forked from lda/telodendria
Registration tokens now determine what privileges a user gets.
This commit is contained in:
parent
582df63a31
commit
ff4d265dcc
3 changed files with 44 additions and 6 deletions
12
TODO.txt
12
TODO.txt
|
@ -49,12 +49,9 @@ Milestone: v0.3.0
|
|||
[x] Replace current routing system
|
||||
[x] Add route for requestToken endpoints
|
||||
[x] Move TelodendriaBuildRouter() to Routes
|
||||
[~] User-Interactive fallback
|
||||
[ ] Password
|
||||
[ ] Registration token
|
||||
[ ] Token permissions
|
||||
|
||||
[ ] Move configuration to database
|
||||
[~] Move configuration to database
|
||||
[x] Token permissions
|
||||
[ ] Initial configuration
|
||||
[ ] If no config, create one-time use registration token that
|
||||
grants user admin privileges.
|
||||
|
@ -87,6 +84,9 @@ Milestone: v0.3.0
|
|||
flow
|
||||
- Ensure that registration tokens can be used even if
|
||||
registration is disabled.
|
||||
[~] User-Interactive fallback
|
||||
[ ] Password
|
||||
[ ] Registration token
|
||||
[~] 4: Account management
|
||||
[~] Deactivate
|
||||
[x] Make sure UserLogin() fails if user is deactivated.
|
||||
|
@ -99,6 +99,8 @@ Milestone: v0.3.0
|
|||
Milestone: v0.4.0
|
||||
-----------------
|
||||
|
||||
[ ] HTTP/1.1 support
|
||||
|
||||
[ ] Client-Server API
|
||||
[ ] 6: Filtering
|
||||
[ ] 7: Events
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
|
||||
#include <User.h>
|
||||
#include <Uia.h>
|
||||
#include <RegToken.h>
|
||||
|
||||
static Array *
|
||||
RouteRegisterRegFlow(void)
|
||||
|
@ -73,6 +74,9 @@ ROUTE_IMPL(RouteRegister, path, argp)
|
|||
Array *uiaFlows = NULL;
|
||||
int uiaResult;
|
||||
|
||||
char *session;
|
||||
DbRef *sessionRef;
|
||||
|
||||
if (ArraySize(path) == 0)
|
||||
{
|
||||
if (HttpRequestMethodGet(args->context) != HTTP_POST)
|
||||
|
@ -148,7 +152,6 @@ ROUTE_IMPL(RouteRegister, path, argp)
|
|||
goto finish;
|
||||
}
|
||||
|
||||
|
||||
val = HashMapGet(request, "password");
|
||||
if (!val)
|
||||
{
|
||||
|
@ -249,6 +252,32 @@ ROUTE_IMPL(RouteRegister, path, argp)
|
|||
Free(loginInfo);
|
||||
}
|
||||
|
||||
session = JsonValueAsString(JsonGet(request, 2, "auth", "session"));
|
||||
sessionRef = DbLock(db, 2, "user_interactive", session);
|
||||
if (sessionRef)
|
||||
{
|
||||
char *token = JsonValueAsString(HashMapGet(DbJson(sessionRef), "registration_token"));
|
||||
|
||||
/* Grant the privileges specified by the given token */
|
||||
if (token)
|
||||
{
|
||||
RegTokenInfo *info = RegTokenGetInfo(db, token);
|
||||
|
||||
if (info)
|
||||
{
|
||||
UserSetPrivileges(user, info->grants);
|
||||
RegTokenClose(info);
|
||||
RegTokenFree(info);
|
||||
}
|
||||
}
|
||||
DbUnlock(db, sessionRef);
|
||||
}
|
||||
else
|
||||
{
|
||||
Log(LOG_WARNING, "Unable to lock UIA session reference to check");
|
||||
Log(LOG_WARNING, "privileges for user registration.");
|
||||
}
|
||||
|
||||
Log(LOG_INFO, "Registered user '%s'", UserGetName(user));
|
||||
|
||||
UserUnlock(user);
|
||||
|
|
|
@ -415,6 +415,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
|
|||
RegTokenUse(tokenInfo);
|
||||
RegTokenClose(tokenInfo);
|
||||
RegTokenFree(tokenInfo);
|
||||
|
||||
/*
|
||||
* Drop the registration token into the session storage because
|
||||
* the registration endpoint will have to extract the proper
|
||||
* privileges to set on the user based on the token.
|
||||
*/
|
||||
JsonValueFree(HashMapSet(dbJson, "registration_token", JsonValueString(token)));
|
||||
}
|
||||
/* TODO: implement m.login.recaptcha, m.login.sso,
|
||||
* m.login.email.identity, m.login.msisdn here */
|
||||
|
|
Loading…
Reference in a new issue