3 files changed, 55 insertions, 59 deletions
diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua
index 8359c18..18e4e0f 100644
--- a/app/acf-util/logon-controller.lua
+++ b/app/acf-util/logon-controller.lua
@@ -16,18 +16,25 @@ end
 
 logon = function(self)
 	
-	local username=cfe({ name="username" })
+	local userid=cfe({ name="userid" })
 	local password=cfe({ name="password" })
 	local logon=cfe({ name="Logon", type="submit"})
 	local s = ""
 
-	if self.clientdata.username and self.clientdata.password then
-	if self.model.logon(self, self.clientdata.username, self.clientdata.password) == false then
-		username.value = self.clientdata.username
-		if self.session.id then
-			username.errtxt = "You are already logged in. Logout first."
+	-- FIXME - if they are already logged in, log out first
+	
+	if clientdata.userid and clientdata.password then
+		if self.model.logon(self, clientdata.userid, clientdata.password) == false then
+			userid.value = self.clientdata.userid
+			userid.errtxt = "There was a problem logging in"
 		else
-			username.errtxt = "There was a problem logging in"
+		-- the login was successful - give them a new session, and redir to logged in
+		session.id = session.random_hash ( 512)
+		session.userinfo = self.model.get_userinfo (userid)
+		self.conf.controller="welcome"
+		self.conf.action = ""
+		self.conf.type = "redir"
+		error (self.conf)
 		end
 	else
 		self.conf.controller = ""
@@ -36,14 +43,13 @@ logon = function(self)
 		self.conf.type = "redir"
 		error(self.conf)
 	end
-	end
 	-- If we reach this point, just give them the login page
         return ( cfe ({type="form",
 	option={ script=ENV["SCRIPT_NAME"],
 	prefix=self.conf.prefix,
 	controller = self.conf.controller,
 	action = "logon" },
-	value = { username, password, logon } }))
+	value = { userid, password, logon } }))
 end
 
 
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index dbd8522..48b3cf2 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -4,58 +4,36 @@ module (..., package.seeall)
 
 local sess = require ("session")
 
-local pvt = {}
-
-
--- return a sessionid if username / password is valid, false
--- /etc/acf/passwd should be lines of userid:passwd:user name:role1[,role2[,role3]]
-pvt.logon = function (self, id, passwd )
-	-- if we already have sessionid... then you are already logged in
-	if self.session.id then
-		return false
-	end
-
-	id = id or ""
-	passwd = passwd or ""
-
-	-- open our hokey password file,
-	local f = io.open(self.conf.confdir .. "/passwd" )
-	if f then
-		m = f:read("*all") .. "\n"
-		f:close()
-	
-		for l in string.gmatch(m, "(%C*)\n") do
-			local userid, password, username, roles =
-				string.match(l, "([^:]*):([^:]*):([^:]*):(.*)")
-			if userid == id and password == passwd then
-				self.session.id = sess.random_hash(512)
-				self.session.name = username
-				self.session.roles = roles
-				break
-			end
-		end
-	end
-	if self.session.id then 
-	        local x = require("session")
-		 x.save_session(self.conf.sessiondir, self.session.id, self.session)
-		x=nil
-		return self.session.id 
-	else
-		return false
-	end
+-- load an authenticator
+-- FIXME: use an "always true" as default?
+
+local auth 
+if authenticator then
+	auth = require ("authenticator-" .. conf.authenticator)
+else
+	auth = require ("authenticator-plaintext")
 end
 
--- invalidate the session, or return false if the session wasn't valid
-pvt.logout = function (self, sessionid)
-
-	sess.invalidate_session ( self.conf.sessiondir, sessionid)
-	self.session = {}
 
+logon = function (self, id, password )
+	-- logged on?
+	--	record event and ignore the attempt
+	-- too many attempts for this ip?
+	--	record event and ignore the attempt
+	-- too many attempts for this user?
+	--	record event and ignore the attempt
+	-- uname/passwd invalid?
+	--	record event and ignore the attempt
+	-- All ok?
+	--	look up their role, issue new session
+	return auth.authenticate (id, password)
 end
 
--------------------------------------------------------------------------
--- Public Methods
--------------------------------------------------------------------------
+logoff = function (self, sessionid)
+	-- sessionid invalid?
+	-- 	record event, ignore the attempt
+	-- else
+	-- 	unlink session
+	--	issue new sessionid
+end
 
-logon = pvt.logon
-logout = pvt.logout
diff --git a/lib/session.lua b/lib/session.lua
index 149f5aa..37dcecb 100644
--- a/lib/session.lua
+++ b/lib/session.lua
@@ -157,4 +157,16 @@ record_event = function( sessionpath, id )
 		 (posix.getpid("pid")) or "" ), "w")
 	io.close(x)
 end
-	
+
+-- Check how many invalid login events
+-- have happened for this id in the last n minutes
+count_events =	function ( sessionpath, id, minutes)
+	-- FIXME
+	return 0
+end
+
+-- Clear events that are older than n minutes
+expire_events = function (sessionpath, minutes)
+	-- FIXME
+	return 0
+end