class AuthD::Request
	IPC::JSON.message Login, 0 do
		property login      : String
		property password   : String

		def initialize(@login, @password)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			begin
				user = authd.users_per_login.get @login
			rescue e : DODB::MissingEntry
				# This lack of proper error message is intentional.
				# Let attackers try to authenticate themselves with a wrong login.
				return Response::ErrorInvalidCredentials.new
			end

			# This line is basically just to please the Crystal's type system.
			# No user means DODB::MissingEntry, so it's already covered.
			return Response::ErrorInvalidCredentials.new if user.nil?

			if user.password_hash != authd.hash_password @password
				return Response::ErrorInvalidCredentials.new
			end

			user.date_last_connection = Time.local
			token = user.to_token

			# Change the date of the last connection.
			authd.users_per_uid.update user.uid.to_s, user

			# On successuful connection: store the authenticated user in a hash.
			authd.logged_users[fd] = user.to_public

			Response::Login.new (token.to_s authd.configuration.secret_key), user.uid
		end
	end
	AuthD.requests << Login
end