Registration tokens now determine what privileges a user gets.

This commit is contained in:
Jordan Bancino 2023-04-16 18:32:22 +00:00
parent 582df63a31
commit ff4d265dcc
3 changed files with 44 additions and 6 deletions

View file

@ -49,12 +49,9 @@ Milestone: v0.3.0
[x] Replace current routing system
[x] Add route for requestToken endpoints
[x] Move TelodendriaBuildRouter() to Routes
[~] User-Interactive fallback
[ ] Password
[ ] Registration token
[ ] Token permissions
[ ] Move configuration to database
[~] Move configuration to database
[x] Token permissions
[ ] Initial configuration
[ ] If no config, create one-time use registration token that
grants user admin privileges.
@ -87,6 +84,9 @@ Milestone: v0.3.0
flow
- Ensure that registration tokens can be used even if
registration is disabled.
[~] User-Interactive fallback
[ ] Password
[ ] Registration token
[~] 4: Account management
[~] Deactivate
[x] Make sure UserLogin() fails if user is deactivated.
@ -99,6 +99,8 @@ Milestone: v0.3.0
Milestone: v0.4.0
-----------------
[ ] HTTP/1.1 support
[ ] Client-Server API
[ ] 6: Filtering
[ ] 7: Events

View file

@ -32,6 +32,7 @@
#include <User.h>
#include <Uia.h>
#include <RegToken.h>
static Array *
RouteRegisterRegFlow(void)
@ -73,6 +74,9 @@ ROUTE_IMPL(RouteRegister, path, argp)
Array *uiaFlows = NULL;
int uiaResult;
char *session;
DbRef *sessionRef;
if (ArraySize(path) == 0)
{
if (HttpRequestMethodGet(args->context) != HTTP_POST)
@ -148,7 +152,6 @@ ROUTE_IMPL(RouteRegister, path, argp)
goto finish;
}
val = HashMapGet(request, "password");
if (!val)
{
@ -249,6 +252,32 @@ ROUTE_IMPL(RouteRegister, path, argp)
Free(loginInfo);
}
session = JsonValueAsString(JsonGet(request, 2, "auth", "session"));
sessionRef = DbLock(db, 2, "user_interactive", session);
if (sessionRef)
{
char *token = JsonValueAsString(HashMapGet(DbJson(sessionRef), "registration_token"));
/* Grant the privileges specified by the given token */
if (token)
{
RegTokenInfo *info = RegTokenGetInfo(db, token);
if (info)
{
UserSetPrivileges(user, info->grants);
RegTokenClose(info);
RegTokenFree(info);
}
}
DbUnlock(db, sessionRef);
}
else
{
Log(LOG_WARNING, "Unable to lock UIA session reference to check");
Log(LOG_WARNING, "privileges for user registration.");
}
Log(LOG_INFO, "Registered user '%s'", UserGetName(user));
UserUnlock(user);

View file

@ -415,6 +415,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
RegTokenUse(tokenInfo);
RegTokenClose(tokenInfo);
RegTokenFree(tokenInfo);
/*
* Drop the registration token into the session storage because
* the registration endpoint will have to extract the proper
* privileges to set on the user based on the token.
*/
JsonValueFree(HashMapSet(dbJson, "registration_token", JsonValueString(token)));
}
/* TODO: implement m.login.recaptcha, m.login.sso,
* m.login.email.identity, m.login.msisdn here */