Change message numbers.

This commit is contained in:
Philippe Pittoli 2023-06-13 03:15:08 +02:00
parent fb65c32848
commit f6311be77f
9 changed files with 39 additions and 39 deletions

View File

@ -1,5 +1,5 @@
class AuthD::Request
IPC::JSON.message AddUser, 1 do
IPC::JSON.message AddUser, 9 do
property login : String
property password : String
property admin : Bool = false

View File

@ -1,5 +1,5 @@
class AuthD::Request
IPC::JSON.message Delete, 17 do
IPC::JSON.message Delete, 8 do
# Deletion can be triggered by either an admin or the related user.
property user : UserID | Nil = nil

View File

@ -1,5 +1,5 @@
class AuthD::Request
IPC::JSON.message ModUser, 5 do
IPC::JSON.message ModUser, 6 do
property user : UserID | Nil = nil
property admin : Bool? = nil
property password : String? = nil

View File

@ -1,34 +1,5 @@
class AuthD::Request
IPC::JSON.message PasswordRecovery, 11 do
property user : UserID
property password_renew_key : String
property new_password : String
def initialize(@user, @password_renew_key, @new_password)
end
def handle(authd : AuthD::Service, fd : Int32)
user = authd.user? @user
# This is a way for an attacker to know what are the valid logins.
# Not sure I care enough to fix this.
return Response::Error.new "user not found" if user.nil?
if user.password_renew_key == @password_renew_key
user.password_hash = authd.hash_password @new_password
else
return Response::Error.new "renew key not valid"
end
user.password_renew_key = nil
authd.users_per_uid.update user.uid.to_s, user
Response::PasswordRecovered.new
end
end
AuthD.requests << PasswordRecovery
IPC::JSON.message AskPasswordRecovery, 12 do
IPC::JSON.message AskPasswordRecovery, 3 do
property user : UserID
def initialize(@user)
@ -74,4 +45,33 @@ class AuthD::Request
end
end
AuthD.requests << AskPasswordRecovery
IPC::JSON.message PasswordRecovery, 4 do
property user : UserID
property password_renew_key : String
property new_password : String
def initialize(@user, @password_renew_key, @new_password)
end
def handle(authd : AuthD::Service, fd : Int32)
user = authd.user? @user
# This is a way for an attacker to know what are the valid logins.
# Not sure I care enough to fix this.
return Response::Error.new "user not found" if user.nil?
if user.password_renew_key == @password_renew_key
user.password_hash = authd.hash_password @new_password
else
return Response::Error.new "renew key not valid"
end
user.password_renew_key = nil
authd.users_per_uid.update user.uid.to_s, user
Response::PasswordRecovered.new
end
end
AuthD.requests << PasswordRecovery
end

View File

@ -1,5 +1,5 @@
class AuthD::Request
IPC::JSON.message CheckPermission, 9 do
IPC::JSON.message CheckPermission, 10 do
property user : UserID
property service : String
property resource : String
@ -29,7 +29,7 @@ class AuthD::Request
end
AuthD.requests << CheckPermission
IPC::JSON.message SetPermission, 10 do
IPC::JSON.message SetPermission, 11 do
property user : UserID
property service : String
property resource : String

View File

@ -1,6 +1,6 @@
class AuthD::Request
# Reset elements for which keys are present in `new_profile_entries`.
IPC::JSON.message EditProfileEntries, 15 do
IPC::JSON.message EditProfileEntries, 7 do
property user : UserID | Nil = nil
property new_profile_entries : Hash(String, JSON::Any)

View File

@ -1,5 +1,5 @@
class AuthD::Request
IPC::JSON.message Register, 6 do
IPC::JSON.message Register, 1 do
property login : String
property password : String
property email : String? = nil

View File

@ -1,5 +1,5 @@
class AuthD::Request
IPC::JSON.message SearchUser, 13 do
IPC::JSON.message SearchUser, 12 do
property regex : String? = nil
# Since the list could be long, here is a way to get it at a reasonable pace.

View File

@ -30,7 +30,7 @@ class AuthD::Request
end
AuthD.requests << ValidateUser
IPC::JSON.message GetUser, 3 do
IPC::JSON.message GetUser, 5 do
property user : UserID
def initialize(@user)