diff options
Diffstat (limited to 'app/acf-util/logon-model.lua')
| -rw-r--r-- | app/acf-util/logon-model.lua | 76 |
1 files changed, 27 insertions, 49 deletions
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index dbd8522..48b3cf2 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -4,58 +4,36 @@ module (..., package.seeall) local sess = require ("session") -local pvt = {} - - --- return a sessionid if username / password is valid, false --- /etc/acf/passwd should be lines of userid:passwd:user name:role1[,role2[,role3]] -pvt.logon = function (self, id, passwd ) - -- if we already have sessionid... then you are already logged in - if self.session.id then - return false - end - - id = id or "" - passwd = passwd or "" - - -- open our hokey password file, - local f = io.open(self.conf.confdir .. "/passwd" ) - if f then - m = f:read("*all") .. "\n" - f:close() - - for l in string.gmatch(m, "(%C*)\n") do - local userid, password, username, roles = - string.match(l, "([^:]*):([^:]*):([^:]*):(.*)") - if userid == id and password == passwd then - self.session.id = sess.random_hash(512) - self.session.name = username - self.session.roles = roles - break - end - end - end - if self.session.id then - local x = require("session") - x.save_session(self.conf.sessiondir, self.session.id, self.session) - x=nil - return self.session.id - else - return false - end +-- load an authenticator +-- FIXME: use an "always true" as default? + +local auth +if authenticator then + auth = require ("authenticator-" .. conf.authenticator) +else + auth = require ("authenticator-plaintext") end --- invalidate the session, or return false if the session wasn't valid -pvt.logout = function (self, sessionid) - - sess.invalidate_session ( self.conf.sessiondir, sessionid) - self.session = {} +logon = function (self, id, password ) + -- logged on? + -- record event and ignore the attempt + -- too many attempts for this ip? + -- record event and ignore the attempt + -- too many attempts for this user? + -- record event and ignore the attempt + -- uname/passwd invalid? + -- record event and ignore the attempt + -- All ok? + -- look up their role, issue new session + return auth.authenticate (id, password) end -------------------------------------------------------------------------- --- Public Methods -------------------------------------------------------------------------- +logoff = function (self, sessionid) + -- sessionid invalid? + -- record event, ignore the attempt + -- else + -- unlink session + -- issue new sessionid +end -logon = pvt.logon -logout = pvt.logout |