Password recovery stuff.

src/authd.cr

@@ -21,6 +21,8 @@ end
 class AuthD::Response
 	include JSON::Serializable
 
+	property id : JSON::Any?
+
 	annotation MessageType
 	end
 
@@ -172,6 +174,8 @@ end
 class AuthD::Request
 	include JSON::Serializable
 
+	property id : JSON::Any?
+
 	annotation MessageType
 	end
 
@@ -249,7 +253,7 @@ class AuthD::Request
 		initialize :shared_key, :user
 	end
 
-	class Request::Register < Request
+	class Register < Request
 		property login      : String
 		property password   : String
 		property email      : String?
@@ -259,13 +263,13 @@ class AuthD::Request
 		initialize :login, :password, :email, :phone, :profile
 	end
 
-	class Request::UpdatePassword < Request
+	class UpdatePassword < Request
 		property login      : String
 		property old_password : String
 		property new_password : String
 	end
 
-	class Request::ListUsers < Request
+	class ListUsers < Request
 		property token : String?
 		property key : String?
 	end
@@ -294,18 +298,18 @@ class AuthD::Request
 	end
 
 	class PasswordRecovery < Request
-		property shared_key         : String
 		property user               : Int32 | String
 		property password_renew_key : String
 		property new_password       : String
 
-		initialize :shared_key, :user, :password_renew_key, :new_password
+		initialize :user, :password_renew_key, :new_password
 	end
 
 	class AskPasswordRecovery < Request
 		property user       : Int32 | String
+		property email      : String
 
-		initialize :user
+		initialize :user, :email
 	end
 
 	class SearchUser < Request
@@ -488,7 +492,7 @@ module AuthD
 		end
 
 		def change_password(uid_or_login : String | Int32, new_pass : String, renew_key : String)
-			send Request::PasswordRecovery.new @key, uid_or_login, renew_key, new_pass
+			send Request::PasswordRecovery.new uid_or_login, renew_key, new_pass
 			response = Response.from_ipc read
 
 			case response

src/main.cr

@@ -347,7 +347,12 @@ class AuthD::Service
 			end
 
 			if user.nil?
-				return Response::Error.new "user not found"
+				return Response::Error.new "no such user"
+			end
+
+			if user.contact.email != request.email
+				# Same error as when users are not found.
+				return Response::Error.new "no such user"
 			end
 
 			user.password_renew_key = UUID.random.to_s
@@ -374,10 +379,6 @@ class AuthD::Service
 
 			Response::PasswordRecoverySent.new user.to_public
 		when Request::PasswordRecovery
-			if request.shared_key != @jwt_key
-				return Response::Error.new "invalid authentication key"
-			end
-
 			uid_or_login = request.user
 			user = if uid_or_login.is_a? Int32
 				@users_per_uid.get? uid_or_login.to_s
@@ -524,12 +525,14 @@ class AuthD::Service
 				info "Timer"
 			when IPC::Event::MessageReceived
 				begin
-					request = Request.from_ipc event.message
+					request = Request.from_ipc(event.message).not_nil!
 
 					info "<< #{request.class.name.sub /^Request::/, ""}"
 
 					response = handle_request request
 
+					response.id = request.id
+
 					server.send event.fd, response
 				rescue e : MalformedRequest
 					error "#{e.message}"