diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-04-21 20:55:44 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-04-21 20:55:44 +0000 |
commit | 5e1d9734d9dc849c21e84a45913fb2d22b7dfdf0 (patch) | |
tree | 7845e677b2b36c3f8090b7e424284a28fa397713 /app/acf-util | |
parent | ed9bf961c16e1f9d58f39ebb1afc289e5564ebfe (diff) | |
download | acf-core-5e1d9734d9dc849c21e84a45913fb2d22b7dfdf0.tar.bz2 acf-core-5e1d9734d9dc849c21e84a45913fb2d22b7dfdf0.tar.xz |
Ted's Logon/permissions changes
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1030 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app/acf-util')
-rw-r--r-- | app/acf-util/logon-controller.lua | 42 | ||||
-rw-r--r-- | app/acf-util/logon-html.lsp | 34 | ||||
-rw-r--r-- | app/acf-util/logon-model.lua | 138 | ||||
-rw-r--r-- | app/acf-util/logon-status-html.lsp | 7 | ||||
-rwxr-xr-x | app/acf-util/password-controller.lua | 12 | ||||
-rw-r--r-- | app/acf-util/roles-controller.lua | 12 | ||||
-rw-r--r-- | app/acf-util/roles-getlist-html.lsp | 16 | ||||
-rw-r--r-- | app/acf-util/roles-model.lua | 16 | ||||
-rw-r--r-- | app/acf-util/roles-read-html.lsp | 33 |
9 files changed, 130 insertions, 180 deletions
diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua index 75915fc..61b4864 100644 --- a/app/acf-util/logon-controller.lua +++ b/app/acf-util/logon-controller.lua @@ -2,30 +2,38 @@ module (..., package.seeall) ---require ("session") - +mvc = {} mvc.on_load = function(self, parent) - if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then - self.worker[self.conf.action] = list_redir(self) - end - --logit ("logon.mvc.on_load activated") - end + self.conf.default_action = "status" +end +-- Logon a new user based upon id and password in clientdata logon = function(self) - return ( {logon=self.model.logon(self, clientdata.userid, clientdata.password,clientdata.sessionid) }) + local cmdresult + if clientdata.userid and clientdata.password then + local logon = self.model:logon(clientdata, conf.clientip, conf.sessiondir, sessiondata) + -- If successful logon, redirect to status, otherwise try again + if logon then + self.conf.action = "status" + self.conf.type = "redir" + error(self.conf) + else + cmdresult = "Logon Attempt Failed" + end + end + return ({ cmdresult = cmdresult }) end +-- Log out current user and go to login screen logout = function(self) - local logout = self.model:logoff(clientdata.sessionid) - if (logout) and (logout[1]) and (logout[1]["value"]) and (string.lower(logout[1]["value"]) == "successful") then - self.conf.action = "logon" - self.conf.type = "redir" - error (self.conf) - end - - return { logout = logout } + local logout = self.model.logoff(conf.sessiondir, sessiondata) + -- We have to redirect so a new session / menu is created + self.conf.action = "logon" + self.conf.type = "redir" + error (self.conf) end +-- Report the login status status = function(self) - return( {stats= self.model:status(clientdata.sessionid) }) + return self.model.status(sessiondata) end diff --git a/app/acf-util/logon-html.lsp b/app/acf-util/logon-html.lsp index 9a930a2..c1b4500 100644 --- a/app/acf-util/logon-html.lsp +++ b/app/acf-util/logon-html.lsp @@ -1,24 +1,20 @@ <? local form = ... ?> -<h1>Logon</h1> -<? --[[ ?> -<?= html.cfe_unpack(form) ?> -<? --]] ?> +<? --[[ + io.write(html.cfe_unpack(form)) + --]] ?> -<form action="<?= form.logon.option.script .. form.logon.option.prefix .. - form.logon.option.controller .. "/" .. form.logon.option.action ?>" method="POST"> -<DL> -<? -local myform = form.logon.value -for k,v in pairs(myform) do - io.write("\t<DT") - if (#v.errtxt > 0) then io.write(" class='error'") end - io.write(">" .. v.label .. "</DT>\n") +<? if form.cmdresult then ?> +<h1>Command Result</h1> +<p class='error'> <?= form.cmdresult ?></p> +<? end ?> - io.write("\t\t<DD>" .. html.form[v.type](v) .. "\n") - if (v.descr) and (#v.descr > 0) then io.write("\t\t<P CLASS='descr'>" .. string.gsub(v.descr, "\n", "<BR>") .. "</P>\n") end - if (#v.errtxt > 0) then io.write("\t\t<P CLASS='error'>" .. string.gsub(v.errtxt, "\n", "<BR>") .. "</P>\n") end - io.write("\t\t</DD>\n") -end -?> +<h1>Logon</h1> +<form action="logon" method="POST"> +<DL> + <DT>User id</DT> + <DD><input class="text" type="text" name="userid" value=""></DD> + <DT>Password</DT> + <DD><input class="password" type="password" name="password" value=""></DD> + <DT><input class="submit" type="submit" name="Logon" value="Logon"></DD> </DL> </form> diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index 33ffd56..cd840f7 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -19,113 +19,59 @@ else auth = require ("authenticator-plaintext") end -logon = function (self, id_user, password_user,sessdata ) -local userid=cfe({ name="userid",label="User id", type="text" }) -local password=cfe({ name="password" ,label="Password", type="passwd"}) -local logon=cfe({ name="Logon", label="Logon", value="Logon", type="submit"}) -local s = "" +-- Logoff the user by deleting session data +logoff = function (sessiondir, sessiondata) + -- Unlink / delete the current session + local result = session.unlink_session(sessiondir, sessiondata.id) + -- Clear the current session data + for a,b in pairs(sessiondata) do + sessiondata[a] = nil + end -local csess = session.check_session(conf.sessiondir, sessdata) -if csess ~= "an unknown user" then -session.unlink_session(conf.sessiondir, sessdata) -for a,b in pairs(sessiondata) do -if a ~= "menu" then -sessiondata[a] = nil -end + return (result) end -sessiondata.id = session.random_hash(512) -build_menus(self) -end - -local counteven = session.count_events(conf.sessiondir, id_user, session.hash_ip_addr(ENV["REMOTE_ADDR"])) -if counteven then -userid.errtxt="Information not recognized" -return (cfe {type="form", - option={script=ENV["SCRIPT_NAME"], - prefix=self.conf.prefix, - controller=self.conf.controller, - action="logon" }, - value={userid,password,logon},testme={counteven} - }) -end +-- Log on new user if possible and set up userinfo in session +-- if we fail, we leave the session alone (don't log out) +logon = function (self, clientdata, ip_addr, sessiondir, sessiondata) + -- Check to see if we can login this user id / ip addr + local countevent = session.count_events(sessiondir, clientdata.userid, session.hash_ip_addr(ip_addr)) + if countevent then + session.record_event(sessiondir, clientdata.userid, session.hash_ip_addr(ip_addr)) + return (false) + end -session.expired_events(conf.sessiondir) - if id_user and password_user then - local password_user_md5 = fs.md5sum_string(password_user) - if auth.authenticate (self, id_user, password_user_md5) then - local t = auth.get_userinfo (self, id_user) + if clientdata.userid and clientdata.password then + local password_user_md5 = fs.md5sum_string(clientdata.password) + if auth.authenticate (self, clientdata.userid, password_user_md5) then + -- We have a successful login, change sessiondata + -- for some reason, can't call this function or it skips rest of logon + -- logout(sessiondir, sessiondata) + ---[[ so, do this instead + session.unlink_session(sessiondir, sessiondata.id) + -- Clear the current session data + for a,b in pairs(sessiondata) do + if a ~= "id" then sessiondata[a] = nil end + end + --]] sessiondata.id = session.random_hash(512) + local t = auth.get_userinfo (self, clientdata.userid) sessiondata.userinfo = t or {} - sessiondata.userinfo.perm = roles.get_roles_perm(self,auth.get_userinfo_roles(self,id_user)) - self.conf.prefix="/acf-util/" - self.conf.action="status" - self.conf.type="redir" - self.conf.controller="logon" - error(self.conf) + return (true) else - userid.errtxt = "Information not recognized" - session.record_event(conf.sessiondir, id_user, session.hash_ip_addr(ENV["REMOTE_ADDR"])) - return (cfe {type="form", - option={script=ENV["SCRIPT_NAME"], - prefix=self.conf.prefix, - controller=self.conf.controller, - action="logon" }, - value={userid,password,logon},testme={counteven} - }) + -- We have a bad login, log the event + session.record_event(sessiondir, clientdata.userid, session.hash_ip_addr(ip_addr)) end - else - return ( cfe{ type="form", - option={script=ENV["SCRIPT_NAME"], - prefix=self.conf.prefix, - controller=self.conf.controller, - action="logon" } , - value={userid,password,logon},testme={counteven} - }) end + return (false) end - - -- logged on? - -- record event and ignore the attempt - -- too many attempts for this ip? - -- record event and ignore the attempt - -- too many attempts for this user? - -- record event and ignore the attempt - -- uname/passwd invalid? - -- record event and ignore the attempt - -- All ok? - -- look up their role, issue new session - - --this goes through and will return true or false if limit reached -logoff = function (self, sessdata) - -- sessionid invalid? - -- record event, ignore the attempt - -- else - -- unlink session - -- issue new sessionid - - --made it so that we get a new sessionid then try to delete it - --need to make the whole sessiondata table go bye bye - delsess = session.unlink_session(conf.sessiondir, sessdata) - if delsess == true then - logoff = "Successful" - else - logoff = "Incomplete or Unsuccessful logoff" - end - for a,b in pairs(sessiondata) do - if a ~= "menu" then - sessiondata[a] = nil +-- Return the session id and username +status = function(sessiondata) + local name = "unknown" + if sessiondata.userinfo and sessiondata.userinfo.username then + name = sessiondata.userinfo.username end - end - sessiondata.id = session.random_hash(512) - build_menus(self) - return ( cfe{ {value=logoff,name="logoff"},{value=sessiondata,name="sessiondata"} }) -end - -status = function(self, sessdata) - sessid = sessdata - checkme = session.check_session(self.conf.sessiondir,sessdata) - return ( cfe { checkme={value=checkme,name="checkme"}, sessid={value=sessid,name="sessid" } }) + return ( { sessionid = sessiondata.id, username = name } ) end diff --git a/app/acf-util/logon-status-html.lsp b/app/acf-util/logon-status-html.lsp index 3524716..072051d 100644 --- a/app/acf-util/logon-status-html.lsp +++ b/app/acf-util/logon-status-html.lsp @@ -1,5 +1,8 @@ <? local view= ... ?> +<? --[[ + io.write(html.cfe_unpack(view)) +--]] ?> <h1>User Status </h1> <p> Below is your current Session id <p> -<?= view.stats.sessid.value ?> -<p>You are currently known to the system as <?= view.stats.checkme.value ?>.</p> +<?= view.sessionid ?> +<p>You are currently known to the system as <?= view.username ?>.</p> diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua index 185c3e4..f891c58 100755 --- a/app/acf-util/password-controller.lua +++ b/app/acf-util/password-controller.lua @@ -1,18 +1,10 @@ module(..., package.seeall) -auth=require("authenticator-plaintext") - -local list_redir = function (self) - self.conf.action = "status" - self.conf.type = "redir" - error (self.conf) -end +local auth=require("authenticator-plaintext") mvc = {} mvc.on_load = function(self, parent) - if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then - self.worker[self.conf.action] = list_redir(self) - end + self.conf.default_action = "status" end local function admin_permission() diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua index b8fa7f4..4cf1937 100644 --- a/app/acf-util/roles-controller.lua +++ b/app/acf-util/roles-controller.lua @@ -2,17 +2,9 @@ module (..., package.seeall) ---require ("session") - -mvc.on_load = function(self, parent) - if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then - self.worker[self.conf.action] = list_redir(self) - end - --logit ("logon.mvc.on_load activated") - end - read = function(self) - return( {read= self.model:read(clientdata.sessionid)}) + --return( {read= self.model:read(clientdata.sessionid)}) + return ( { userid = self.sessiondata.userinfo.userid, roles = self.sessiondata.userinfo.roles, permissions = self.sessiondata.permissions } ) end getlist = function(self) diff --git a/app/acf-util/roles-getlist-html.lsp b/app/acf-util/roles-getlist-html.lsp index 48c2aba..25d8d62 100644 --- a/app/acf-util/roles-getlist-html.lsp +++ b/app/acf-util/roles-getlist-html.lsp @@ -1,7 +1,13 @@ <? local view= ... ?> +<? --[[ + io.write(html.cfe_unpack(view)) +--]] ?> + <h1>Controller Status</h1> -<? for a,b in pairs(view.contlist.value) do -print("<b>",a,"</b>") -for k,v in pairs(b) do print(v) end -print("<br>") -end ?> +<? ---[[ +for a,b in pairs(view.contlist) do + print("<b>",a,"</b>") + for k,v in pairs(b) do print(v) end + print("<br>") +end +--]] ?> diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index 95f28d1..c3ce2c7 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -1,27 +1,17 @@ -- Roles/Group model functions -require ("session") require ("roles") module (..., package.seeall) -read = function(self,sessionid) - useid , theroles = session.check_session(conf.sessiondir,sessionid,"roles") ---we need to expand roles to give us real perm list - perm = roles.get_roles_perm(self,theroles) - return ( cfe { userid={value=useid,name="userid"},roles={ value=theroles,name="roles"}, perm={value=perm,name="perm"},{value=self.conf,name="self"},{value=sessiondata.userinfo.perm,name="perm2"} }) -end - getcont = function(self) --need to get a list of all the controllers - --t = roles.get_controllers(self,"skins") - bobo = roles.get_controllers(self) + controllers = roles.get_controllers(self) local table_m = {} - for a,b in pairs(bobo) do + for a,b in pairs(controllers) do temp = roles.get_controllers_func(self,b) table_m[b.sname] = temp end - return (cfe {value=table_m,name="mtable"}) - + return (table_m) end diff --git a/app/acf-util/roles-read-html.lsp b/app/acf-util/roles-read-html.lsp index c5ea541..ddda93a 100644 --- a/app/acf-util/roles-read-html.lsp +++ b/app/acf-util/roles-read-html.lsp @@ -1,11 +1,28 @@ <? local view= ... ?> -<h1>Role Views</h1> -<p>Roles/Permission list for <?= view.read.userid.value ?>:<p> +<? --[[ + io.write(html.cfe_unpack(view)) +--]] ?> -<p>You are valid in these role <p> -<? for a,b in pairs(view.read.roles.value) do -print("<li>",b) end ?> +<? ---[[ ?> +<H1>Roles/Permission list for <?= view.userid ?>:</H1> -<p>Your full permissions are<p> -<?= view.read.perm.value ?> -<?= html.cfe_unpack(view) ?> +<? if view.roles then ?> + <H2>You are valid in these roles</H2> + <? for a,b in pairs(view.roles) do + print("<li>",b,"</li>") + end ?> +<? end ?> +<? --]] ?> + +<? ---[[ ?> +<? if view.permissions then ?> + <H2>Your full permissions are</H2> + <? for x,cont in pairs(view.permissions) do + print("<b>",x,"</b>") + for y,act in pairs(cont) do + print(y) + end + print("<br>") + end ?> +<? end ?> +<? --]] ?> |