Registration tokens now determine what privileges a user gets.

TODO.txt

@@ -49,12 +49,9 @@ Milestone: v0.3.0
     [x] Replace current routing system
     [x] Add route for requestToken endpoints
     [x] Move TelodendriaBuildRouter() to Routes
-[~] User-Interactive fallback
-    [ ] Password
-    [ ] Registration token
-[ ] Token permissions
 
-[ ] Move configuration to database
+[~] Move configuration to database
+    [x] Token permissions
     [ ] Initial configuration
         [ ] If no config, create one-time use registration token that
             grants user admin privileges.
@@ -87,6 +84,9 @@ Milestone: v0.3.0
             flow
             - Ensure that registration tokens can be used even if
               registration is disabled.
+        [~] User-Interactive fallback
+            [ ] Password
+            [ ] Registration token
     [~] 4: Account management
         [~] Deactivate
             [x] Make sure UserLogin() fails if user is deactivated.
@@ -99,6 +99,8 @@ Milestone: v0.3.0
 Milestone: v0.4.0
 -----------------
 
+[ ] HTTP/1.1 support
+
 [ ] Client-Server API
     [ ] 6: Filtering
     [ ] 7: Events

src/Routes/RouteRegister.c

@@ -32,6 +32,7 @@
 
 #include <User.h>
 #include <Uia.h>
+#include <RegToken.h>
 
 static Array *
 RouteRegisterRegFlow(void)
@@ -73,6 +74,9 @@ ROUTE_IMPL(RouteRegister, path, argp)
     Array *uiaFlows = NULL;
     int uiaResult;
 
+    char *session;
+    DbRef *sessionRef;
+
     if (ArraySize(path) == 0)
     {
         if (HttpRequestMethodGet(args->context) != HTTP_POST)
@@ -148,7 +152,6 @@ ROUTE_IMPL(RouteRegister, path, argp)
             goto finish;
         }
 
-
         val = HashMapGet(request, "password");
         if (!val)
         {
@@ -249,6 +252,32 @@ ROUTE_IMPL(RouteRegister, path, argp)
             Free(loginInfo);
         }
 
+        session = JsonValueAsString(JsonGet(request, 2, "auth", "session"));
+        sessionRef = DbLock(db, 2, "user_interactive", session);
+        if (sessionRef)
+        {
+            char *token = JsonValueAsString(HashMapGet(DbJson(sessionRef), "registration_token"));
+
+            /* Grant the privileges specified by the given token */
+            if (token)
+            {
+                RegTokenInfo *info = RegTokenGetInfo(db, token);
+
+                if (info)
+                {
+                    UserSetPrivileges(user, info->grants);
+                    RegTokenClose(info);
+                    RegTokenFree(info);
+                }
+            }
+            DbUnlock(db, sessionRef);
+        }
+        else
+        {
+            Log(LOG_WARNING, "Unable to lock UIA session reference to check");
+            Log(LOG_WARNING, "privileges for user registration.");
+        }
+
         Log(LOG_INFO, "Registered user '%s'", UserGetName(user));
 
         UserUnlock(user);

src/Uia.c

@@ -415,6 +415,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
         RegTokenUse(tokenInfo);
         RegTokenClose(tokenInfo);
         RegTokenFree(tokenInfo);
+
+        /*
+         * Drop the registration token into the session storage because
+         * the registration endpoint will have to extract the proper
+         * privileges to set on the user based on the token.
+         */
+        JsonValueFree(HashMapSet(dbJson, "registration_token", JsonValueString(token)));
     }
     /* TODO: implement m.login.recaptcha, m.login.sso,
      * m.login.email.identity, m.login.msisdn here */