authSecretReset resets an authentication secret; params: "auth-method-to-reset:credential-method:credential-value", for example: "basic:email:alice@example.com".
(params []byte)
| 995 | // params: "auth-method-to-reset:credential-method:credential-value", |
| 996 | // for example: "basic:email:alice@example.com". |
| 997 | func (s *Session) authSecretReset(params []byte) error { |
| 998 | var authScheme, credMethod, credValue string |
| 999 | if parts := strings.Split(string(params), ":"); len(parts) >= 3 { |
| 1000 | authScheme, credMethod, credValue = parts[0], parts[1], parts[2] |
| 1001 | } else { |
| 1002 | return types.ErrMalformed |
| 1003 | } |
| 1004 | |
| 1005 | // Technically we don't need to check it here, but we are going to mail the 'authScheme' string to the user. |
| 1006 | // We have to make sure it does not contain any exploits. This is the simplest check. |
| 1007 | auther := store.Store.GetLogicalAuthHandler(authScheme) |
| 1008 | if auther == nil { |
| 1009 | return types.ErrUnsupported |
| 1010 | } |
| 1011 | validator := store.Store.GetValidator(credMethod) |
| 1012 | if validator == nil { |
| 1013 | return types.ErrUnsupported |
| 1014 | } |
| 1015 | uid, err := store.Users.GetByCred(credMethod, credValue) |
| 1016 | if err != nil { |
| 1017 | return err |
| 1018 | } |
| 1019 | if uid.IsZero() { |
| 1020 | // Prevent discovery of existing contacts: report "no error" if contact is not found. |
| 1021 | return nil |
| 1022 | } |
| 1023 | |
| 1024 | resetParams, err := auther.GetResetParams(uid) |
| 1025 | if err != nil { |
| 1026 | return err |
| 1027 | } |
| 1028 | tempScheme, err := validator.TempAuthScheme() |
| 1029 | if err != nil { |
| 1030 | return err |
| 1031 | } |
| 1032 | |
| 1033 | tempAuth := store.Store.GetLogicalAuthHandler(tempScheme) |
| 1034 | if tempAuth == nil || !tempAuth.IsInitialized() { |
| 1035 | logs.Err.Println("s.authSecretReset: validator with missing temp auth", credMethod, tempScheme, s.sid) |
| 1036 | return types.ErrInternal |
| 1037 | } |
| 1038 | |
| 1039 | code, _, err := tempAuth.GenSecret(&auth.Rec{ |
| 1040 | Uid: uid, |
| 1041 | AuthLevel: auth.LevelAuth, |
| 1042 | Features: auth.FeatureNoLogin, |
| 1043 | Credential: credMethod + ":" + credValue, |
| 1044 | }) |
| 1045 | if err != nil { |
| 1046 | return err |
| 1047 | } |
| 1048 | |
| 1049 | return validator.ResetSecret(credValue, authScheme, s.lang, code, resetParams) |
| 1050 | } |
| 1051 | |
| 1052 | // onLogin performs steps after successful authentication. |
| 1053 | func (s *Session) onLogin(msgID string, timestamp time.Time, rec *auth.Rec, missing []string) *ServerComMessage { |
no test coverage detected