Ted's Logon/permissions changes

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1030 ab2d0c66-481e-0410-8bed-d214d4d58bed

9 files changed, 130 insertions, 180 deletions

diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua
index 75915fc..61b4864 100644
--- a/app/acf-util/logon-controller.lua
+++ b/app/acf-util/logon-controller.lua
@@ -2,30 +2,38 @@
 
 module (..., package.seeall)
 
---require ("session")
-	
+mvc = {}
 mvc.on_load = function(self, parent)
-     if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then
-      self.worker[self.conf.action] = list_redir(self)
-      end
- --logit ("logon.mvc.on_load activated")
- end
+	self.conf.default_action = "status"
+end
 
+-- Logon a new user based upon id and password in clientdata
 logon = function(self)
-	return ( {logon=self.model.logon(self, clientdata.userid, clientdata.password,clientdata.sessionid) })
+	local cmdresult
+	if clientdata.userid and clientdata.password then
+		local logon = self.model:logon(clientdata, conf.clientip, conf.sessiondir, sessiondata)
+		-- If successful logon, redirect to status, otherwise try again
+		if logon then
+			self.conf.action = "status"
+			self.conf.type = "redir"
+			error(self.conf)
+		else
+			cmdresult = "Logon Attempt Failed"
+		end
+	end
+	return ({ cmdresult = cmdresult })
 end
 
+-- Log out current user and go to login screen
 logout = function(self)
-	local logout = self.model:logoff(clientdata.sessionid)
-	if (logout) and (logout[1]) and (logout[1]["value"]) and (string.lower(logout[1]["value"]) == "successful") then
-		self.conf.action = "logon"
-		self.conf.type = "redir"
-		error (self.conf)
-	end
-
-	return  { logout = logout } 
+	local logout = self.model.logoff(conf.sessiondir, sessiondata)
+	-- We have to redirect so a new session / menu is created
+	self.conf.action = "logon"
+	self.conf.type = "redir"
+	error (self.conf)
 end
 
+-- Report the login status
 status = function(self)
-	return( {stats= self.model:status(clientdata.sessionid) })
+	return self.model.status(sessiondata)
 end
diff --git a/app/acf-util/logon-html.lsp b/app/acf-util/logon-html.lsp
index 9a930a2..c1b4500 100644
--- a/app/acf-util/logon-html.lsp
+++ b/app/acf-util/logon-html.lsp
@@ -1,24 +1,20 @@
 <? local form = ... ?>
-<h1>Logon</h1>
-<? --[[ ?>
-<?= html.cfe_unpack(form) ?>
-<? --]] ?>
+<? --[[
+       io.write(html.cfe_unpack(form))
+   --]] ?>
 
-<form action="<?= form.logon.option.script  .. form.logon.option.prefix ..
-		form.logon.option.controller .. "/" .. form.logon.option.action ?>" method="POST">
-<DL>
-<?
-local myform = form.logon.value 
-for k,v in pairs(myform) do
-	io.write("\t<DT")
-	if (#v.errtxt > 0) then io.write(" class='error'") end
-		io.write(">" .. v.label .. "</DT>\n")
+<? if form.cmdresult then ?>
+<h1>Command Result</h1>
+<p class='error'> <?= form.cmdresult ?></p>
+<? end ?>
 
-			io.write("\t\t<DD>" .. html.form[v.type](v) .. "\n")
-		if (v.descr) and (#v.descr > 0) then io.write("\t\t<P CLASS='descr'>" .. string.gsub(v.descr, "\n", "<BR>") .. "</P>\n") end
-		if (#v.errtxt > 0) then io.write("\t\t<P CLASS='error'>" .. string.gsub(v.errtxt, "\n", "<BR>") .. "</P>\n") end
-		io.write("\t\t</DD>\n")
-end 
-?>
+<h1>Logon</h1>
+<form action="logon" method="POST">
+<DL>
+	<DT>User id</DT>
+		<DD><input class="text" type="text" name="userid" value=""></DD>
+	<DT>Password</DT>
+		<DD><input class="password" type="password" name="password" value=""></DD>
+	<DT><input class="submit" type="submit" name="Logon" value="Logon"></DD>
 </DL>
 </form>
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index 33ffd56..cd840f7 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -19,113 +19,59 @@ else
 	auth = require ("authenticator-plaintext")
 end
 
-logon = function (self, id_user, password_user,sessdata )
-local userid=cfe({ name="userid",label="User id", type="text" })
-local password=cfe({ name="password" ,label="Password", type="passwd"})
-local logon=cfe({ name="Logon", label="Logon", value="Logon", type="submit"})
-local s = ""
+-- Logoff the user by deleting session data
+logoff = function (sessiondir, sessiondata)
+	-- Unlink / delete the current session
+	local result = session.unlink_session(sessiondir, sessiondata.id)
+	-- Clear the current session data
+	for a,b in pairs(sessiondata) do
+		sessiondata[a] = nil
+	end
 
-local csess = session.check_session(conf.sessiondir, sessdata)
-if csess ~= "an unknown user" then
-session.unlink_session(conf.sessiondir, sessdata)
-for a,b in pairs(sessiondata) do 
-if a ~= "menu" then
-sessiondata[a] = nil
-end
+	return (result)
 end
-sessiondata.id = session.random_hash(512)
-build_menus(self)
-end
-
-local counteven = session.count_events(conf.sessiondir, id_user, session.hash_ip_addr(ENV["REMOTE_ADDR"]))
 
-if counteven then
-userid.errtxt="Information not recognized"
-return (cfe {type="form",
-	option={script=ENV["SCRIPT_NAME"],
-	prefix=self.conf.prefix,
-	controller=self.conf.controller,
-	action="logon" },
-	value={userid,password,logon},testme={counteven}
-	})
-end
+-- Log on new user if possible and set up userinfo in session
+-- if we fail, we leave the session alone (don't log out)
+logon = function (self, clientdata, ip_addr, sessiondir, sessiondata)
+	-- Check to see if we can login this user id / ip addr
+	local countevent = session.count_events(sessiondir, clientdata.userid, session.hash_ip_addr(ip_addr))
+	if countevent then
+		session.record_event(sessiondir, clientdata.userid, session.hash_ip_addr(ip_addr))
+		return (false)
+	end
 
-session.expired_events(conf.sessiondir)
-	if id_user and password_user then
-	local password_user_md5 = fs.md5sum_string(password_user)
-		if auth.authenticate (self, id_user, password_user_md5)  then
-			local t = auth.get_userinfo (self, id_user)
+	if clientdata.userid and clientdata.password then
+		local password_user_md5 = fs.md5sum_string(clientdata.password)
+		if auth.authenticate (self, clientdata.userid, password_user_md5) then
+			-- We have a successful login, change sessiondata
+			-- for some reason, can't call this function or it skips rest of logon
+			-- logout(sessiondir, sessiondata)
+			---[[ so, do this instead
+			session.unlink_session(sessiondir, sessiondata.id)
+			-- Clear the current session data
+			for a,b in pairs(sessiondata) do
+				if a ~= "id" then sessiondata[a] = nil end
+			end
+			--]]
 			sessiondata.id = session.random_hash(512)
+			local t = auth.get_userinfo (self, clientdata.userid)
 			sessiondata.userinfo = t or {}
-			sessiondata.userinfo.perm = roles.get_roles_perm(self,auth.get_userinfo_roles(self,id_user))
-			self.conf.prefix="/acf-util/"
-			self.conf.action="status"
-			self.conf.type="redir"
-			self.conf.controller="logon"
-			error(self.conf)
+			return (true)
 		else
-		userid.errtxt = "Information not recognized"
-		session.record_event(conf.sessiondir, id_user, session.hash_ip_addr(ENV["REMOTE_ADDR"]))
-	return (cfe {type="form",
-		option={script=ENV["SCRIPT_NAME"],
-		prefix=self.conf.prefix,
-		controller=self.conf.controller,
-		action="logon" },
-		value={userid,password,logon},testme={counteven} 
-		})
+			-- We have a bad login, log the event
+			session.record_event(sessiondir, clientdata.userid, session.hash_ip_addr(ip_addr))
 		end
-	else
-	return ( cfe{ type="form",
-	option={script=ENV["SCRIPT_NAME"],
-	prefix=self.conf.prefix,
-	controller=self.conf.controller,
-	action="logon" } ,
-	value={userid,password,logon},testme={counteven}
-	})
 	end
+	return (false)
 end
-		
-	-- logged on?
-	--	record event and ignore the attempt
-	-- too many attempts for this ip?
-	--	record event and ignore the attempt
-	-- too many attempts for this user?
-	--	record event and ignore the attempt
-	-- uname/passwd invalid?
-	--	record event and ignore the attempt
-	-- All ok?
-	--	look up their role, issue new session
-	
-	--this goes through and will return true or false if limit reached
 
-logoff = function (self, sessdata)
-	-- sessionid invalid?
-	-- 	record event, ignore the attempt
-	-- else
-	-- 	unlink session
-	--	issue new sessionid
-	
-	--made it so that we get a new sessionid then try to delete it
-	--need to make the whole sessiondata table go bye bye
-	delsess = session.unlink_session(conf.sessiondir, sessdata)
-	if delsess == true then 
-	logoff = "Successful"
-	else
-	logoff = "Incomplete or Unsuccessful logoff"
-	end
-	for a,b in pairs(sessiondata) do
-	if a ~= "menu" then
-	sessiondata[a] = nil
+-- Return the session id and username
+status = function(sessiondata)
+	local name = "unknown"
+	if sessiondata.userinfo and sessiondata.userinfo.username then
+		name = sessiondata.userinfo.username
 	end
-	end
-	sessiondata.id = session.random_hash(512) 
-	build_menus(self)
-	return ( cfe{ {value=logoff,name="logoff"},{value=sessiondata,name="sessiondata"} })
-end
-
-status = function(self, sessdata)
-	sessid = sessdata
-	checkme = session.check_session(self.conf.sessiondir,sessdata)	
-	return ( cfe { checkme={value=checkme,name="checkme"}, sessid={value=sessid,name="sessid" } })	
+	return ( { sessionid = sessiondata.id, username = name } )
 end
 
diff --git a/app/acf-util/logon-status-html.lsp b/app/acf-util/logon-status-html.lsp
index 3524716..072051d 100644
--- a/app/acf-util/logon-status-html.lsp
+++ b/app/acf-util/logon-status-html.lsp
@@ -1,5 +1,8 @@
 <? local view= ... ?> 
+<? --[[
+	io.write(html.cfe_unpack(view))
+--]] ?>
 <h1>User Status </h1>
 <p> Below is your current Session id <p>
-<?= view.stats.sessid.value ?>
-<p>You are currently known to the system as <?= view.stats.checkme.value ?>.</p>
+<?= view.sessionid ?>
+<p>You are currently known to the system as <?= view.username ?>.</p>
diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua
index 185c3e4..f891c58 100755
--- a/app/acf-util/password-controller.lua
+++ b/app/acf-util/password-controller.lua
@@ -1,18 +1,10 @@
 module(..., package.seeall)
 
-auth=require("authenticator-plaintext")
-
-local list_redir = function (self)
-	self.conf.action = "status"
-	self.conf.type = "redir"
-	error (self.conf)
-end
+local auth=require("authenticator-plaintext")
 
 mvc = {}
 mvc.on_load = function(self, parent)
-	if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then
-		self.worker[self.conf.action] = list_redir(self)
-	end
+	self.conf.default_action = "status"
 end
 
 local function admin_permission()
diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua
index b8fa7f4..4cf1937 100644
--- a/app/acf-util/roles-controller.lua
+++ b/app/acf-util/roles-controller.lua
@@ -2,17 +2,9 @@
 
 module (..., package.seeall)
 
---require ("session")
-	
-mvc.on_load = function(self, parent)
-     if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then
-      self.worker[self.conf.action] = list_redir(self)
-      end
- --logit ("logon.mvc.on_load activated")
- end
-
 read = function(self)
-	return( {read= self.model:read(clientdata.sessionid)})
+	--return( {read= self.model:read(clientdata.sessionid)})
+	return ( { userid = self.sessiondata.userinfo.userid, roles = self.sessiondata.userinfo.roles, permissions = self.sessiondata.permissions } )
 end
 
 getlist = function(self)
diff --git a/app/acf-util/roles-getlist-html.lsp b/app/acf-util/roles-getlist-html.lsp
index 48c2aba..25d8d62 100644
--- a/app/acf-util/roles-getlist-html.lsp
+++ b/app/acf-util/roles-getlist-html.lsp
@@ -1,7 +1,13 @@
 <? local view= ... ?> 
+<? --[[
+       io.write(html.cfe_unpack(view))
+--]] ?>
+
 <h1>Controller Status</h1>
-<? for a,b in pairs(view.contlist.value) do 
-print("<b>",a,"</b>")
-for k,v in pairs(b) do print(v) end
-print("<br>")
-end ?>
+<? ---[[
+for a,b in pairs(view.contlist) do 
+	print("<b>",a,"</b>")
+	for k,v in pairs(b) do print(v) end
+	print("<br>")
+end
+--]] ?>
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index 95f28d1..c3ce2c7 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -1,27 +1,17 @@
 -- Roles/Group  model functions
 
-require ("session")
 require ("roles")
 
 module (..., package.seeall)
 
-read = function(self,sessionid)
-	useid , theroles = session.check_session(conf.sessiondir,sessionid,"roles")
---we need to expand roles to give us real perm list
-	perm = roles.get_roles_perm(self,theroles)
-	return ( cfe { userid={value=useid,name="userid"},roles={ value=theroles,name="roles"}, perm={value=perm,name="perm"},{value=self.conf,name="self"},{value=sessiondata.userinfo.perm,name="perm2"} })	
-end
-
 getcont = function(self)
 	--need to get a list of all the controllers
-	--t = roles.get_controllers(self,"skins")	
-	bobo = roles.get_controllers(self)
+	controllers = roles.get_controllers(self)
 	local table_m = {}
-	for a,b in pairs(bobo) do
+	for a,b in pairs(controllers) do
 	temp = roles.get_controllers_func(self,b)
 	table_m[b.sname] = temp
 	end
 
-	return (cfe {value=table_m,name="mtable"})
-
+	return (table_m)
 end
diff --git a/app/acf-util/roles-read-html.lsp b/app/acf-util/roles-read-html.lsp
index c5ea541..ddda93a 100644
--- a/app/acf-util/roles-read-html.lsp
+++ b/app/acf-util/roles-read-html.lsp
@@ -1,11 +1,28 @@
 <? local view= ... ?> 
-<h1>Role Views</h1>
-<p>Roles/Permission list for <?= view.read.userid.value ?>:<p>
+<? --[[
+	io.write(html.cfe_unpack(view))
+--]] ?>
 
-<p>You are valid in these role <p>
-<? for a,b in pairs(view.read.roles.value) do 
-print("<li>",b) end ?>
+<? ---[[ ?>
+<H1>Roles/Permission list for <?= view.userid ?>:</H1>
 
-<p>Your full permissions are<p>
-<?= view.read.perm.value ?>
-<?= html.cfe_unpack(view) ?>
+<? if view.roles then ?>
+	<H2>You are valid in these roles</H2>
+	<? for a,b in pairs(view.roles) do
+		print("<li>",b,"</li>")
+	end ?>
+<? end ?>
+<? --]] ?>
+
+<? ---[[ ?>
+<? if view.permissions then ?>
+	<H2>Your full permissions are</H2>
+	<? for x,cont in pairs(view.permissions) do
+		print("<b>",x,"</b>")
+		for y,act in pairs(cont) do
+			print(y)
+		end
+		print("<br>")
+	end ?>
+<? end ?>
+<? --]] ?>