This is a way for an attacker to know what are the valid logins.
# Not sure I care enough to fix this.
return Response::Error.new "user not found" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
if user.contact.activation_key.nil?
return Response::Error.new "user already validated"
@ -38,12 +38,12 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user? fd
return Response::Error.new "you must be logged" if logged_user.nil?
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
user = authd.user? @user
# This is a way for an attacker to know what are the valid logins.
# Not sure I care enough to fix this.
return Response::Error.new "user not found" if user.nil?
return Response::ErrorUserNotFound.new if user.nil?
Response::User.new user.to_public
end

View File

@ -5,4 +5,58 @@ class AuthD::Response
end
end
AuthD.responses << Error
IPC::JSON.message ErrorMustBeAuthenticated, 20 do
def initialize()
end
end
AuthD.responses << ErrorMustBeAuthenticated
IPC::JSON.message ErrorAlreadyUsedLogin, 21 do
def initialize()
end
end
AuthD.responses << ErrorAlreadyUsedLogin
IPC::JSON.message ErrorMailRequired, 22 do
def initialize()
end
end
AuthD.responses << ErrorMailRequired
IPC::JSON.message ErrorUserNotFound, 23 do
def initialize()
end
end
AuthD.responses << ErrorUserNotFound
IPC::JSON.message ErrorPasswordTooShort, 24 do
def initialize()
end
end
AuthD.responses << ErrorPasswordTooShort
IPC::JSON.message ErrorInvalidCredentials, 25 do
def initialize()
end
end
AuthD.responses << ErrorInvalidCredentials
IPC::JSON.message ErrorRegistrationsClosed, 26 do
def initialize()
end
end
AuthD.responses << ErrorRegistrationsClosed
IPC::JSON.message ErrorInvalidLoginFormat, 27 do
def initialize()
end
end
AuthD.responses << ErrorInvalidLoginFormat
IPC::JSON.message ErrorInvalidEmailFormat, 28 do
def initialize()
end
end
AuthD.responses << ErrorInvalidEmailFormat
end