MCPcopy
hub / github.com/tinode/chat / authSecretReset

Method authSecretReset

server/session.go:997–1050  ·  view source on GitHub ↗

authSecretReset resets an authentication secret; params: "auth-method-to-reset:credential-method:credential-value", for example: "basic:email:alice@example.com".

(params []byte)

Source from the content-addressed store, hash-verified

995// params: "auth-method-to-reset:credential-method:credential-value",
996// for example: "basic:email:alice@example.com".
997func (s *Session) authSecretReset(params []byte) error {
998 var authScheme, credMethod, credValue string
999 if parts := strings.Split(string(params), ":"); len(parts) >= 3 {
1000 authScheme, credMethod, credValue = parts[0], parts[1], parts[2]
1001 } else {
1002 return types.ErrMalformed
1003 }
1004
1005 // Technically we don't need to check it here, but we are going to mail the 'authScheme' string to the user.
1006 // We have to make sure it does not contain any exploits. This is the simplest check.
1007 auther := store.Store.GetLogicalAuthHandler(authScheme)
1008 if auther == nil {
1009 return types.ErrUnsupported
1010 }
1011 validator := store.Store.GetValidator(credMethod)
1012 if validator == nil {
1013 return types.ErrUnsupported
1014 }
1015 uid, err := store.Users.GetByCred(credMethod, credValue)
1016 if err != nil {
1017 return err
1018 }
1019 if uid.IsZero() {
1020 // Prevent discovery of existing contacts: report "no error" if contact is not found.
1021 return nil
1022 }
1023
1024 resetParams, err := auther.GetResetParams(uid)
1025 if err != nil {
1026 return err
1027 }
1028 tempScheme, err := validator.TempAuthScheme()
1029 if err != nil {
1030 return err
1031 }
1032
1033 tempAuth := store.Store.GetLogicalAuthHandler(tempScheme)
1034 if tempAuth == nil || !tempAuth.IsInitialized() {
1035 logs.Err.Println("s.authSecretReset: validator with missing temp auth", credMethod, tempScheme, s.sid)
1036 return types.ErrInternal
1037 }
1038
1039 code, _, err := tempAuth.GenSecret(&auth.Rec{
1040 Uid: uid,
1041 AuthLevel: auth.LevelAuth,
1042 Features: auth.FeatureNoLogin,
1043 Credential: credMethod + ":" + credValue,
1044 })
1045 if err != nil {
1046 return err
1047 }
1048
1049 return validator.ResetSecret(credValue, authScheme, s.lang, code, resetParams)
1050}
1051
1052// onLogin performs steps after successful authentication.
1053func (s *Session) onLogin(msgID string, timestamp time.Time, rec *auth.Rec, missing []string) *ServerComMessage {

Callers 1

loginMethod · 0.95

Calls 10

PrintlnMethod · 0.80
GetLogicalAuthHandlerMethod · 0.65
GetValidatorMethod · 0.65
GetByCredMethod · 0.65
GetResetParamsMethod · 0.65
TempAuthSchemeMethod · 0.65
IsInitializedMethod · 0.65
GenSecretMethod · 0.65
ResetSecretMethod · 0.65
IsZeroMethod · 0.45

Tested by

no test coverage detected