New authd API + InvalidToken error.
This commit is contained in:
parent
776ee3ffe4
commit
7975be6bd4
@ -1,13 +1,16 @@
|
|||||||
|
|
||||||
def authd_get_token(key_file : String? = nil, login : String? = nil, pass : String? = nil)
|
def authd_get_token(login : String? = nil, pass : String? = nil)
|
||||||
authd = AuthD::Client.new
|
authd = AuthD::Client.new
|
||||||
key_file.try do |file| # FIXME: fail if missing?
|
|
||||||
authd.key = File.read(file).chomp
|
|
||||||
end
|
|
||||||
|
|
||||||
token = authd.get_token? login, pass
|
response = authd.login? login, pass
|
||||||
raise "cannot get a token" if token.nil?
|
case response
|
||||||
|
when Response::Login
|
||||||
authd.close
|
authd.close
|
||||||
|
uid = response.uid
|
||||||
token
|
token = response.token
|
||||||
|
Baguette::Log.info "Authenticated as #{login} #{uid}, token: #{token}"
|
||||||
|
return token
|
||||||
|
end
|
||||||
|
authd.close
|
||||||
|
raise "Cannot authenticate to authd with login #{login}: #{response}."
|
||||||
end
|
end
|
||||||
|
@ -85,8 +85,8 @@ class DNSManager::Client < IPC
|
|||||||
# Admin stuff.
|
# Admin stuff.
|
||||||
#
|
#
|
||||||
|
|
||||||
def admin_maintenance(key : String, subject : Request::Maintenance::Subject, value : Int32? = nil)
|
def admin_maintenance(subject : Request::Maintenance::Subject, value : Int32? = nil)
|
||||||
request = Request::Maintenance.new(key,subject)
|
request = Request::Maintenance.new(subject)
|
||||||
if value
|
if value
|
||||||
request.value = value
|
request.value = value
|
||||||
end
|
end
|
||||||
|
@ -25,12 +25,11 @@ end
|
|||||||
class Actions
|
class Actions
|
||||||
property the_call = {} of String => Proc(Nil)
|
property the_call = {} of String => Proc(Nil)
|
||||||
property dnsmanagerd : DNSManager::Client
|
property dnsmanagerd : DNSManager::Client
|
||||||
#property authd : AuthD::Client
|
property authd : AuthD::Client
|
||||||
#property authd_config : Baguette::Configuration::Auth
|
#property authd_config : Baguette::Configuration::Auth
|
||||||
property authd_key : String? = nil
|
|
||||||
property config : Baguette::Configuration::DNSManager
|
property config : Baguette::Configuration::DNSManager
|
||||||
|
|
||||||
def initialize(@dnsmanagerd, @config, @authd_key = nil)
|
def initialize(@dnsmanagerd, @config)
|
||||||
#
|
#
|
||||||
# Admin section.
|
# Admin section.
|
||||||
#
|
#
|
||||||
@ -49,6 +48,8 @@ class Actions
|
|||||||
@the_call["user-rr-del"] = ->user_rr_del
|
@the_call["user-rr-del"] = ->user_rr_del
|
||||||
|
|
||||||
@the_call["user-domain-list"] = ->user_domain_list
|
@the_call["user-domain-list"] = ->user_domain_list
|
||||||
|
|
||||||
|
@authd = AuthD::Client.new
|
||||||
end
|
end
|
||||||
|
|
||||||
def admin_maintenance
|
def admin_maintenance
|
||||||
@ -66,11 +67,11 @@ class Actions
|
|||||||
if past_is_verbosity
|
if past_is_verbosity
|
||||||
sub = DNSManager::Request::Maintenance::Subject::Verbosity
|
sub = DNSManager::Request::Maintenance::Subject::Verbosity
|
||||||
value = subject.to_i
|
value = subject.to_i
|
||||||
@dnsmanagerd.admin_maintenance authd_key.not_nil!, sub, value
|
@dnsmanagerd.admin_maintenance sub, value
|
||||||
else
|
else
|
||||||
sub = DNSManager::Request::Maintenance::Subject.parse(subject)
|
sub = DNSManager::Request::Maintenance::Subject.parse(subject)
|
||||||
pp! sub
|
pp! sub
|
||||||
pp! @dnsmanagerd.admin_maintenance authd_key.not_nil!, sub
|
pp! @dnsmanagerd.admin_maintenance sub
|
||||||
end
|
end
|
||||||
rescue e
|
rescue e
|
||||||
puts "error for admin_maintenance #{subject}: #{e.message}"
|
puts "error for admin_maintenance #{subject}: #{e.message}"
|
||||||
@ -175,9 +176,6 @@ def main
|
|||||||
# Configuration file is for dnsmanagerd.
|
# Configuration file is for dnsmanagerd.
|
||||||
Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new
|
Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new
|
||||||
end
|
end
|
||||||
if key_file = authd_config.shared_key_file
|
|
||||||
authd_config.shared_key = File.read(key_file).chomp
|
|
||||||
end
|
|
||||||
|
|
||||||
# Authd configuration.
|
# Authd configuration.
|
||||||
config = if no_configuration
|
config = if no_configuration
|
||||||
@ -216,8 +214,7 @@ def main
|
|||||||
Baguette::Log.info "logged."
|
Baguette::Log.info "logged."
|
||||||
end
|
end
|
||||||
|
|
||||||
#authd = AuthD::Client.new
|
actions = Actions.new dnsmanagerd, config
|
||||||
actions = Actions.new dnsmanagerd, config, authd_config.shared_key
|
|
||||||
|
|
||||||
# Now we did read the intent, we should proceed doing what was asked.
|
# Now we did read the intent, we should proceed doing what was asked.
|
||||||
begin
|
begin
|
||||||
@ -228,7 +225,6 @@ def main
|
|||||||
|
|
||||||
# dnsmanagerd disconnection
|
# dnsmanagerd disconnection
|
||||||
dnsmanagerd.close
|
dnsmanagerd.close
|
||||||
#authd.close
|
|
||||||
rescue e
|
rescue e
|
||||||
Baguette::Log.info "Exception: #{e}"
|
Baguette::Log.info "Exception: #{e}"
|
||||||
end
|
end
|
||||||
|
@ -14,13 +14,6 @@ end
|
|||||||
|
|
||||||
def parsing_cli(authd_config : Baguette::Configuration::Auth)
|
def parsing_cli(authd_config : Baguette::Configuration::Auth)
|
||||||
|
|
||||||
opt_authd_admin = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
|
|
||||||
parser.on "-k file", "--key-file file", "Read the authd shared key from a file." do |file|
|
|
||||||
authd_config.shared_key = File.read(file).chomp
|
|
||||||
Baguette::Log.info "Key for admin operations: #{authd_config.shared_key}."
|
|
||||||
end
|
|
||||||
}
|
|
||||||
|
|
||||||
# frequently used functions
|
# frequently used functions
|
||||||
opt_authd_login = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
|
opt_authd_login = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
|
||||||
parser.on "-l LOGIN", "--login LOGIN", "Authd user login." do |login|
|
parser.on "-l LOGIN", "--login LOGIN", "Authd user login." do |login|
|
||||||
@ -96,8 +89,6 @@ def parsing_cli(authd_config : Baguette::Configuration::Auth)
|
|||||||
# Admin section.
|
# Admin section.
|
||||||
parser.on "admin", "Admin operations." do
|
parser.on "admin", "Admin operations." do
|
||||||
parser.banner = "Admin operations (requires secret via -k)."
|
parser.banner = "Admin operations (requires secret via -k)."
|
||||||
# All admin operations require the shared key.
|
|
||||||
opt_authd_admin.call parser, authd_config
|
|
||||||
|
|
||||||
# Maintenance.
|
# Maintenance.
|
||||||
parser.on("maintenance", "Maintenance operation of the website.") do
|
parser.on("maintenance", "Maintenance operation of the website.") do
|
||||||
|
@ -6,16 +6,15 @@ class DNSManager::Request
|
|||||||
Verbosity # Change the verbosity of dnsmanagerd.
|
Verbosity # Change the verbosity of dnsmanagerd.
|
||||||
end
|
end
|
||||||
|
|
||||||
property key : String
|
|
||||||
property subject : Subject
|
property subject : Subject
|
||||||
property value : Int32?
|
property value : Int32?
|
||||||
|
|
||||||
def initialize(@key, @subject)
|
def initialize(@subject)
|
||||||
end
|
end
|
||||||
|
|
||||||
def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event) : IPC::JSON
|
def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event) : IPC::JSON
|
||||||
# This request means serious business.
|
# This request means serious business.
|
||||||
raise AdminAuthorizationException.new if key != dnsmanagerd.authd.key
|
# TODO: check for admin.
|
||||||
|
|
||||||
case @subject
|
case @subject
|
||||||
when Subject::Verbosity
|
when Subject::Verbosity
|
||||||
|
@ -6,15 +6,18 @@ class DNSManager::Request
|
|||||||
end
|
end
|
||||||
|
|
||||||
def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event)
|
def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event)
|
||||||
user, _ = dnsmanagerd.decode_token token
|
response = dnsmanagerd.decode_token token
|
||||||
dnsmanagerd.logged_users[event.fd] = user
|
case response
|
||||||
|
when AuthD::Response::User
|
||||||
return dnsmanagerd.storage.ensure_user_data user.uid
|
dnsmanagerd.logged_users[event.fd] = response.user
|
||||||
|
|
||||||
# In case we want to log their last connection.
|
# In case we want to log their last connection.
|
||||||
#dnsmanagerd.auth.edit_profile_content user.uid, {
|
#dnsmanagerd.auth.edit_profile_content user.uid, {
|
||||||
# "dnsmanager-last-connection" => JSON::Any.new Time.utc.to_s
|
# "dnsmanager-last-connection" => JSON::Any.new Time.utc.to_s
|
||||||
#}
|
#}
|
||||||
|
dnsmanagerd.storage.ensure_user_data response.user.uid
|
||||||
|
else
|
||||||
|
Response::ErrorInvalidToken.new
|
||||||
|
end
|
||||||
rescue e
|
rescue e
|
||||||
# FIXME: Should those be logged?
|
# FIXME: Should those be logged?
|
||||||
Response::Error.new "unauthorized"
|
Response::Error.new "unauthorized"
|
||||||
|
@ -6,4 +6,10 @@ class DNSManager::Response
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
DNSManager.responses << Error
|
DNSManager.responses << Error
|
||||||
|
|
||||||
|
IPC::JSON.message ErrorInvalidToken, 2 do
|
||||||
|
def initialize()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
DNSManager.responses << ErrorInvalidToken
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user