Process update to an account: * Authentication update, i.e. login/password change * Credentials update
(s *Session, msg *ClientComMessage, rec *auth.Rec)
| 224 | // * Authentication update, i.e. login/password change |
| 225 | // * Credentials update |
| 226 | func replyUpdateUser(s *Session, msg *ClientComMessage, rec *auth.Rec) { |
| 227 | if s.uid.IsZero() && rec == nil { |
| 228 | // Session is not authenticated and no temporary auth is provided. |
| 229 | logs.Warn.Println("replyUpdateUser: not a new account and not authenticated", s.sid) |
| 230 | s.queueOut(ErrPermissionDenied(msg.Id, "", msg.Timestamp)) |
| 231 | return |
| 232 | } else if msg.AsUser != "" && rec != nil { |
| 233 | // Two UIDs: one from msg.from, one from temporary auth. Ambigous, reject. |
| 234 | logs.Warn.Println("replyUpdateUser: got both authenticated session and token", s.sid) |
| 235 | s.queueOut(ErrMalformed(msg.Id, "", msg.Timestamp)) |
| 236 | return |
| 237 | } |
| 238 | |
| 239 | userId := msg.AsUser |
| 240 | authLvl := auth.Level(msg.AuthLvl) |
| 241 | if rec != nil { |
| 242 | userId = rec.Uid.UserId() |
| 243 | authLvl = rec.AuthLevel |
| 244 | } |
| 245 | |
| 246 | if msg.Acc.User != "" && msg.Acc.User != userId { |
| 247 | if s.authLvl != auth.LevelRoot { |
| 248 | logs.Warn.Println("replyUpdateUser: attempt to change another's account by non-root", s.sid) |
| 249 | s.queueOut(ErrPermissionDenied(msg.Id, "", msg.Timestamp)) |
| 250 | return |
| 251 | } |
| 252 | // Root is editing someone else's account. |
| 253 | userId = msg.Acc.User |
| 254 | authLvl = auth.ParseAuthLevel(msg.Acc.AuthLevel) |
| 255 | } |
| 256 | |
| 257 | uid := types.ParseUserId(userId) |
| 258 | if uid.IsZero() { |
| 259 | // msg.Acc.User contains invalid data. |
| 260 | s.queueOut(ErrMalformed(msg.Id, "", msg.Timestamp)) |
| 261 | logs.Warn.Println("replyUpdateUser: user id is invalid or missing", s.sid) |
| 262 | return |
| 263 | } |
| 264 | |
| 265 | // Only root can suspend accounts, including own account. |
| 266 | if msg.Acc.State != "" && s.authLvl != auth.LevelRoot { |
| 267 | s.queueOut(ErrPermissionDenied(msg.Id, "", msg.Timestamp)) |
| 268 | logs.Warn.Println("replyUpdateUser: attempt to change account state by non-root", s.sid) |
| 269 | return |
| 270 | } |
| 271 | |
| 272 | user, err := store.Users.Get(uid) |
| 273 | if user == nil && err == nil { |
| 274 | err = types.ErrNotFound |
| 275 | } |
| 276 | if err != nil { |
| 277 | logs.Warn.Println("replyUpdateUser: failed to fetch user from DB", err, s.sid) |
| 278 | s.queueOut(decodeStoreError(err, msg.Id, msg.Timestamp, nil)) |
| 279 | return |
| 280 | } |
| 281 | |
| 282 | var params map[string]any |
| 283 | if msg.Acc.Scheme != "" { |
no test coverage detected
searching dependent graphs…