New authd API + InvalidToken error.

This commit is contained in:
Philippe Pittoli 2023-06-15 14:11:13 +02:00
parent 776ee3ffe4
commit 7975be6bd4
7 changed files with 40 additions and 42 deletions

View File

@ -1,13 +1,16 @@
def authd_get_token(key_file : String? = nil, login : String? = nil, pass : String? = nil) def authd_get_token(login : String? = nil, pass : String? = nil)
authd = AuthD::Client.new authd = AuthD::Client.new
key_file.try do |file| # FIXME: fail if missing?
authd.key = File.read(file).chomp response = authd.login? login, pass
case response
when Response::Login
authd.close
uid = response.uid
token = response.token
Baguette::Log.info "Authenticated as #{login} #{uid}, token: #{token}"
return token
end end
token = authd.get_token? login, pass
raise "cannot get a token" if token.nil?
authd.close authd.close
raise "Cannot authenticate to authd with login #{login}: #{response}."
token
end end

View File

@ -85,8 +85,8 @@ class DNSManager::Client < IPC
# Admin stuff. # Admin stuff.
# #
def admin_maintenance(key : String, subject : Request::Maintenance::Subject, value : Int32? = nil) def admin_maintenance(subject : Request::Maintenance::Subject, value : Int32? = nil)
request = Request::Maintenance.new(key,subject) request = Request::Maintenance.new(subject)
if value if value
request.value = value request.value = value
end end

View File

@ -25,12 +25,11 @@ end
class Actions class Actions
property the_call = {} of String => Proc(Nil) property the_call = {} of String => Proc(Nil)
property dnsmanagerd : DNSManager::Client property dnsmanagerd : DNSManager::Client
#property authd : AuthD::Client property authd : AuthD::Client
#property authd_config : Baguette::Configuration::Auth #property authd_config : Baguette::Configuration::Auth
property authd_key : String? = nil
property config : Baguette::Configuration::DNSManager property config : Baguette::Configuration::DNSManager
def initialize(@dnsmanagerd, @config, @authd_key = nil) def initialize(@dnsmanagerd, @config)
# #
# Admin section. # Admin section.
# #
@ -49,6 +48,8 @@ class Actions
@the_call["user-rr-del"] = ->user_rr_del @the_call["user-rr-del"] = ->user_rr_del
@the_call["user-domain-list"] = ->user_domain_list @the_call["user-domain-list"] = ->user_domain_list
@authd = AuthD::Client.new
end end
def admin_maintenance def admin_maintenance
@ -66,11 +67,11 @@ class Actions
if past_is_verbosity if past_is_verbosity
sub = DNSManager::Request::Maintenance::Subject::Verbosity sub = DNSManager::Request::Maintenance::Subject::Verbosity
value = subject.to_i value = subject.to_i
@dnsmanagerd.admin_maintenance authd_key.not_nil!, sub, value @dnsmanagerd.admin_maintenance sub, value
else else
sub = DNSManager::Request::Maintenance::Subject.parse(subject) sub = DNSManager::Request::Maintenance::Subject.parse(subject)
pp! sub pp! sub
pp! @dnsmanagerd.admin_maintenance authd_key.not_nil!, sub pp! @dnsmanagerd.admin_maintenance sub
end end
rescue e rescue e
puts "error for admin_maintenance #{subject}: #{e.message}" puts "error for admin_maintenance #{subject}: #{e.message}"
@ -175,9 +176,6 @@ def main
# Configuration file is for dnsmanagerd. # Configuration file is for dnsmanagerd.
Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new
end end
if key_file = authd_config.shared_key_file
authd_config.shared_key = File.read(key_file).chomp
end
# Authd configuration. # Authd configuration.
config = if no_configuration config = if no_configuration
@ -216,8 +214,7 @@ def main
Baguette::Log.info "logged." Baguette::Log.info "logged."
end end
#authd = AuthD::Client.new actions = Actions.new dnsmanagerd, config
actions = Actions.new dnsmanagerd, config, authd_config.shared_key
# Now we did read the intent, we should proceed doing what was asked. # Now we did read the intent, we should proceed doing what was asked.
begin begin
@ -228,7 +225,6 @@ def main
# dnsmanagerd disconnection # dnsmanagerd disconnection
dnsmanagerd.close dnsmanagerd.close
#authd.close
rescue e rescue e
Baguette::Log.info "Exception: #{e}" Baguette::Log.info "Exception: #{e}"
end end

View File

@ -14,13 +14,6 @@ end
def parsing_cli(authd_config : Baguette::Configuration::Auth) def parsing_cli(authd_config : Baguette::Configuration::Auth)
opt_authd_admin = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
parser.on "-k file", "--key-file file", "Read the authd shared key from a file." do |file|
authd_config.shared_key = File.read(file).chomp
Baguette::Log.info "Key for admin operations: #{authd_config.shared_key}."
end
}
# frequently used functions # frequently used functions
opt_authd_login = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) { opt_authd_login = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
parser.on "-l LOGIN", "--login LOGIN", "Authd user login." do |login| parser.on "-l LOGIN", "--login LOGIN", "Authd user login." do |login|
@ -96,8 +89,6 @@ def parsing_cli(authd_config : Baguette::Configuration::Auth)
# Admin section. # Admin section.
parser.on "admin", "Admin operations." do parser.on "admin", "Admin operations." do
parser.banner = "Admin operations (requires secret via -k)." parser.banner = "Admin operations (requires secret via -k)."
# All admin operations require the shared key.
opt_authd_admin.call parser, authd_config
# Maintenance. # Maintenance.
parser.on("maintenance", "Maintenance operation of the website.") do parser.on("maintenance", "Maintenance operation of the website.") do

View File

@ -6,16 +6,15 @@ class DNSManager::Request
Verbosity # Change the verbosity of dnsmanagerd. Verbosity # Change the verbosity of dnsmanagerd.
end end
property key : String
property subject : Subject property subject : Subject
property value : Int32? property value : Int32?
def initialize(@key, @subject) def initialize(@subject)
end end
def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event) : IPC::JSON def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event) : IPC::JSON
# This request means serious business. # This request means serious business.
raise AdminAuthorizationException.new if key != dnsmanagerd.authd.key # TODO: check for admin.
case @subject case @subject
when Subject::Verbosity when Subject::Verbosity

View File

@ -6,15 +6,18 @@ class DNSManager::Request
end end
def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event) def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event)
user, _ = dnsmanagerd.decode_token token response = dnsmanagerd.decode_token token
dnsmanagerd.logged_users[event.fd] = user case response
when AuthD::Response::User
return dnsmanagerd.storage.ensure_user_data user.uid dnsmanagerd.logged_users[event.fd] = response.user
# In case we want to log their last connection.
# In case we want to log their last connection. #dnsmanagerd.auth.edit_profile_content user.uid, {
#dnsmanagerd.auth.edit_profile_content user.uid, { # "dnsmanager-last-connection" => JSON::Any.new Time.utc.to_s
# "dnsmanager-last-connection" => JSON::Any.new Time.utc.to_s #}
#} dnsmanagerd.storage.ensure_user_data response.user.uid
else
Response::ErrorInvalidToken.new
end
rescue e rescue e
# FIXME: Should those be logged? # FIXME: Should those be logged?
Response::Error.new "unauthorized" Response::Error.new "unauthorized"

View File

@ -6,4 +6,10 @@ class DNSManager::Response
end end
end end
DNSManager.responses << Error DNSManager.responses << Error
IPC::JSON.message ErrorInvalidToken, 2 do
def initialize()
end
end
DNSManager.responses << ErrorInvalidToken
end end