Compare commits
3 commits
ebcedc44ce
...
22cea49f03
| Author | SHA1 | Date | |
|---|---|---|---|
| 22cea49f03 | |||
| ed5e449d71 | |||
| 8c4e64d75b |
3 changed files with 111 additions and 48 deletions
|
|
@ -134,65 +134,69 @@ Subcommands:
|
|||
.Bl -tag -width "change-password" -compact
|
||||
.It Li add
|
||||
Adding a user to the DB.
|
||||
.It ""
|
||||
.br
|
||||
.Nm add
|
||||
.Ar login
|
||||
.Ar email-address
|
||||
|
||||
.It Li migrate
|
||||
Adding a user from old code base.
|
||||
.It ""
|
||||
.br
|
||||
.Nm migrate
|
||||
.Ar login
|
||||
.Ar hashed-password-old-algorithm
|
||||
|
||||
.It Li mod
|
||||
Modify a user account.
|
||||
.It ""
|
||||
.br
|
||||
.Nm mod
|
||||
.Ar userid
|
||||
.Bq Fl e Ar email | Fl P Ar profile
|
||||
|
||||
.It Li change-password
|
||||
Change the password of a user (requires admin).
|
||||
.It ""
|
||||
.br
|
||||
.Nm change-password
|
||||
.Ar userid
|
||||
|
||||
.It Li delete
|
||||
Remove user.
|
||||
.It ""
|
||||
.br
|
||||
.Nm delete
|
||||
.Ar userid
|
||||
.Op Ar userid...
|
||||
|
||||
.It Li validate
|
||||
Validate user.
|
||||
.It ""
|
||||
.br
|
||||
.Nm validate
|
||||
.Ar login
|
||||
.Ar activation-key
|
||||
|
||||
.It Li get
|
||||
Get user info.
|
||||
.It ""
|
||||
.br
|
||||
.Nm get
|
||||
.Ar login
|
||||
.Op Ar login...
|
||||
|
||||
.It Li search
|
||||
Search user.
|
||||
.It ""
|
||||
.br
|
||||
.Nm search
|
||||
.Ar login
|
||||
.Op Ar login...
|
||||
|
||||
.It Li recover
|
||||
Recover user password.
|
||||
.It ""
|
||||
.br
|
||||
.Nm recover
|
||||
.Ar login
|
||||
.Op Ar login...
|
||||
|
||||
.It Li register
|
||||
Register a user (requires activation from the token sent by email).
|
||||
.It ""
|
||||
.br
|
||||
.Nm register
|
||||
.Ar login
|
||||
.Ar email-address
|
||||
|
|
@ -215,7 +219,7 @@ permission set user-id application resource permission
|
|||
.br
|
||||
Available permissions:
|
||||
.Em none read edit admin .
|
||||
.It ""
|
||||
.br
|
||||
Example:
|
||||
.Nm authctl
|
||||
.Ar permission set 1000 dnsmanager
|
||||
|
|
@ -227,7 +231,7 @@ permission check user-id application resource
|
|||
.br
|
||||
Available permissions:
|
||||
.Em none read edit admin .
|
||||
.It ""
|
||||
.br
|
||||
Example:
|
||||
.Nm authctl
|
||||
.Ar permission check 1000 forum
|
||||
|
|
|
|||
|
|
@ -35,18 +35,35 @@ opt_email = -> (parser : OptionParser) {
|
|||
|
||||
|
||||
# Unrecognized parameters are used to create commands with multiple arguments.
|
||||
# Example: user add login email
|
||||
# Here, login and email are unrecognized arguments.
|
||||
# Example: user add _login email phone_
|
||||
# Here, login, email and phone are unrecognized arguments.
|
||||
# Still, the "user add" command expect them.
|
||||
unrecognized_args_to_context_args = -> (parser : OptionParser, n_expected_args : Int32) {
|
||||
unrecognized_args_to_context_args = -> (parser : OptionParser,
|
||||
nexact : Int32?,
|
||||
at_least : Int32?) {
|
||||
|
||||
# With the right args, these will be interpreted as serialized data.
|
||||
parser.unknown_args do |args|
|
||||
if args.size != n_expected_args
|
||||
Baguette::Log.error "expected number of arguments: #{n_expected_args}, received: #{args.size}"
|
||||
Baguette::Log.error "args: #{args}"
|
||||
|
||||
# either we test with the exact expected number of arguments or the least.
|
||||
if exact = nexact
|
||||
if args.size != exact
|
||||
Baguette::Log.error "Wrong number of parameters: expected #{exact}, got #{args.size}"
|
||||
Baguette::Log.error "#{parser}"
|
||||
exit 1
|
||||
end
|
||||
elsif least = at_least
|
||||
if args.size < least
|
||||
Baguette::Log.error "Wrong number of parameters: expected at least #{least}, got #{args.size}"
|
||||
Baguette::Log.error "#{parser}"
|
||||
exit 1
|
||||
end
|
||||
else
|
||||
Baguette::Log.error "Number of parameters not even provided!"
|
||||
Baguette::Log.error "#{parser}"
|
||||
exit 1
|
||||
end
|
||||
|
||||
args.each do |arg|
|
||||
Baguette::Log.debug "Unrecognized argument: #{arg} (adding to Context.args)"
|
||||
if Context.args.nil?
|
||||
|
|
@ -76,7 +93,7 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# login email
|
||||
unrecognized_args_to_context_args.call parser, 2
|
||||
unrecognized_args_to_context_args.call parser, 2, nil
|
||||
end
|
||||
|
||||
parser.on "exit", "Kill the service." do
|
||||
|
|
@ -85,7 +102,7 @@ parser = OptionParser.new do |parser|
|
|||
Context.command = "exit"
|
||||
opt_authd_login.call parser
|
||||
opt_help.call parser
|
||||
unrecognized_args_to_context_args.call parser, 0
|
||||
unrecognized_args_to_context_args.call parser, 0, nil
|
||||
end
|
||||
|
||||
parser.on "migration-script", "Add a batch of users from old code base." do
|
||||
|
|
@ -96,7 +113,7 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# user-db.txt
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, 1, nil
|
||||
end
|
||||
|
||||
parser.on "user", "Operations on users." do
|
||||
|
|
@ -110,7 +127,7 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# login email
|
||||
unrecognized_args_to_context_args.call parser, 2
|
||||
unrecognized_args_to_context_args.call parser, 2, nil
|
||||
end
|
||||
|
||||
parser.on "migrate", "Add a user from old code base." do
|
||||
|
|
@ -121,7 +138,7 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# login password-hash-brkn
|
||||
unrecognized_args_to_context_args.call parser, 2
|
||||
unrecognized_args_to_context_args.call parser, 2, nil
|
||||
end
|
||||
|
||||
parser.on "mod", "Modify a user account." do
|
||||
|
|
@ -133,7 +150,7 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# userid
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, 1, nil
|
||||
end
|
||||
|
||||
parser.on "change-password", "Change the password of a user (requires admin)." do
|
||||
|
|
@ -145,18 +162,18 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# userid
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, 1, nil
|
||||
end
|
||||
|
||||
parser.on "delete", "Remove user." do
|
||||
parser.banner = "Usage: user delete userid [opt]"
|
||||
parser.banner = "Usage: user delete userid [userid ...]"
|
||||
Baguette::Log.info "Remove user."
|
||||
Context.command = "user-delete"
|
||||
# You can either be the owner of the account, or an admin.
|
||||
opt_authd_login.call parser
|
||||
opt_help.call parser
|
||||
# userid
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, nil, 1
|
||||
end
|
||||
|
||||
parser.on "validate", "Validate user." do
|
||||
|
|
@ -166,7 +183,7 @@ parser = OptionParser.new do |parser|
|
|||
# No need to be authenticated.
|
||||
opt_help.call parser
|
||||
# login activation-key
|
||||
unrecognized_args_to_context_args.call parser, 2
|
||||
unrecognized_args_to_context_args.call parser, 2, nil
|
||||
end
|
||||
|
||||
parser.on "get", "Get user info." do
|
||||
|
|
@ -176,17 +193,17 @@ parser = OptionParser.new do |parser|
|
|||
opt_authd_login.call parser
|
||||
opt_help.call parser
|
||||
# login
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, nil, 1
|
||||
end
|
||||
|
||||
parser.on "search", "Search user." do
|
||||
parser.banner = "Usage: user search login [opt]"
|
||||
parser.banner = "Usage: user search login [login...]"
|
||||
Baguette::Log.info "Search user."
|
||||
Context.command = "user-search"
|
||||
opt_authd_login.call parser
|
||||
opt_help.call parser
|
||||
# login
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, nil, 1
|
||||
end
|
||||
|
||||
parser.on "recover", "Recover user password." do
|
||||
|
|
@ -196,7 +213,7 @@ parser = OptionParser.new do |parser|
|
|||
# No need to be authenticated.
|
||||
opt_help.call parser
|
||||
# login
|
||||
unrecognized_args_to_context_args.call parser, 1
|
||||
unrecognized_args_to_context_args.call parser, nil, 1
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -208,7 +225,7 @@ parser = OptionParser.new do |parser|
|
|||
opt_profile.call parser
|
||||
opt_help.call parser
|
||||
# login email
|
||||
unrecognized_args_to_context_args.call parser, 2
|
||||
unrecognized_args_to_context_args.call parser, 2, nil
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -226,7 +243,7 @@ END
|
|||
opt_authd_login.call parser
|
||||
opt_help.call parser
|
||||
# userid application resource permission
|
||||
unrecognized_args_to_context_args.call parser, 4
|
||||
unrecognized_args_to_context_args.call parser, 4, nil
|
||||
end
|
||||
|
||||
parser.on "check", "Check permissions." do
|
||||
|
|
@ -241,7 +258,7 @@ END
|
|||
opt_authd_login.call parser
|
||||
opt_help.call parser
|
||||
# userid application resource
|
||||
unrecognized_args_to_context_args.call parser, 3
|
||||
unrecognized_args_to_context_args.call parser, 3, nil
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
require "baguette-crystal-base"
|
||||
require "option_parser"
|
||||
require "yaml"
|
||||
require "./authd.cr"
|
||||
|
|
@ -242,12 +243,13 @@ class Actions
|
|||
|
||||
def user_deletion
|
||||
args = Context.args.not_nil!
|
||||
userid = args[0].to_u32
|
||||
|
||||
args.each do |u|
|
||||
Baguette::Log.info "Removing user #{u}…"
|
||||
userid = u.to_u32
|
||||
res = authd.delete userid
|
||||
|
||||
puts res
|
||||
end
|
||||
end
|
||||
|
||||
def user_validation
|
||||
args = Context.args.not_nil!
|
||||
|
|
@ -256,19 +258,22 @@ class Actions
|
|||
end
|
||||
def user_search
|
||||
args = Context.args.not_nil!
|
||||
login = args[0]
|
||||
args.each do |login|
|
||||
pp! authd.search_user login
|
||||
end
|
||||
end
|
||||
def user_get
|
||||
args = Context.args.not_nil!
|
||||
login = args[0]
|
||||
args.each do |login|
|
||||
pp! authd.get_user? login
|
||||
end
|
||||
end
|
||||
def user_recovery
|
||||
args = Context.args.not_nil!
|
||||
login = args[0]
|
||||
args.each do |login|
|
||||
pp! authd.ask_password_recovery login
|
||||
end
|
||||
end
|
||||
|
||||
def permission_check
|
||||
args = Context.args.not_nil!
|
||||
|
|
@ -305,6 +310,26 @@ def main
|
|||
# Authd connection.
|
||||
authd = AuthD::Client.new
|
||||
|
||||
# Read configuration.
|
||||
simulation, no_configuration, configuration_file = Baguette::Configuration.option_parser
|
||||
|
||||
# Authd configuration.
|
||||
authentication_config = if no_configuration
|
||||
Baguette::Log.info "do not load a configuration file."
|
||||
Baguette::Configuration::Auth.new
|
||||
else
|
||||
# Configuration file is for dnsmanagerd.
|
||||
Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new
|
||||
end
|
||||
|
||||
# FIXME I guess: why isn't this working?
|
||||
#Baguette::Configuration.verbosity = authentication_config.verbosity
|
||||
|
||||
if key_file = authentication_config.secret_key_file
|
||||
authentication_config.secret_key = File.read(key_file).chomp
|
||||
end
|
||||
|
||||
# TODO: when I have the time, clean up this redundant piece of code. In the meantime, it works.
|
||||
if login = Context.authd_login
|
||||
pass = if p = Context.authd_pass
|
||||
p
|
||||
|
|
@ -317,11 +342,28 @@ def main
|
|||
case response
|
||||
when Response::Login
|
||||
uid = response.uid
|
||||
token = response.token
|
||||
Baguette::Log.info "Authenticated as #{login} #{uid}, token: #{token}"
|
||||
#token = response.token
|
||||
Baguette::Log.info "Authenticated as #{login} #{uid}"
|
||||
else
|
||||
raise "Cannot authenticate to authd with login #{login}: #{response}."
|
||||
end
|
||||
else
|
||||
Baguette::Log.info "no authd login from CLI."
|
||||
if authentication_config.login.nil? || authentication_config.pass.nil?
|
||||
Baguette::Log.info "no authd login from configuration either."
|
||||
else
|
||||
login = authentication_config.login.not_nil!
|
||||
pass = authentication_config.pass.not_nil!
|
||||
response = authd.login? login, pass
|
||||
case response
|
||||
when Response::Login
|
||||
uid = response.uid
|
||||
#token = response.token
|
||||
Baguette::Log.info "Authenticated as #{login} #{uid}"
|
||||
else
|
||||
raise "Cannot authenticate to authd with login #{login}: #{response}."
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
actions = Actions.new authd
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue