66 lines
1.7 KiB
Crystal
66 lines
1.7 KiB
Crystal
class AuthD::Request
|
|
IPC::JSON.message ValidateUser, 2 do
|
|
property user : UserID
|
|
property activation_key : String
|
|
|
|
def initialize(@user, @activation_key)
|
|
end
|
|
|
|
def to_s(io : IO)
|
|
super io
|
|
io << " (user: #{@user}, activation_key: #{@activation_key})"
|
|
end
|
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
|
user = authd.user? @user
|
|
# This is a way for an attacker to know what are the valid logins.
|
|
# Not sure I care enough to fix this.
|
|
return Response::ErrorUserNotFound.new if user.nil?
|
|
|
|
if user.contact.activation_key.nil?
|
|
return Response::ErrorUserAlreadyValidated.new
|
|
end
|
|
|
|
# Remove the user contact activation key: the email is validated.
|
|
if user.contact.activation_key != @activation_key
|
|
return Response::ErrorInvalidActivationKey.new
|
|
end
|
|
|
|
cloned_user = user.clone
|
|
|
|
cloned_user.contact.activation_key = nil
|
|
cloned_user.contact.email = cloned_user.contact.pending_email
|
|
cloned_user.contact.pending_email = nil
|
|
|
|
authd.users_per_uid.update cloned_user
|
|
|
|
Response::UserValidated.new user.to_public
|
|
end
|
|
end
|
|
AuthD.requests << ValidateUser
|
|
|
|
IPC::JSON.message GetUser, 5 do
|
|
property user : UserID
|
|
|
|
def initialize(@user)
|
|
end
|
|
|
|
def to_s(io : IO)
|
|
super io
|
|
io << " (user: #{@user})"
|
|
end
|
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
|
logged_user = authd.get_logged_user? fd
|
|
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
|
|
|
user = authd.user? @user
|
|
# This is a way for an attacker to know what are the valid logins.
|
|
# Not sure I care enough to fix this.
|
|
return Response::ErrorUserNotFound.new if user.nil?
|
|
|
|
Response::User.new user.to_public
|
|
end
|
|
end
|
|
AuthD.requests << GetUser
|
|
end
|