diff options
author | Mike Mason <ms13sp@gmail.com> | 2008-01-26 16:39:08 +0000 |
---|---|---|
committer | Mike Mason <ms13sp@gmail.com> | 2008-01-26 16:39:08 +0000 |
commit | 3f7830de7012e45d4508f41eda4e675159d2cc44 (patch) | |
tree | 2a04ef8da642753035953577c1864c6f4ca64174 | |
parent | 8a2b52812304fb5a936a6a894df6ab1f40a0bda6 (diff) | |
download | acf-core-3f7830de7012e45d4508f41eda4e675159d2cc44.tar.bz2 acf-core-3f7830de7012e45d4508f41eda4e675159d2cc44.tar.xz |
Changes effect only the log in|out functions. Will work now. Next working on updating to prevent misuse of the login function.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@656 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | app/acf-util/logon-controller.lua | 35 | ||||
-rw-r--r-- | app/acf-util/logon-html.lsp | 7 | ||||
-rw-r--r-- | app/acf-util/logon-model.lua | 58 | ||||
-rw-r--r-- | app/acf-util/logon-status-html.lsp | 3 | ||||
-rw-r--r-- | lib/session.lua | 59 |
5 files changed, 107 insertions, 55 deletions
diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua index e10874e..fe53542 100644 --- a/app/acf-util/logon-controller.lua +++ b/app/acf-util/logon-controller.lua @@ -12,42 +12,9 @@ mvc.on_load = function(self, parent) end logon = function(self) ---return ( {logon=self.model:logon(self,clientdata.userid, clientdata.password) }) - -local userid=cfe({ name="userid" }) -local password=cfe({ name="password" }) -local logon=cfe({ name="Logon", type="submit"}) -local s = "" - - -- FIXME - if they are already logged in, log out first - - if clientdata.userid and clientdata.password then - local t = self.model.logon(self,clientdata.userid,clientdata.password) - - if t == nil then - userid.value = self.clientdata.userid - userid.errtxt = "There was a problem logging in" - else - -- the login was successful - give them a new session, and redir to logged in - sessiondata.id = session.random_hash ( 512) - sessiondata.userinfo = t or {} - self.conf.prefix="/acf-util/" - self.conf.controller="logon" - self.conf.action = "status" - self.conf.type = "redir" - error (self.conf) - end - end - -- If we reach this point, just give them the login page - return ( cfe ({type="form", - option={ script=ENV["SCRIPT_NAME"], - prefix=self.conf.prefix, - controller = self.conf.controller, - action = "logon" }, - value = { userid, password, logon } })) + return ( {logon=self.model.logon(self, clientdata.userid, clientdata.password,clientdata.sessionid) }) end - logout = function(self) return { logout = self.model:logoff(clientdata.sessionid) } end diff --git a/app/acf-util/logon-html.lsp b/app/acf-util/logon-html.lsp index aaa90cb..a1d3f33 100644 --- a/app/acf-util/logon-html.lsp +++ b/app/acf-util/logon-html.lsp @@ -1,9 +1,10 @@ <? local form = ... ?> <h1>Logon</h1> +<?= html.cfe_unpack(form) ?> -<form action="<?= form.option.script .. form.option.prefix .. - form.option.controller .. "/" .. form.option.action ?>" method="POST"> -<? local myform = form.value +<form action="<?= form.logon.option.script .. form.logon.option.prefix .. + form.logon.option.controller .. "/" .. form.logon.option.action ?>" method="POST"> +<? local myform = form.logon.value for k,v in pairs(myform) do ?> <DT><?= v.name ?></DT> <? if v.type == "submit" then ?> diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index 839c989..5eaf93b 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -5,6 +5,11 @@ module (..., package.seeall) require ("session") require ("html") +--varibles for time in case of logons,expired,lockouts +minutes_expired_events=30 +minutes_count_events=30 +limit_count_events=10 + -- load an authenticator -- FIXME: use an "always true" as default? @@ -16,7 +21,49 @@ else end -logon = function (self, id, password ) +logon = function (self, id_user, password_user,sessdata ) +session.expired_events(conf.sessiondir, minutes_expired_events) +local userid=cfe({ name="userid",type="text" }) +local password=cfe({ name="password" ,type="password"}) +local logon=cfe({ name="Logon", type="submit"}) +local s = "" + +if session.check_session(conf.sessiondir, sessdata) ~= "an unknown user" then +userid.errtxt="Currently logged onto the system. Please Logoff" +end + + if id_user and password_user then + if auth.authenticate (self, id_user, password_user) then + local t = auth.get_userinfo (self, id_user) + sessiondata.id = session.random_hash(512) + sessiondata.userinfo = t or {} + self.conf.prefix="/acf-util/" + self.conf.action="status" + self.conf.type="redir" + self.conf.controller="logon" + error(self.conf) + else + userid.errtxt = "Invalid Attempt" + session.record_event(conf.sessiondir, id_user) + return (cfe {type="form", + option={script=ENV["SCRIPT_NAME"], + prefix=self.conf.prefix, + controller=self.conf.controller, + action="logon" }, + value={userid,password,logon} + }) + end + else + return ( cfe{ type="form", + option={script=ENV["SCRIPT_NAME"], + prefix=self.conf.prefix, + controller=self.conf.controller, + action="logon" } , + value={userid,password,logon} + }) + end +end + -- logged on? -- record event and ignore the attempt -- too many attempts for this ip? @@ -27,12 +74,8 @@ logon = function (self, id, password ) -- record event and ignore the attempt -- All ok? -- look up their role, issue new session - if auth.authenticate (self, id, password) then - return auth.get_userinfo (self, id) - else - return nil - end -end + + --this goes through and will return true or false if limit reached logoff = function (self, sessdata) -- sessionid invalid? @@ -61,3 +104,4 @@ status = function(self, sessdata) checkme = session.check_session(self.conf.sessiondir,sessdata) return ( cfe { checkme={value=checkme,name="checkme"}, sessid={value=sessid,name="sessid" } }) end + diff --git a/app/acf-util/logon-status-html.lsp b/app/acf-util/logon-status-html.lsp index 78d400e..3524716 100644 --- a/app/acf-util/logon-status-html.lsp +++ b/app/acf-util/logon-status-html.lsp @@ -2,5 +2,4 @@ <h1>User Status </h1> <p> Below is your current Session id <p> <?= view.stats.sessid.value ?> -<p>User account and role information may appear below.</p> -<pre><?= view.stats.checkme.value ?></pre> +<p>You are currently known to the system as <?= view.stats.checkme.value ?>.</p> diff --git a/lib/session.lua b/lib/session.lua index 57b14d2..3915329 100644 --- a/lib/session.lua +++ b/lib/session.lua @@ -13,7 +13,7 @@ module (..., package.seeall) require "posix" -require "fs" +require "format" local b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-" @@ -158,9 +158,9 @@ check_session = function (sessionpath, session) end check_size = posix.stat(fullpath,"size") if check_size == 0 then - return "Null Session" + return "an unknown user" else - local c = fs.read_file(fullpath) + local c = dofile(fullpath).userinfo.userid return c end @@ -178,13 +178,54 @@ end -- Check how many invalid login events -- have happened for this id in the last n minutes -count_events = function ( sessionpath, id, minutes) - -- FIXME - return 0 +-- this will only effect the lockevent files +count_events = function (sessionpath, id, minutes, limit) + if id == nil then + return true + else + local now = os.time() + local minutes_ago = now - (minutes * 60) + local searchfor = sessionpath .. "/lockevent." .. id .. ".*" + local t = posix.glob(searchfor) + + if t == nil then + return true + end + + if #t > limit then + --may need to add checks for time here, we are passing it... + return false + else + return true + end + end end -- Clear events that are older than n minutes -expire_events = function (sessionpath, minutes) - -- FIXME - return 0 +expired_events = function (sessionpath, minutes) + --current os time in seconds + local now = os.time() + --take minutes and convert to seconds + local minutes_ago = now - (minutes * 60) + local searchfor = sessionpath .. "/lockevent.*" + --first do the lockevent files + local temp = posix.glob(searchfor) + if temp ~= nil then + for a,b in pairs(temp) do + if posix.stat(b,"mtime") < minutes_ago then + os.remove(b) + end + end + end + --now do the session files + searchfor = sessionpath .. "/session.*" + local temp = posix.glob(searchfor) + if temp ~= nil then + for a,b in pairs(temp) do + if posix.stat(b,"mtime") < minutes_ago then + os.remove(b) + end + end + end + return 0 end |