class AuthD::Request IPC::JSON.message AskPasswordRecovery, 3 do property user : UserID def initialize(@user) end def handle(authd : AuthD::Service, fd : Int32) user = authd.user? @user # This is a way for an attacker to know what are the valid logins. # Not sure I care enough to fix this. return Response::ErrorUserNotFound.new if user.nil? # Create a new random key for password renewal. user.password_renew_key = UUID.random.to_s authd.users_per_uid.update user.uid.to_s, user # TODO: this is debug information. Should be removed once tested. # Once the user is created and stored, we try to contact him if authd.configuration.print_password_recovery_parameters pp! user.login, user.contact.email.not_nil!, user.password_renew_key.not_nil! end mailer_exe = authd.configuration.mailer_exe template_name = authd.configuration.recovery_template u_login = user.login u_email = user.contact.email.not_nil! u_token = user.password_renew_key.not_nil! # Once the user is created and stored, we try to contact him. unless Process.run(mailer_exe, # PARAMETERS [ "send", template_name, u_email ], # ENV { "LOGIN" => u_login, "TOKEN" => u_token }, true # clear environment ).success? raise "cannot contact user #{u_login} address #{u_email}" end Response::PasswordRecoverySent.new end end AuthD.requests << AskPasswordRecovery IPC::JSON.message PasswordRecovery, 4 do property user : UserID property password_renew_key : String property new_password : String def initialize(@user, @password_renew_key, @new_password) end def handle(authd : AuthD::Service, fd : Int32) user = authd.user? @user # This is a way for an attacker to know what are the valid logins. # Not sure I care enough to fix this. return Response::ErrorUserNotFound.new if user.nil? if user.password_renew_key == @password_renew_key user.password_hash = authd.hash_password @new_password else return Response::ErrorInvalidRenewKey.new end user.password_renew_key = nil authd.users_per_uid.update user.uid.to_s, user Response::PasswordRecovered.new end end AuthD.requests << PasswordRecovery end