From ff4d265dcc19e9ba74a43d2f96fbded9b7b07887 Mon Sep 17 00:00:00 2001 From: Jordan Bancino Date: Sun, 16 Apr 2023 18:32:22 +0000 Subject: [PATCH] Registration tokens now determine what privileges a user gets. --- TODO.txt | 12 +++++++----- src/Routes/RouteRegister.c | 31 ++++++++++++++++++++++++++++++- src/Uia.c | 7 +++++++ 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/TODO.txt b/TODO.txt index ab9806b..5810355 100644 --- a/TODO.txt +++ b/TODO.txt @@ -49,12 +49,9 @@ Milestone: v0.3.0 [x] Replace current routing system [x] Add route for requestToken endpoints [x] Move TelodendriaBuildRouter() to Routes -[~] User-Interactive fallback - [ ] Password - [ ] Registration token -[ ] Token permissions -[ ] Move configuration to database +[~] Move configuration to database + [x] Token permissions [ ] Initial configuration [ ] If no config, create one-time use registration token that grants user admin privileges. @@ -87,6 +84,9 @@ Milestone: v0.3.0 flow - Ensure that registration tokens can be used even if registration is disabled. + [~] User-Interactive fallback + [ ] Password + [ ] Registration token [~] 4: Account management [~] Deactivate [x] Make sure UserLogin() fails if user is deactivated. @@ -99,6 +99,8 @@ Milestone: v0.3.0 Milestone: v0.4.0 ----------------- +[ ] HTTP/1.1 support + [ ] Client-Server API [ ] 6: Filtering [ ] 7: Events diff --git a/src/Routes/RouteRegister.c b/src/Routes/RouteRegister.c index f99704f..e93ac44 100644 --- a/src/Routes/RouteRegister.c +++ b/src/Routes/RouteRegister.c @@ -32,6 +32,7 @@ #include #include +#include static Array * RouteRegisterRegFlow(void) @@ -73,6 +74,9 @@ ROUTE_IMPL(RouteRegister, path, argp) Array *uiaFlows = NULL; int uiaResult; + char *session; + DbRef *sessionRef; + if (ArraySize(path) == 0) { if (HttpRequestMethodGet(args->context) != HTTP_POST) @@ -148,7 +152,6 @@ ROUTE_IMPL(RouteRegister, path, argp) goto finish; } - val = HashMapGet(request, "password"); if (!val) { @@ -249,6 +252,32 @@ ROUTE_IMPL(RouteRegister, path, argp) Free(loginInfo); } + session = JsonValueAsString(JsonGet(request, 2, "auth", "session")); + sessionRef = DbLock(db, 2, "user_interactive", session); + if (sessionRef) + { + char *token = JsonValueAsString(HashMapGet(DbJson(sessionRef), "registration_token")); + + /* Grant the privileges specified by the given token */ + if (token) + { + RegTokenInfo *info = RegTokenGetInfo(db, token); + + if (info) + { + UserSetPrivileges(user, info->grants); + RegTokenClose(info); + RegTokenFree(info); + } + } + DbUnlock(db, sessionRef); + } + else + { + Log(LOG_WARNING, "Unable to lock UIA session reference to check"); + Log(LOG_WARNING, "privileges for user registration."); + } + Log(LOG_INFO, "Registered user '%s'", UserGetName(user)); UserUnlock(user); diff --git a/src/Uia.c b/src/Uia.c index 50e004a..9d4221e 100644 --- a/src/Uia.c +++ b/src/Uia.c @@ -415,6 +415,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db, RegTokenUse(tokenInfo); RegTokenClose(tokenInfo); RegTokenFree(tokenInfo); + + /* + * Drop the registration token into the session storage because + * the registration endpoint will have to extract the proper + * privileges to set on the user based on the token. + */ + JsonValueFree(HashMapSet(dbJson, "registration_token", JsonValueString(token))); } /* TODO: implement m.login.recaptcha, m.login.sso, * m.login.email.identity, m.login.msisdn here */