70 lines
1.8 KiB
Crystal
70 lines
1.8 KiB
Crystal
class AuthD::Request
|
|
IPC::JSON.message Delete, 17 do
|
|
# Deletion can be triggered by either an admin or the user.
|
|
property shared_key : String? = nil
|
|
|
|
property login : String? = nil
|
|
property password : String? = nil
|
|
|
|
property user : String | Int32
|
|
|
|
def initialize(@user, @login, @password)
|
|
end
|
|
def initialize(@user, @shared_key)
|
|
end
|
|
|
|
def handle(authd : AuthD::Service, event : IPC::Event::Events)
|
|
uid_or_login = @user
|
|
user_to_delete = if uid_or_login.is_a? Int32
|
|
authd.users_per_uid.get? uid_or_login.to_s
|
|
else
|
|
authd.users_per_login.get? uid_or_login
|
|
end
|
|
|
|
if user_to_delete.nil?
|
|
return Response::Error.new "invalid user"
|
|
end
|
|
|
|
# Either the request comes from an admin or the user.
|
|
# Shared key == admin, check the key.
|
|
if key = @shared_key
|
|
return Response::Error.new "unauthorized (wrong shared key)" unless key == authd.configuration.shared_key
|
|
else
|
|
login = @login
|
|
pass = @password
|
|
if login.nil? || pass.nil?
|
|
return Response::Error.new "authentication failed (no shared key, no login)"
|
|
end
|
|
|
|
# authenticate the user
|
|
begin
|
|
user = authd.users_per_login.get login
|
|
rescue e : DODB::MissingEntry
|
|
return Response::Error.new "invalid credentials"
|
|
end
|
|
|
|
if user.nil?
|
|
return Response::Error.new "invalid credentials"
|
|
end
|
|
|
|
if user.password_hash != authd.hash_password pass
|
|
return Response::Error.new "invalid credentials"
|
|
end
|
|
|
|
# Is the user to delete the requesting user?
|
|
if user.uid != user_to_delete.uid
|
|
return Response::Error.new "invalid credentials"
|
|
end
|
|
end
|
|
|
|
# User or admin is now verified: let's proceed with the user deletion.
|
|
authd.users_per_login.delete user_to_delete.login
|
|
|
|
# TODO: better response
|
|
Response::User.new user_to_delete.to_public
|
|
end
|
|
end
|
|
AuthD.requests << Delete
|
|
|
|
end
|