synced/tinode-chat
1
0
Fork 0
mirror of https://github.com/tinode/chat.git synced 2025-03-14 10:05:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

small changes in tn-cli and auth_anon

Browse Source
This commit is contained in:
or-else
2018-10-08 15:41:00 +03:00
parent 7d3c3c183c
commit c122840a8c
4 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/API.md
View File

@ -159,10 +159,10 @@ Logging out is not supported by design. If an application needs to change the us
### Authentication
The server comes with three authentication methods out of the box: `basic`, `token`, and `anon`:
The server comes with three authentication methods out of the box: `basic`, `token`, and `anonymous`:
* `basic` provides authentication by a login-password pair.
* `token` provides authentication by a cryptographic token.
* `anon` is "anonymous authentication" designed for cases where users are temporary, such as handling customer support requests through chat.
* `anonymous` is designed for cases where users are temporary, such as handling customer support requests through chat.
Any other authentication method can be implemented using plugins.
@ -172,9 +172,9 @@ Authenticators are used during account registration [`{acc}`](#acc) and during [
#### Creating an Account
When a new account is created, the user must inform the server which authentication method will be later used to gain access to this account as well as provide shared secret, if appropriate. Only `basic` and `anon` can be used during account creation. The `basic` requires the user to generate and send a unique login and password to the server. The `anon` does not exchange secrets.
When a new account is created, the user must inform the server which authentication method will be later used to gain access to this account as well as provide shared secret, if appropriate. Only `basic` and `anonymous` can be used during account creation. The `basic` requires the user to generate and send a unique login and password to the server. The `anonymous` does not exchange secrets.
User may optionally set `{acc login=true}` to use the new account for immediate authentication. When `login=false` (or not set), the new account is created but the authentication status of the session which created the account remains unchanged. When `login=true` the server will attempt to authenticate the session with the new account, the response to the `{acc}` request will contain the authentication token on success. This is particularly important for the `anon` authentication.
User may optionally set `{acc login=true}` to use the new account for immediate authentication. When `login=false` (or not set), the new account is created but the authentication status of the session which created the account remains unchanged. When `login=true` the server will attempt to authenticate the session with the new account, the response to the `{acc}` request will contain the authentication token on success. This is particularly important for the `anonymous` authentication.
#### Logging in
@ -581,7 +581,7 @@ acc: {
Server responds with a `{ctrl}` message with `params` containing details of the new user. If `desc.defacs` is missing,
server will assign server-default access values.
The only supported authentication schemes for account creation are `basic` and `anon`.
The only supported authentication schemes for account creation are `basic` and `anonymous`.
#### `{login}`
@ -605,7 +605,7 @@ login: {
```
The `basic` authentication scheme expects `secret` to be a base64-encoded string of a string composed of a user name followed by a colon `:` followed by a plan text password. User name in the `basic` scheme must not contain colon character ':' (ASCII 0x3A). The `token` expects secret to be a previously obtained security token.
The only supported authentication schemes are `basic` and `token`. Although `anon` scheme can be used to create accounts, it cannot be used for logging in. A scheme `reset` can be used for password reset.
The only supported authentication schemes are `basic` and `token`. Although `anonymous` scheme can be used to create accounts, it cannot be used for logging in. A scheme `reset` can be used for password reset.
Server responds to a `{login}` packet with a `{ctrl}` message. The `params` of the message contains the id of the logged in user as `user`. The `token` contains an encrypted string which can be used for authentication. Expiration time of the token is passed as `expires`.

4
pbx/py_fix.py
View File

@ -4,8 +4,8 @@
model_pb2_grpc = "../py_grpc/tinode_grpc/model_pb2_grpc.py"
with open(model_pb2_grpc, "r") as fh:
content = fh.read().replace("import model_pb2 as model__pb2",
"from . import model_pb2 as model__pb2")
content = fh.read().replace("\nimport model_pb2 as model__pb2",
"\nfrom . import model_pb2 as model__pb2")
with open(model_pb2_grpc,"w") as fh:
fh.write(content)

6
server/auth/anon/auth_anon.go
View File

@ -18,8 +18,12 @@ func (AnonAuth) Init(unused string) error {
return nil
}
// AddRecord is a noop. Just report success.
// AddRecord checks authLevel and assigns default LevelAnon. Otherwise it
// just reports success.
func (AnonAuth) AddRecord(rec *auth.Rec, secret []byte) (*auth.Rec, error) {
if rec.AuthLevel == auth.LevelNone {
rec.AuthLevel = auth.LevelAnon
}
return rec, nil
}

13
tn-cli/tn-cli.py
View File

@ -26,7 +26,7 @@ from tinode_grpc import pb
from tinode_grpc import pbx
APP_NAME = "tn-cli"
APP_VERSION = "0.15"
APP_VERSION = "1.0.0"
LIB_VERSION = pkg_resources.get_distribution("tinode_grpc").version
# Dictionary wich contains lambdas to be executed when server response is received
@ -114,10 +114,13 @@ def accMsg(id, user, scheme, secret, uname, password, do_login, fn, photo, priva
if password == None:
password = ''
secret = str(uname) + ":" + str(password)
if secret != None:
secret=secret.encode('utf-8')
public = encode_to_bytes(make_vcard(fn, photo))
private = encode_to_bytes(private)
if secret:
secret = secret.encode('utf-8')
else:
secret = b''
print(default_user)
public = encode_to_bytes(make_vcard(fn, photo)) if (fn or photo) else None
private = encode_to_bytes(private) if private else None
return pb.ClientMsg(acc=pb.ClientAcc(id=str(id), user_id=user,
scheme=scheme, secret=secret, login=do_login, tags=tags.split(",") if tags else None,
desc=pb.SetDesc(default_acs=pb.DefaultAcsMode(auth=auth, anon=anon),