Update authctl manpage with the recent changes of the client.

Enable the client to massively purge users.
Enable the client to read the configuration (no more mandatory CLI auth).
2025-11-26 03:20:04 +01:00 · 2025-11-26 02:58:48 +01:00 · 2025-11-23 17:54:56 +01:00
3 changed files with 111 additions and 48 deletions
--- a/man/authctl.1
+++ b/man/authctl.1
@ -134,65 +134,69 @@ Subcommands:
 .Bl -tag -width "change-password" -compact
 .It Li add
 Adding a user to the DB.
-.It ""
+.br
 .Nm add
 .Ar login
 .Ar email-address

 .It Li migrate
 Adding a user from old code base.
-.It ""
+.br
 .Nm migrate
 .Ar login
 .Ar hashed-password-old-algorithm

 .It Li mod
 Modify a user account.
-.It ""
+.br
 .Nm mod
 .Ar userid
 .Bq Fl e Ar email | Fl P Ar profile

 .It Li change-password
 Change the password of a user (requires admin).
-.It ""
+.br
 .Nm change-password
 .Ar userid

 .It Li delete
 Remove user.
-.It ""
+.br
 .Nm delete
 .Ar userid
+.Op Ar userid...

 .It Li validate
 Validate user.
-.It ""
+.br
 .Nm validate
 .Ar login
 .Ar activation-key

 .It Li get
 Get user info.
-.It ""
+.br
 .Nm get
 .Ar login
+.Op Ar login...

 .It Li search
 Search user.
-.It ""
+.br
 .Nm search
 .Ar login
+.Op Ar login...

 .It Li recover
 Recover user password.
-.It ""
+.br
 .Nm recover
 .Ar login
+.Op Ar login...

 .It Li register
 Register a user (requires activation from the token sent by email).
-.It ""
+.br
 .Nm register
 .Ar login
 .Ar email-address
@ -215,7 +219,7 @@ permission set user-id application resource permission
 .br
 Available permissions:
 .Em none read edit admin .
-.It ""
+.br
 Example:
 .Nm authctl
 .Ar permission set 1000 dnsmanager
@ -227,7 +231,7 @@ permission check user-id application resource
 .br
 Available permissions:
 .Em none read edit admin .
-.It ""
+.br
 Example:
 .Nm authctl
 .Ar permission check 1000 forum
--- a/src/better-parser.cr
+++ b/src/better-parser.cr
@ -35,18 +35,35 @@ opt_email = -> (parser : OptionParser) {


 # Unrecognized parameters are used to create commands with multiple arguments.
-# Example: user add login email
-# Here, login and email are unrecognized arguments.
+# Example: user add _login email phone_
+# Here, login, email and phone are unrecognized arguments.
 # Still, the "user add" command expect them.
-unrecognized_args_to_context_args = -> (parser : OptionParser, n_expected_args : Int32) {
+unrecognized_args_to_context_args = -> (parser : OptionParser,
+	nexact   : Int32?,
+	at_least : Int32?) {
+
 	# With the right args, these will be interpreted as serialized data.
 	parser.unknown_args do |args|
-		if args.size != n_expected_args
-			Baguette::Log.error "expected number of arguments: #{n_expected_args}, received: #{args.size}"
-			Baguette::Log.error "args: #{args}"
+
+		# either we test with the exact expected number of arguments or the least.
+		if exact = nexact
+			if args.size != exact
+				Baguette::Log.error "Wrong number of parameters: expected #{exact}, got #{args.size}"
+				Baguette::Log.error "#{parser}"
+				exit 1
+			end
+		elsif least = at_least
+			if args.size < least
+				Baguette::Log.error "Wrong number of parameters: expected at least #{least}, got #{args.size}"
+				Baguette::Log.error "#{parser}"
+				exit 1
+			end
+		else
+			Baguette::Log.error "Number of parameters not even provided!"
 			Baguette::Log.error "#{parser}"
 			exit 1
 		end
+
 		args.each do |arg|
 			Baguette::Log.debug "Unrecognized argument: #{arg} (adding to Context.args)"
 			if Context.args.nil?
@ -76,7 +93,7 @@ parser = OptionParser.new do |parser|
 		opt_profile.call parser
 		opt_help.call parser
 		# login email
-		unrecognized_args_to_context_args.call parser, 2
+		unrecognized_args_to_context_args.call parser, 2, nil
 	end

 	parser.on "exit", "Kill the service." do
@ -85,7 +102,7 @@ parser = OptionParser.new do |parser|
 		Context.command = "exit"
 		opt_authd_login.call parser
 		opt_help.call parser
-		unrecognized_args_to_context_args.call parser, 0
+		unrecognized_args_to_context_args.call parser, 0, nil
 	end

 	parser.on "migration-script", "Add a batch of users from old code base." do
@ -96,7 +113,7 @@ parser = OptionParser.new do |parser|
 		opt_profile.call parser
 		opt_help.call parser
 		# user-db.txt
-		unrecognized_args_to_context_args.call parser, 1
+		unrecognized_args_to_context_args.call parser, 1, nil
 	end

 	parser.on "user", "Operations on users." do
@ -110,7 +127,7 @@ parser = OptionParser.new do |parser|
 			opt_profile.call parser
 			opt_help.call parser
 			# login email
-			unrecognized_args_to_context_args.call parser, 2
+			unrecognized_args_to_context_args.call parser, 2, nil
 		end

 		parser.on "migrate", "Add a user from old code base." do
@ -121,7 +138,7 @@ parser = OptionParser.new do |parser|
 			opt_profile.call parser
 			opt_help.call parser
 			# login password-hash-brkn
-			unrecognized_args_to_context_args.call parser, 2
+			unrecognized_args_to_context_args.call parser, 2, nil
 		end

 		parser.on "mod", "Modify a user account." do
@ -133,7 +150,7 @@ parser = OptionParser.new do |parser|
 			opt_profile.call parser
 			opt_help.call parser
 			# userid
-			unrecognized_args_to_context_args.call parser, 1
+			unrecognized_args_to_context_args.call parser, 1, nil
 		end

 		parser.on "change-password", "Change the password of a user (requires admin)." do
@ -145,18 +162,18 @@ parser = OptionParser.new do |parser|
 			opt_profile.call parser
 			opt_help.call parser
 			# userid
-			unrecognized_args_to_context_args.call parser, 1
+			unrecognized_args_to_context_args.call parser, 1, nil
 		end

 		parser.on "delete", "Remove user." do
-			parser.banner = "Usage: user delete userid [opt]"
+			parser.banner = "Usage: user delete userid [userid ...]"
 			Baguette::Log.info "Remove user."
 			Context.command = "user-delete"
 			# You can either be the owner of the account, or an admin.
 			opt_authd_login.call parser
 			opt_help.call parser
 			# userid
-			unrecognized_args_to_context_args.call parser, 1
+			unrecognized_args_to_context_args.call parser, nil, 1
 		end

 		parser.on "validate", "Validate user." do
@ -166,7 +183,7 @@ parser = OptionParser.new do |parser|
 			# No need to be authenticated.
 			opt_help.call parser
 			# login activation-key
-			unrecognized_args_to_context_args.call parser, 2
+			unrecognized_args_to_context_args.call parser, 2, nil
 		end

 		parser.on "get", "Get user info." do
@ -176,17 +193,17 @@ parser = OptionParser.new do |parser|
 			opt_authd_login.call parser
 			opt_help.call parser
 			# login
-			unrecognized_args_to_context_args.call parser, 1
+			unrecognized_args_to_context_args.call parser, nil, 1
 		end

 		parser.on "search", "Search user." do
-			parser.banner = "Usage: user search login [opt]"
+			parser.banner = "Usage: user search login [login...]"
 			Baguette::Log.info "Search user."
 			Context.command = "user-search"
 			opt_authd_login.call parser
 			opt_help.call parser
 			# login
-			unrecognized_args_to_context_args.call parser, 1
+			unrecognized_args_to_context_args.call parser, nil, 1
 		end

 		parser.on "recover", "Recover user password." do
@ -196,7 +213,7 @@ parser = OptionParser.new do |parser|
 			# No need to be authenticated.
 			opt_help.call parser
 			# login
-			unrecognized_args_to_context_args.call parser, 1
+			unrecognized_args_to_context_args.call parser, nil, 1
 		end


@ -208,7 +225,7 @@ parser = OptionParser.new do |parser|
 			opt_profile.call parser
 			opt_help.call parser
 			# login email
-			unrecognized_args_to_context_args.call parser, 2
+			unrecognized_args_to_context_args.call parser, 2, nil
 		end
 	end

@ -226,7 +243,7 @@ END
 			opt_authd_login.call parser
 			opt_help.call parser
 			# userid application resource permission
-			unrecognized_args_to_context_args.call parser, 4
+			unrecognized_args_to_context_args.call parser, 4, nil
 		end

 		parser.on "check", "Check permissions." do
@ -241,7 +258,7 @@ END
 			opt_authd_login.call parser
 			opt_help.call parser
 			# userid application resource
-			unrecognized_args_to_context_args.call parser, 3
+			unrecognized_args_to_context_args.call parser, 3, nil
 		end
 	end

--- a/src/client.cr
+++ b/src/client.cr
@ -1,3 +1,4 @@
+require "baguette-crystal-base"
 require "option_parser"
 require "yaml"
 require "./authd.cr"
@ -242,11 +243,12 @@ class Actions

 	def user_deletion
 		args = Context.args.not_nil!
-		userid = args[0].to_u32
-
-		res = authd.delete userid
-
-		puts res
+		args.each do |u|
+			Baguette::Log.info "Removing user #{u}…"
+			userid = u.to_u32
+			res = authd.delete userid
+			puts res
+		end
 	end

 	def user_validation
@ -256,18 +258,21 @@ class Actions
 	end
 	def user_search
 		args = Context.args.not_nil!
-		login = args[0]
-        pp! authd.search_user login
+		args.each do |login|
+			pp! authd.search_user login
+		end
 	end
 	def user_get
 		args = Context.args.not_nil!
-		login = args[0]
-		pp! authd.get_user? login
+		args.each do |login|
+			pp! authd.get_user? login
+		end
 	end
 	def user_recovery
 		args = Context.args.not_nil!
-		login = args[0]
-        pp! authd.ask_password_recovery login
+		args.each do |login|
+			pp! authd.ask_password_recovery login
+		end
 	end

 	def permission_check
@ -305,6 +310,26 @@ def main
 	# Authd connection.
 	authd = AuthD::Client.new

+	# Read configuration.
+	simulation, no_configuration, configuration_file = Baguette::Configuration.option_parser
+
+	# Authd configuration.
+	authentication_config = if no_configuration
+		Baguette::Log.info "do not load a configuration file."
+		Baguette::Configuration::Auth.new
+	else
+		# Configuration file is for dnsmanagerd.
+		Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new
+	end
+
+	# FIXME I guess: why isn't this working?
+	#Baguette::Configuration.verbosity = authentication_config.verbosity
+
+	if key_file = authentication_config.secret_key_file
+		authentication_config.secret_key = File.read(key_file).chomp
+	end
+
+	# TODO: when I have the time, clean up this redundant piece of code. In the meantime, it works.
 	if login = Context.authd_login
 		pass = if p = Context.authd_pass
 			p
@ -317,11 +342,28 @@ def main
 		case response
 		when Response::Login
 			uid = response.uid
-			token = response.token
-			Baguette::Log.info "Authenticated as #{login} #{uid}, token: #{token}"
+			#token = response.token
+			Baguette::Log.info "Authenticated as #{login} #{uid}"
 		else
 			raise "Cannot authenticate to authd with login #{login}: #{response}."
 		end
+	else
+		Baguette::Log.info "no authd login from CLI."
+		if authentication_config.login.nil? || authentication_config.pass.nil?
+			Baguette::Log.info "no authd login from configuration either."
+		else
+			login = authentication_config.login.not_nil!
+			pass  = authentication_config.pass.not_nil!
+			response = authd.login? login, pass
+			case response
+			when Response::Login
+				uid = response.uid
+				#token = response.token
+				Baguette::Log.info "Authenticated as #{login} #{uid}"
+			else
+				raise "Cannot authenticate to authd with login #{login}: #{response}."
+			end
+		end
 	end

 	actions = Actions.new authd
Author	SHA1	Message	Date
Philippe Pittoli	22cea49f03	Update authctl manpage with the recent changes of the client.	2025-11-26 03:20:04 +01:00
Philippe Pittoli	ed5e449d71	Enable the client to massively purge users.	2025-11-26 02:58:48 +01:00
Philippe Pittoli	8c4e64d75b	Enable the client to read the configuration (no more mandatory CLI auth).	2025-11-23 17:54:56 +01:00