Split common code out of authenticator-plaintext into authenticator.lua in preparation for adding SQL authentication. Rewrote authentication functions to use cfe's. Made corresponding changes to roles and logon. Added dnsfiles field to userdata for tinydns access control.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1314 ab2d0c66-481e-0410-8bed-d214d4d58bed
author: Ted Trask <ttrask01@yahoo.com> 2008-07-22 19:58:39 +0000
committer: Ted Trask <ttrask01@yahoo.com> 2008-07-22 19:58:39 +0000
commit: 8cfe28d0691856222685b93f4a58664416a0aa65 (patch)
tree: bdc57542af8a67aefbd4b587b6aa9d5483ca3e55 /app/acf-util
parent: a1ad49891bbeea6c4c5cf77a574d219c9a722eab (diff)
download: acf-core-8cfe28d0691856222685b93f4a58664416a0aa65.tar.bz2
acf-core-8cfe28d0691856222685b93f4a58664416a0aa65.tar.xz
5 files changed, 69 insertions, 204 deletions
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index 3644a09..b817cf9 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -6,18 +6,7 @@ require ("session")
 require ("html")
 require ("fs")
 require ("roles")
-
---varibles for time in case of logons,expired,lockouts
-
--- load an authenticator
--- FIXME: use an "always true" as default?
-
-local auth 
-if authenticator then
-	auth = require ("authenticator-" .. conf.authenticator)
-else
-	auth = require ("authenticator-plaintext")
-end
+require ("authenticator")
 
 -- Logoff the user by deleting session data
 logoff = function (sessiondir, sessiondata)
@@ -42,7 +31,7 @@ logon = function (self, userid, password, ip_addr, sessiondir, sessiondata)
 	end
 
 	if false == countevent and userid and password then
-		if auth.authenticate (self, userid, password) then
+		if authenticator.authenticate (self, userid, password) then
 			-- We have a successful login, change sessiondata
 			-- for some reason, can't call this function or it skips rest of logon
 			-- logout(sessiondir, sessiondata)
@@ -54,8 +43,11 @@ logon = function (self, userid, password, ip_addr, sessiondir, sessiondata)
 			end
 			--]]
 			sessiondata.id = session.random_hash(512)
-			local t = auth.get_userinfo (self, userid)
-			sessiondata.userinfo = t or {}
+			local t = authenticator.get_userinfo (self, userid)
+			sessiondata.userinfo = {}
+			for name,value in pairs(t.value) do
+				sessiondata.userinfo[name] = value.value
+			end
 			return cfe({ type="boolean", value=true, label="Logon Success" })
 		else
 			-- We have a bad login, log the event
diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua
index 20f04ef..bea4480 100755
--- a/app/acf-util/password-controller.lua
+++ b/app/acf-util/password-controller.lua
@@ -8,97 +8,59 @@ function status(self)
 end
 
 function editme(self)
-	local output = self.model.read_user(self, self.sessiondata.userinfo.userid)
-
-	if clientdata.Save then
-		-- just to make sure can't modify any other user from this action
-		self.clientdata.userid = self.sessiondata.userinfo.userid
-		
-		-- As a special case for update_user, settings that don't change are nil
-		self.clientdata.roles = nil
-		output.value.roles.value = nil
-		-- if password is blank, don't update it or require it
-		if not self.clientdata.password or self.clientdata.password == "" then 
-			self.clientdata.password = nil
-			output.value.password.value = nil
-		end
-		if not self.clientdata.password_confirm or self.clientdata.password_confirm == "" then 
-			self.clientdata.password_confirm = nil
-			output.value.password_confirm.value = nil
-		end
-
-		controllerfunctions.handle_clientdata(output, clientdata)
-
-		-- Update userinfo
-		output = self.model.update_user(self, output)
-		if not output.errtxt then
-			output.descr = "Saved user"
-		end
-		output = self:redirect_to_referrer(output)
-	else
-		output = self:redirect_to_referrer() or output
-	end
-
-	-- Don't allow changing of roles for yourself
-	output.value.roles = nil
-	
-	output.type = "form"
-	output.label = "Edit My Settings"
-	output.option = "Save"
-	return output
+	-- just to make sure can't modify any other user from this action
+	self.clientdata.userid = self.sessiondata.userinfo.userid
+	return controllerfunctions.handle_form(self, function()
+			local value = self.model.read_user(self, self.sessiondata.userinfo.userid)
+			-- We don't allow a user to modify his own roles or dnsfiles
+			value.value.roles = nil
+			value.value.dnsfiles = nil
+			return value
+		end, function(value)
+			-- If password and password_confirm are blank, don't set them
+			local pw, pwc
+			if value.value.password.value == "" and value.value.password_confirm.value == "" then
+				pw = value.value.password
+				pwc = value.value.password_confirm
+				value.value.password = nil
+				value.value.password_confirm = nil
+			end
+			value = self.model.update_user(self, value)
+			if pw then
+				value.value.password = pw
+				value.value.password_confirm = pwc
+			end
+			return value
+		end, self.clientdata, "Save", "Edit My Settings", "Saved user")
 end
 
 function edituser(self)
-	local output = self.model.read_user(self, self.clientdata.userid)
-	if self.clientdata.Save then
-		-- As a special case for update_user, settings that don't change are nil
-		-- if password is blank, don't update it or require it
-		if not self.clientdata.password or self.clientdata.password == "" then 
-			self.clientdata.password = nil
-			output.value.password.value = nil
-		end
-		if not self.clientdata.password_confirm or self.clientdata.password_confirm == "" then 
-			self.clientdata.password_confirm = nil
-			output.value.password_confirm.value = nil
-		end
-
-		controllerfunctions.handle_clientdata(output, clientdata)
-
-		-- Update userinfo
-		output = self.model.update_user(self, output)
-		if not output.errtxt then
-			redirect(self, "status")
-		end
-		output = self:redirect_to_referrer(output)
-	else
-		output = self:redirect_to_referrer() or output
-	end
-
-	output.type = "form"
-	output.label = "Edit User Settings"
-	output.option = "Save"
-	return output
+	return controllerfunctions.handle_form(self, function()
+			return self.model.read_user(self, self.clientdata.userid)
+		end, function(value)
+			-- If password and password_confirm are blank, don't set them
+			local pw, pwc
+			if value.value.password.value == "" and value.value.password_confirm.value == "" then
+				pw = value.value.password
+				pwc = value.value.password_confirm
+				value.value.password = nil
+				value.value.password_confirm = nil
+			end
+			value = self.model.update_user(self, value)
+			if pw then
+				value.value.password = pw
+				value.value.password_confirm = pwc
+			end
+			return value
+		end, self.clientdata, "Save", "Edit User Settings", "Saved user")
 end
 
 function newuser(self)
-	local output = self.model.read_user(self)
-	if self.clientdata.Save then
-		controllerfunctions.handle_clientdata(output, clientdata)
-
-		-- Update userinfo
-		output = self.model.create_user(self, output)
-		if not output.errtxt then
-			redirect(self, "status")
-		end
-		output = self:redirect_to_referrer(output)
-	else
-		output = self:redirect_to_referrer() or output
-	end
-
-	output.type = "form"
-	output.label = "New User Settings"
-	output.option = "Save"
-	return output
+	return controllerfunctions.handle_form(self, function()
+			return self.model.read_user(self)
+		end, function(value)
+			return self.model.create_user(self, value)
+		end, self.clientdata, "Save", "New User Settings", "Saved user", "status")
 end
 
 function deleteuser(self)
diff --git a/app/acf-util/password-model.lua b/app/acf-util/password-model.lua
index 1e78e5d..87c2e6f 100755
--- a/app/acf-util/password-model.lua
+++ b/app/acf-util/password-model.lua
@@ -1,125 +1,33 @@
 module(..., package.seeall)
 
-local auth=require("authenticator-plaintext")
+require("authenticator")
 
 function create_user(self, userdata)
-	return update_user(self, userdata, true)
+	return authenticator.new_settings(self, userdata)
 end
 
 function read_user(self, user)
-	local config = {}
-	local errtxt
-
-	-- Read the user data
-	local userinfo
-	if user and (#user > 0) then
-		userinfo = auth.get_userinfo(self,user)
-		if not userinfo then
-			errtxt = "User does not exist"
-		end
-	end
-	userinfo = userinfo or {}
-
-	config.userid =  cfe({
-		label="User id",
-		value=(userinfo.userid or user or ""),
-		errtxt = errtxt
-		})
-	config.username =  cfe({
-		label="Real name",
-		value=(userinfo.username or ""),
-		})
-	config.roles =  cfe({
-		label="Roles",
-		value=(userinfo.roles or {}),
-		type="multi",
-		option=auth.list_roles(),
-		})
-	config.password =  cfe({
-		label="Password",
-		})
-	config.password_confirm =  cfe({
-		label="Password (confirm)",
-		})
-
-	return cfe({ type="group", value=config, errtxt = errtxt, label="User Config" })
+	return authenticator.get_userinfo(self, user)
 end
 
-function update_user(self, userdata, newuser)
-	local result
-	local errormessage = {}
-
-	-- Try to write new or update existing data
-	if newuser == true then
-		result, errormessage = auth.new_settings(self, userdata.value.userid.value, userdata.value.username.value, userdata.value.password.value, userdata.value.password_confirm.value, userdata.value.roles.value)
-		if result == false then
-			userdata.errtxt = "Failed to create new user"
-		end
-	else
-		-- As a special case, settings that don't change are nil
-		result, errormessage = auth.change_settings(self, userdata.value.userid.value, userdata.value.username.value, userdata.value.password.value, userdata.value.password_confirm.value, userdata.value.roles.value)
-		if result == false then
-			userdata.errtxt = "Failed to save changes"
-		end
-		-- We can't return any nil values, so set then
-		local olduserdata = read_user(self, userdata.value.userid.value)
-		for name,value in pairs(userdata.value) do
-			if value.value == nil then
-				value.value = olduserdata.value[name].value
-			end
-		end
-	end
-	
-	userdata.value.password.value = ""
-	userdata.value.password_confirm.value = ""
-
-	if result == false then
-		-- now, copy in the errors
-		for name,value in pairs(userdata.value) do
-			value.errtxt = errormessage[name]
-		end
-	end
-
-	return userdata
+function update_user(self, userdata)
+	return authenticator.change_settings(self, userdata)
 end
 
 function get_users(self)
 	--List all users and their userinfo
 	local users = {}
-	local userlist = auth.list_users(self)
+	local userlist = authenticator.list_users(self)
 	
 	for x,user in pairs(userlist) do
-		local userinfo = auth.get_userinfo(self,user)
-		users[user] = cfe({
-			type="group",
-			label=user,
-			value={	userid=cfe ({
-					label="User ID",
-					value=userinfo.userid,
-					}),
-				username=cfe ({
-					label="Real name",
-					value=userinfo.username,
-					}),
-				roles=cfe ({
-					label="Roles",
-					value=userinfo.roles,
-					option=auth.list_roles(),
-					type="multi",
-					}),
-				},
-
-			})
+		users[user] = read_user(self, user)
+		users[user].value.password = nil
+		users[user].value.password_confirm = nil
 	end
 
 	return cfe({ type="group", value=users, label="User Configs" })
 end
 
 function delete_user(self, userid)
-	local result, errmessages = auth.delete_user(self, userid)
-	local value
-	if result then value = "User Deleted" else value = "Failed to Delete User" end
-	local errtxt
-	if #errmessages > 0 then errtxt = errmessages:concat("\n") end
-	return cfe({ value=value, errtxt=errtxt, label="Delete User Result" })
+	return authenticator.delete_user(self, userid)
 end
diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp
index c16e0d6..8091316 100755
--- a/app/acf-util/password-status-html.lsp
+++ b/app/acf-util/password-status-html.lsp
@@ -30,6 +30,9 @@ io.write("</span>")
 			<TD STYLE='border:none;'><B><?= user.value.roles.label ?></B></TD>
 			<TD STYLE='border:none;'><?= table.concat(user.value.roles.value, " / ") ?></TD>
 		</TR><TR>
+			<TD STYLE='border:none;'><B><?= user.value.dnsfiles.label ?></B></TD>
+			<TD STYLE='border:none;'><?= table.concat(user.value.dnsfiles.value, "<br>") ?></TD>
+		</TR><TR>
 			<TD STYLE='border:none;'><B>Option</B></TD>
 			<TD STYLE='border:none;'>
 			[<A HREF='edituser?userid=<?= name ?>'>Edit this account</A>]
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index b2db9db..f064536 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -2,7 +2,7 @@
 module (..., package.seeall)
 
 require("modelfunctions")
-auth = require("authenticator-plaintext")
+require("authenticator")
 require("roles")
 
 local get_all_permissions = function(self)
@@ -26,7 +26,7 @@ end
 
 -- Return roles/permissions for specified user
 get_user_roles = function(self, userid)
-	rls = cfe({ type="list", value=auth.get_userinfo_roles(self, userid), label="Roles" })
+	rls = cfe({ type="list", value=authenticator.get_userinfo_roles(self, userid).value, label="Roles" })
 	permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" })
 	return cfe({ type="group", value={roles=rls, permissions=permissions} })
 end
author	Ted Trask <ttrask01@yahoo.com>	2008-07-22 19:58:39 +0000
committer	Ted Trask <ttrask01@yahoo.com>	2008-07-22 19:58:39 +0000
commit	8cfe28d0691856222685b93f4a58664416a0aa65 (patch)
tree	bdc57542af8a67aefbd4b587b6aa9d5483ca3e55 /app/acf-util
parent	a1ad49891bbeea6c4c5cf77a574d219c9a722eab (diff)
download	acf-core-8cfe28d0691856222685b93f4a58664416a0aa65.tar.bz2 acf-core-8cfe28d0691856222685b93f4a58664416a0aa65.tar.xz