From db80f3b1bcb7d1c39e281688cd91ed5de26f4f0c Mon Sep 17 00:00:00 2001 From: Luka Vandervelden Date: Wed, 12 Aug 2020 18:33:32 +0200 Subject: [PATCH] Password recovery stuff. --- src/authd.cr | 18 +++++++++++------- src/main.cr | 15 +++++++++------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/src/authd.cr b/src/authd.cr index ce3b55d..23986e5 100644 --- a/src/authd.cr +++ b/src/authd.cr @@ -21,6 +21,8 @@ end class AuthD::Response include JSON::Serializable + property id : JSON::Any? + annotation MessageType end @@ -172,6 +174,8 @@ end class AuthD::Request include JSON::Serializable + property id : JSON::Any? + annotation MessageType end @@ -249,7 +253,7 @@ class AuthD::Request initialize :shared_key, :user end - class Request::Register < Request + class Register < Request property login : String property password : String property email : String? @@ -259,13 +263,13 @@ class AuthD::Request initialize :login, :password, :email, :phone, :profile end - class Request::UpdatePassword < Request + class UpdatePassword < Request property login : String property old_password : String property new_password : String end - class Request::ListUsers < Request + class ListUsers < Request property token : String? property key : String? end @@ -294,18 +298,18 @@ class AuthD::Request end class PasswordRecovery < Request - property shared_key : String property user : Int32 | String property password_renew_key : String property new_password : String - initialize :shared_key, :user, :password_renew_key, :new_password + initialize :user, :password_renew_key, :new_password end class AskPasswordRecovery < Request property user : Int32 | String + property email : String - initialize :user + initialize :user, :email end class SearchUser < Request @@ -488,7 +492,7 @@ module AuthD end def change_password(uid_or_login : String | Int32, new_pass : String, renew_key : String) - send Request::PasswordRecovery.new @key, uid_or_login, renew_key, new_pass + send Request::PasswordRecovery.new uid_or_login, renew_key, new_pass response = Response.from_ipc read case response diff --git a/src/main.cr b/src/main.cr index e40e963..4cf230d 100644 --- a/src/main.cr +++ b/src/main.cr @@ -347,7 +347,12 @@ class AuthD::Service end if user.nil? - return Response::Error.new "user not found" + return Response::Error.new "no such user" + end + + if user.contact.email != request.email + # Same error as when users are not found. + return Response::Error.new "no such user" end user.password_renew_key = UUID.random.to_s @@ -374,10 +379,6 @@ class AuthD::Service Response::PasswordRecoverySent.new user.to_public when Request::PasswordRecovery - if request.shared_key != @jwt_key - return Response::Error.new "invalid authentication key" - end - uid_or_login = request.user user = if uid_or_login.is_a? Int32 @users_per_uid.get? uid_or_login.to_s @@ -524,12 +525,14 @@ class AuthD::Service info "Timer" when IPC::Event::MessageReceived begin - request = Request.from_ipc event.message + request = Request.from_ipc(event.message).not_nil! info "<< #{request.class.name.sub /^Request::/, ""}" response = handle_request request + response.id = request.id + server.send event.fd, response rescue e : MalformedRequest error "#{e.message}"