Password recovery stuff.

This commit is contained in:
Luka Vandervelden 2020-08-12 18:33:32 +02:00
parent 2e8a2d448d
commit db80f3b1bc
2 changed files with 20 additions and 13 deletions

View File

@ -21,6 +21,8 @@ end
class AuthD::Response
include JSON::Serializable
property id : JSON::Any?
annotation MessageType
end
@ -172,6 +174,8 @@ end
class AuthD::Request
include JSON::Serializable
property id : JSON::Any?
annotation MessageType
end
@ -249,7 +253,7 @@ class AuthD::Request
initialize :shared_key, :user
end
class Request::Register < Request
class Register < Request
property login : String
property password : String
property email : String?
@ -259,13 +263,13 @@ class AuthD::Request
initialize :login, :password, :email, :phone, :profile
end
class Request::UpdatePassword < Request
class UpdatePassword < Request
property login : String
property old_password : String
property new_password : String
end
class Request::ListUsers < Request
class ListUsers < Request
property token : String?
property key : String?
end
@ -294,18 +298,18 @@ class AuthD::Request
end
class PasswordRecovery < Request
property shared_key : String
property user : Int32 | String
property password_renew_key : String
property new_password : String
initialize :shared_key, :user, :password_renew_key, :new_password
initialize :user, :password_renew_key, :new_password
end
class AskPasswordRecovery < Request
property user : Int32 | String
property email : String
initialize :user
initialize :user, :email
end
class SearchUser < Request
@ -488,7 +492,7 @@ module AuthD
end
def change_password(uid_or_login : String | Int32, new_pass : String, renew_key : String)
send Request::PasswordRecovery.new @key, uid_or_login, renew_key, new_pass
send Request::PasswordRecovery.new uid_or_login, renew_key, new_pass
response = Response.from_ipc read
case response

View File

@ -347,7 +347,12 @@ class AuthD::Service
end
if user.nil?
return Response::Error.new "user not found"
return Response::Error.new "no such user"
end
if user.contact.email != request.email
# Same error as when users are not found.
return Response::Error.new "no such user"
end
user.password_renew_key = UUID.random.to_s
@ -374,10 +379,6 @@ class AuthD::Service
Response::PasswordRecoverySent.new user.to_public
when Request::PasswordRecovery
if request.shared_key != @jwt_key
return Response::Error.new "invalid authentication key"
end
uid_or_login = request.user
user = if uid_or_login.is_a? Int32
@users_per_uid.get? uid_or_login.to_s
@ -524,12 +525,14 @@ class AuthD::Service
info "Timer"
when IPC::Event::MessageReceived
begin
request = Request.from_ipc event.message
request = Request.from_ipc(event.message).not_nil!
info "<< #{request.class.name.sub /^Request::/, ""}"
response = handle_request request
response.id = request.id
server.send event.fd, response
rescue e : MalformedRequest
error "#{e.message}"