Registration tokens now determine what privileges a user gets.

2023-04-16 18:32:22 +00:00 · 2023-04-16 18:32:22 +00:00 · ff4d265dcc
commit ff4d265dcc
parent 582df63a31
3 changed files with 44 additions and 6 deletions
--- a/TODO.txt
+++ b/TODO.txt
@ -49,12 +49,9 @@ Milestone: v0.3.0
    [x] Replace current routing system
    [x] Add route for requestToken endpoints
    [x] Move TelodendriaBuildRouter() to Routes
-[~] User-Interactive fallback
-    [ ] Password
-    [ ] Registration token
-[ ] Token permissions

-[ ] Move configuration to database
+[~] Move configuration to database
+    [x] Token permissions
    [ ] Initial configuration
        [ ] If no config, create one-time use registration token that
            grants user admin privileges.
@ -87,6 +84,9 @@ Milestone: v0.3.0
            flow
            - Ensure that registration tokens can be used even if
              registration is disabled.
+        [~] User-Interactive fallback
+            [ ] Password
+            [ ] Registration token
    [~] 4: Account management
        [~] Deactivate
            [x] Make sure UserLogin() fails if user is deactivated.
@ -99,6 +99,8 @@ Milestone: v0.3.0
 Milestone: v0.4.0
 -----------------

+[ ] HTTP/1.1 support
+
 [ ] Client-Server API
    [ ] 6: Filtering
    [ ] 7: Events
--- a/src/Routes/RouteRegister.c
+++ b/src/Routes/RouteRegister.c
@ -32,6 +32,7 @@

 #include <User.h>
 #include <Uia.h>
+#include <RegToken.h>

 static Array *
 RouteRegisterRegFlow(void)
@ -73,6 +74,9 @@ ROUTE_IMPL(RouteRegister, path, argp)
    Array *uiaFlows = NULL;
    int uiaResult;

+    char *session;
+    DbRef *sessionRef;
+
    if (ArraySize(path) == 0)
    {
        if (HttpRequestMethodGet(args->context) != HTTP_POST)
@ -148,7 +152,6 @@ ROUTE_IMPL(RouteRegister, path, argp)
            goto finish;
        }

-
        val = HashMapGet(request, "password");
        if (!val)
        {
@ -249,6 +252,32 @@ ROUTE_IMPL(RouteRegister, path, argp)
            Free(loginInfo);
        }

+        session = JsonValueAsString(JsonGet(request, 2, "auth", "session"));
+        sessionRef = DbLock(db, 2, "user_interactive", session);
+        if (sessionRef)
+        {
+            char *token = JsonValueAsString(HashMapGet(DbJson(sessionRef), "registration_token"));
+
+            /* Grant the privileges specified by the given token */
+            if (token)
+            {
+                RegTokenInfo *info = RegTokenGetInfo(db, token);
+
+                if (info)
+                {
+                    UserSetPrivileges(user, info->grants);
+                    RegTokenClose(info);
+                    RegTokenFree(info);
+                }
+            }
+            DbUnlock(db, sessionRef);
+        }
+        else
+        {
+            Log(LOG_WARNING, "Unable to lock UIA session reference to check");
+            Log(LOG_WARNING, "privileges for user registration.");
+        }
+
        Log(LOG_INFO, "Registered user '%s'", UserGetName(user));

        UserUnlock(user);
--- a/src/Uia.c
+++ b/src/Uia.c
@ -415,6 +415,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
        RegTokenUse(tokenInfo);
        RegTokenClose(tokenInfo);
        RegTokenFree(tokenInfo);
+
+        /*
+         * Drop the registration token into the session storage because
+         * the registration endpoint will have to extract the proper
+         * privileges to set on the user based on the token.
+         */
+        JsonValueFree(HashMapSet(dbJson, "registration_token", JsonValueString(token)));
    }
    /* TODO: implement m.login.recaptcha, m.login.sso,
     * m.login.email.identity, m.login.msisdn here */