MCPcopy
hub / github.com/tinode/chat / replyCreateUser

Function replyCreateUser

server/user.go:26–221  ·  view source on GitHub ↗

Process request for a new account.

(s *Session, msg *ClientComMessage, rec *auth.Rec)

Source from the content-addressed store, hash-verified

24
25// Process request for a new account.
26func replyCreateUser(s *Session, msg *ClientComMessage, rec *auth.Rec) {
27 // The session cannot authenticate with the new account because it's already authenticated.
28 if msg.Acc.Login && (!s.uid.IsZero() || rec != nil) {
29 s.queueOut(ErrAlreadyAuthenticated(msg.Id, "", msg.Timestamp))
30 logs.Warn.Println("create user: login requested while authenticated, sid=", s.sid)
31 return
32 }
33
34 // Find authenticator for the requested scheme.
35 authhdl := store.Store.GetLogicalAuthHandler(msg.Acc.Scheme)
36 if authhdl == nil {
37 // New accounts must have an authentication scheme
38 s.queueOut(ErrMalformed(msg.Id, "", msg.Timestamp))
39 logs.Warn.Println("create user: unknown auth handler, sid=", s.sid)
40 return
41 }
42
43 // Check if login is unique and compliance with the policy (not too long or too short).
44 if ok, err := authhdl.IsUnique(msg.Acc.Secret, s.remoteAddr); !ok {
45 logs.Warn.Println("create user: auth secret is not compliant", err, "sid=", s.sid)
46 s.queueOut(decodeStoreError(err, msg.Id, msg.Timestamp,
47 map[string]any{"what": "auth"}))
48 return
49 }
50
51 var user types.User
52 var private any
53
54 // If account state is being assigned, make sure the sender is a root user.
55 if msg.Acc.State != "" {
56 if auth.Level(msg.AuthLvl) != auth.LevelRoot {
57 logs.Warn.Println("create user: attempt to set account state by non-root, sid=", s.sid)
58 msg := ErrPermissionDenied(msg.Id, "", msg.Timestamp)
59 msg.Ctrl.Params = map[string]any{"what": "state"}
60 s.queueOut(msg)
61 return
62 }
63
64 state, err := types.NewObjState(msg.Acc.State)
65 if err != nil || state == types.StateUndefined || state == types.StateDeleted {
66 logs.Warn.Println("create user: invalid account state", err, "sid=", s.sid)
67 s.queueOut(ErrMalformed(msg.Id, "", msg.Timestamp))
68 return
69 }
70 user.State = state
71 }
72
73 // Ensure tags are unique and not restricted.
74 if tags := normalizeTags(msg.Acc.Tags, globals.maxTagCount); tags != nil {
75 if !restrictedTagsEqual(tags, nil, globals.immutableTagNS) {
76 logs.Warn.Println("create user: attempt to directly assign restricted tags, sid=", s.sid)
77 msg := ErrPermissionDenied(msg.Id, "", msg.Timestamp)
78 msg.Ctrl.Params = map[string]any{"what": "tags"}
79 s.queueOut(msg)
80 return
81 }
82 user.Tags = tags
83 }

Callers 1

accMethod · 0.85

Calls 15

LevelTypeAlias · 0.92
NewObjStateFunction · 0.92
DurationTypeAlias · 0.92
ErrAlreadyAuthenticatedFunction · 0.85
ErrMalformedFunction · 0.85
decodeStoreErrorFunction · 0.85
ErrPermissionDeniedFunction · 0.85
normalizeTagsFunction · 0.85
restrictedTagsEqualFunction · 0.85
normalizeCredentialsFunction · 0.85
getDefaultAccessFunction · 0.85
isNullValueFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…