diff --git a/src/requests/admin.cr b/src/requests/admin.cr index 97c355d..6e5d861 100644 --- a/src/requests/admin.cr +++ b/src/requests/admin.cr @@ -1,5 +1,5 @@ class AuthD::Request - IPC::JSON.message AddUser, 1 do + IPC::JSON.message AddUser, 9 do property login : String property password : String property admin : Bool = false diff --git a/src/requests/delete.cr b/src/requests/delete.cr index f8bbf1f..35314ae 100644 --- a/src/requests/delete.cr +++ b/src/requests/delete.cr @@ -1,5 +1,5 @@ class AuthD::Request - IPC::JSON.message Delete, 17 do + IPC::JSON.message Delete, 8 do # Deletion can be triggered by either an admin or the related user. property user : UserID | Nil = nil diff --git a/src/requests/moduser.cr b/src/requests/moduser.cr index ecc43f2..64f3fa2 100644 --- a/src/requests/moduser.cr +++ b/src/requests/moduser.cr @@ -1,5 +1,5 @@ class AuthD::Request - IPC::JSON.message ModUser, 5 do + IPC::JSON.message ModUser, 6 do property user : UserID | Nil = nil property admin : Bool? = nil property password : String? = nil diff --git a/src/requests/password.cr b/src/requests/password.cr index ed4d706..1611200 100644 --- a/src/requests/password.cr +++ b/src/requests/password.cr @@ -1,34 +1,5 @@ class AuthD::Request - IPC::JSON.message PasswordRecovery, 11 do - property user : UserID - property password_renew_key : String - property new_password : String - - def initialize(@user, @password_renew_key, @new_password) - end - - def handle(authd : AuthD::Service, fd : Int32) - user = authd.user? @user - # This is a way for an attacker to know what are the valid logins. - # Not sure I care enough to fix this. - return Response::Error.new "user not found" if user.nil? - - if user.password_renew_key == @password_renew_key - user.password_hash = authd.hash_password @new_password - else - return Response::Error.new "renew key not valid" - end - - user.password_renew_key = nil - - authd.users_per_uid.update user.uid.to_s, user - - Response::PasswordRecovered.new - end - end - AuthD.requests << PasswordRecovery - - IPC::JSON.message AskPasswordRecovery, 12 do + IPC::JSON.message AskPasswordRecovery, 3 do property user : UserID def initialize(@user) @@ -74,4 +45,33 @@ class AuthD::Request end end AuthD.requests << AskPasswordRecovery + + IPC::JSON.message PasswordRecovery, 4 do + property user : UserID + property password_renew_key : String + property new_password : String + + def initialize(@user, @password_renew_key, @new_password) + end + + def handle(authd : AuthD::Service, fd : Int32) + user = authd.user? @user + # This is a way for an attacker to know what are the valid logins. + # Not sure I care enough to fix this. + return Response::Error.new "user not found" if user.nil? + + if user.password_renew_key == @password_renew_key + user.password_hash = authd.hash_password @new_password + else + return Response::Error.new "renew key not valid" + end + + user.password_renew_key = nil + + authd.users_per_uid.update user.uid.to_s, user + + Response::PasswordRecovered.new + end + end + AuthD.requests << PasswordRecovery end diff --git a/src/requests/permissions.cr b/src/requests/permissions.cr index 1a35a9b..6eee676 100644 --- a/src/requests/permissions.cr +++ b/src/requests/permissions.cr @@ -1,5 +1,5 @@ class AuthD::Request - IPC::JSON.message CheckPermission, 9 do + IPC::JSON.message CheckPermission, 10 do property user : UserID property service : String property resource : String @@ -29,7 +29,7 @@ class AuthD::Request end AuthD.requests << CheckPermission - IPC::JSON.message SetPermission, 10 do + IPC::JSON.message SetPermission, 11 do property user : UserID property service : String property resource : String diff --git a/src/requests/profile.cr b/src/requests/profile.cr index a47f511..599b685 100644 --- a/src/requests/profile.cr +++ b/src/requests/profile.cr @@ -1,6 +1,6 @@ class AuthD::Request # Reset elements for which keys are present in `new_profile_entries`. - IPC::JSON.message EditProfileEntries, 15 do + IPC::JSON.message EditProfileEntries, 7 do property user : UserID | Nil = nil property new_profile_entries : Hash(String, JSON::Any) diff --git a/src/requests/register.cr b/src/requests/register.cr index 9383452..0314c22 100644 --- a/src/requests/register.cr +++ b/src/requests/register.cr @@ -1,5 +1,5 @@ class AuthD::Request - IPC::JSON.message Register, 6 do + IPC::JSON.message Register, 1 do property login : String property password : String property email : String? = nil diff --git a/src/requests/search.cr b/src/requests/search.cr index e7bc4d2..0a5c947 100644 --- a/src/requests/search.cr +++ b/src/requests/search.cr @@ -1,5 +1,5 @@ class AuthD::Request - IPC::JSON.message SearchUser, 13 do + IPC::JSON.message SearchUser, 12 do property regex : String? = nil # Since the list could be long, here is a way to get it at a reasonable pace. diff --git a/src/requests/users.cr b/src/requests/users.cr index 45300a6..9c50976 100644 --- a/src/requests/users.cr +++ b/src/requests/users.cr @@ -30,7 +30,7 @@ class AuthD::Request end AuthD.requests << ValidateUser - IPC::JSON.message GetUser, 3 do + IPC::JSON.message GetUser, 5 do property user : UserID def initialize(@user)