forked from lda/telodendria
Registration tokens now determine what privileges a user gets.
This commit is contained in:
parent
582df63a31
commit
ff4d265dcc
3 changed files with 44 additions and 6 deletions
12
TODO.txt
12
TODO.txt
|
@ -49,12 +49,9 @@ Milestone: v0.3.0
|
||||||
[x] Replace current routing system
|
[x] Replace current routing system
|
||||||
[x] Add route for requestToken endpoints
|
[x] Add route for requestToken endpoints
|
||||||
[x] Move TelodendriaBuildRouter() to Routes
|
[x] Move TelodendriaBuildRouter() to Routes
|
||||||
[~] User-Interactive fallback
|
|
||||||
[ ] Password
|
|
||||||
[ ] Registration token
|
|
||||||
[ ] Token permissions
|
|
||||||
|
|
||||||
[ ] Move configuration to database
|
[~] Move configuration to database
|
||||||
|
[x] Token permissions
|
||||||
[ ] Initial configuration
|
[ ] Initial configuration
|
||||||
[ ] If no config, create one-time use registration token that
|
[ ] If no config, create one-time use registration token that
|
||||||
grants user admin privileges.
|
grants user admin privileges.
|
||||||
|
@ -87,6 +84,9 @@ Milestone: v0.3.0
|
||||||
flow
|
flow
|
||||||
- Ensure that registration tokens can be used even if
|
- Ensure that registration tokens can be used even if
|
||||||
registration is disabled.
|
registration is disabled.
|
||||||
|
[~] User-Interactive fallback
|
||||||
|
[ ] Password
|
||||||
|
[ ] Registration token
|
||||||
[~] 4: Account management
|
[~] 4: Account management
|
||||||
[~] Deactivate
|
[~] Deactivate
|
||||||
[x] Make sure UserLogin() fails if user is deactivated.
|
[x] Make sure UserLogin() fails if user is deactivated.
|
||||||
|
@ -99,6 +99,8 @@ Milestone: v0.3.0
|
||||||
Milestone: v0.4.0
|
Milestone: v0.4.0
|
||||||
-----------------
|
-----------------
|
||||||
|
|
||||||
|
[ ] HTTP/1.1 support
|
||||||
|
|
||||||
[ ] Client-Server API
|
[ ] Client-Server API
|
||||||
[ ] 6: Filtering
|
[ ] 6: Filtering
|
||||||
[ ] 7: Events
|
[ ] 7: Events
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
|
|
||||||
#include <User.h>
|
#include <User.h>
|
||||||
#include <Uia.h>
|
#include <Uia.h>
|
||||||
|
#include <RegToken.h>
|
||||||
|
|
||||||
static Array *
|
static Array *
|
||||||
RouteRegisterRegFlow(void)
|
RouteRegisterRegFlow(void)
|
||||||
|
@ -73,6 +74,9 @@ ROUTE_IMPL(RouteRegister, path, argp)
|
||||||
Array *uiaFlows = NULL;
|
Array *uiaFlows = NULL;
|
||||||
int uiaResult;
|
int uiaResult;
|
||||||
|
|
||||||
|
char *session;
|
||||||
|
DbRef *sessionRef;
|
||||||
|
|
||||||
if (ArraySize(path) == 0)
|
if (ArraySize(path) == 0)
|
||||||
{
|
{
|
||||||
if (HttpRequestMethodGet(args->context) != HTTP_POST)
|
if (HttpRequestMethodGet(args->context) != HTTP_POST)
|
||||||
|
@ -148,7 +152,6 @@ ROUTE_IMPL(RouteRegister, path, argp)
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
val = HashMapGet(request, "password");
|
val = HashMapGet(request, "password");
|
||||||
if (!val)
|
if (!val)
|
||||||
{
|
{
|
||||||
|
@ -249,6 +252,32 @@ ROUTE_IMPL(RouteRegister, path, argp)
|
||||||
Free(loginInfo);
|
Free(loginInfo);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
session = JsonValueAsString(JsonGet(request, 2, "auth", "session"));
|
||||||
|
sessionRef = DbLock(db, 2, "user_interactive", session);
|
||||||
|
if (sessionRef)
|
||||||
|
{
|
||||||
|
char *token = JsonValueAsString(HashMapGet(DbJson(sessionRef), "registration_token"));
|
||||||
|
|
||||||
|
/* Grant the privileges specified by the given token */
|
||||||
|
if (token)
|
||||||
|
{
|
||||||
|
RegTokenInfo *info = RegTokenGetInfo(db, token);
|
||||||
|
|
||||||
|
if (info)
|
||||||
|
{
|
||||||
|
UserSetPrivileges(user, info->grants);
|
||||||
|
RegTokenClose(info);
|
||||||
|
RegTokenFree(info);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
DbUnlock(db, sessionRef);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Log(LOG_WARNING, "Unable to lock UIA session reference to check");
|
||||||
|
Log(LOG_WARNING, "privileges for user registration.");
|
||||||
|
}
|
||||||
|
|
||||||
Log(LOG_INFO, "Registered user '%s'", UserGetName(user));
|
Log(LOG_INFO, "Registered user '%s'", UserGetName(user));
|
||||||
|
|
||||||
UserUnlock(user);
|
UserUnlock(user);
|
||||||
|
|
|
@ -415,6 +415,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
|
||||||
RegTokenUse(tokenInfo);
|
RegTokenUse(tokenInfo);
|
||||||
RegTokenClose(tokenInfo);
|
RegTokenClose(tokenInfo);
|
||||||
RegTokenFree(tokenInfo);
|
RegTokenFree(tokenInfo);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Drop the registration token into the session storage because
|
||||||
|
* the registration endpoint will have to extract the proper
|
||||||
|
* privileges to set on the user based on the token.
|
||||||
|
*/
|
||||||
|
JsonValueFree(HashMapSet(dbJson, "registration_token", JsonValueString(token)));
|
||||||
}
|
}
|
||||||
/* TODO: implement m.login.recaptcha, m.login.sso,
|
/* TODO: implement m.login.recaptcha, m.login.sso,
|
||||||
* m.login.email.identity, m.login.msisdn here */
|
* m.login.email.identity, m.login.msisdn here */
|
||||||
|
|
Loading…
Reference in a new issue