diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/authenticator-plaintext.lua | 148 | ||||
| -rw-r--r-- | lib/html.lua | 22 | ||||
| -rw-r--r-- | lib/viewfunctions.lua | 109 |
3 files changed, 216 insertions, 63 deletions
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index 4c9bf08..b8cf598 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -47,12 +47,14 @@ pvt.parse_authfile = function(filename) end pvt.get_id = function(userid, authstruct) - if authstruct == nil then return nil end - for x = 1,#authstruct do - if authstruct[x].userid == userid then - return authstruct[x] + if authstruct ~= nil then + for x = 1,#authstruct do + if authstruct[x].userid == userid then + return authstruct[x] + end end end + return nil end --- public methods @@ -111,6 +113,42 @@ pvt.availablefields = function (field) } return availablefileds[field] end + +-- validate the settings (ignore password if it's nil) +local validate_settings = function (self, userid, username, password, password_confirm, roles) + local errormessage = {} + + -- Set errormessages when entering invalid values + if (#userid == 0) then errormessage.userid = "You need to enter a valid userid!" end + if password then + if (#password == 0) then + errormessage.password = "Password cannot be blank!" + elseif (password ~= password_confirm) then + errormessage.password_confirm = "You entered wrong password/confirmation" + else + local weak_password_result, weak_password_errormessage = pvt.weak_password(password) + if (weak_password_result) then errormessage.password = weak_password_errormessage end + end + end + local reverseroles = {} + for x,role in pairs(list_roles(self)) do + reverseroles[role] = x + end + for x,role in pairs(roles) do + if reverseroles[role] == nil then + errormessage.roles = "Invalid role" + break + end + end + + -- Return false if any errormessages are set + for k,v in pairs(errormessage) do + return false, errormessage + end + + return true, errormessage +end + -- This function returns the username and roles -- or false on an error get_userinfo = function ( self, userid ) @@ -150,7 +188,7 @@ list_roles = function (self) return output end -change_settings = function (self, userid,parameter,value) +change_settings = function (self, userid, parameter, value) local errormessage = {} local passwd_path = self.conf.confdir .. "/passwd" @@ -212,60 +250,102 @@ change_settings = function (self, userid,parameter,value) return true end -new_settings = function ( self, userid, username, password, password_confirm, roles) +-- For an existing user, change the settings that are non-nil +change_settings = function (self, userid, username, password, password_confirm, roles) + local result = true local errormessage = {} - -- We start by checking if user is allowed to do changes - if not (pvt.permission_to_change) then - errormessage.permissions = "No permission to change!" + + -- Get the current user info + local userinfo = get_userinfo(self, userid) + if userinfo == nil then + errormessage.userid = "This userid does not exist!" + result = false end - -- Set path to passwordfile - local passwd_path = self.conf.confdir .. "/passwd" + local change = username or password or password_confirm or roles + if change then + -- Validate the inputs + if (result == true) then + -- Use the current settings if new ones are nil, except for password + result, errormessage = validate_settings(self, userid, username or userinfo.username, password, password_confirm, roles or userinfo.roles) + end + + -- Update all the fields + if (result == true) then + userinfo.username = username or userinfo.username + if password then + userinfo.password = fs.md5sum_string(password) + end + userinfo.roles = roles or userinfo.roles + + -- write the updated user + delete_user(self, userid) + + -- Set path to passwordfile + local passwd_path = self.conf.confdir .. "/passwd" + -- Write the newline into the file + fs.write_line_file(passwd_path, userid .. ":" .. userinfo.password .. ":" .. userinfo.username .. ":" .. table.concat(userinfo.roles,",") ) + end + end + + return result, errormessage +end + +new_settings = function (self, userid, username, password, password_confirm, roles) + local result = true + local errormessage = {} + -- make sure to check all fields + userid = userid or "" + username = username or "" + password = password or "" + password_confirm = password_confirm or "" + roles = roles or {} - -- Set errormessages when entering invalid values - if (#userid == 0) then errormessage.userid = "You need to enter a valid userid!" end - if (password ~= password_confirm) then errormessage.password_confirm = "You entered wrong password/confirmation" end - if not (password) or (#password == 0) then errormessage.password = "Password cant be blank!" end --- if not (roles) or (#roles == 0) then errormessage.roles = "You need to enter some roles!" end - local weak_password_result, weak_password_errormessage = pvt.weak_password(password) - if (weak_password_result) then errormessage.password = weak_password_errormessage end -- Check if userid already used for k,v in pairs(list_users(self)) do if (v == userid) then errormessage.userid = "This userid already exists!" + result = false end end - -- Return false if some errormessages is set - for k,v in pairs(errormessage) do - return false, errormessage + -- validate the settings + if (result == true) then + result, errormessage = validate_settings(self, userid, username, password, password_confirm, roles) end - -- Write the newline into the file - fs.write_line_file(passwd_path, userid .. ":" .. fs.md5sum_string(password) .. ":" .. username .. ":" .. table.concat(roles,",") ) + -- write the new user + if (result == true) then + -- Set path to passwordfile + local passwd_path = self.conf.confdir .. "/passwd" - return true, errormessage + -- Write the newline into the file + fs.write_line_file(passwd_path, userid .. ":" .. fs.md5sum_string(password) .. ":" .. username .. ":" .. table.concat(roles,",") ) + end + + return result, errormessage end -delete_user = function( self, userid) - local errormessage = {} - local passwd_path = self.conf.confdir .. "/passwd" - - -- We start by checking if user is allowed to do changes - if not (pvt.permission_to_change) then - errormessage.permissions = "No permission to change!" - end +delete_user = function (self, userid) + local result = false + local errormessage = {userid="User not found"} + local passwd_path = self.conf.confdir .. "/passwd" local passwdfilecontent = fs.read_file_as_array(passwd_path) local output = {} for k,v in pairs(passwdfilecontent) do if not ( string.match(v, "^".. userid .. ":") ) then table.insert(output, v) + else + result = true + errormessage = {} end end --Save the updated table - fs.write_file(passwd_path, table.concat(output,"\n")) + if result == true then + fs.write_file(passwd_path, table.concat(output,"\n")) + end - return true, errormessage + return result, errormessage end diff --git a/lib/html.lua b/lib/html.lua index 136ce2b..0a23184 100644 --- a/lib/html.lua +++ b/lib/html.lua @@ -92,7 +92,7 @@ local generic_input = function ( field_type, v ) for i,k in ipairs ( { "name", "size", "checked", "maxlength", "value", "length", "class", "id", "src", - "align", "alt", + "align", "alt", "contenteditable", "tabindex", "accesskey", "onfocus", "onblur" } ) do str = str .. nv_pair ( k, v[k] ) @@ -129,7 +129,7 @@ form.longtext = function ( v ) end -function form.passwd ( v ) +function form.password ( v ) return generic_input ( "password", v ) end @@ -156,7 +156,7 @@ function form.image ( v ) end --- v.value is the selected item +-- v.value is the selected item (or an array if multiple) -- v.option is an array of valid options -- NOTE use of value and values (plural) function form.select ( v ) @@ -177,6 +177,12 @@ function form.select ( v ) end str = str .. ">" -- now the options + local reverseval = {} + if type(v.value) == "table" then + for x,val in ipairs(v.value) do + reverseval[val]=x + end + end for i, k in ipairs ( v.option ) do local val = k local txt = nil @@ -184,9 +190,13 @@ function form.select ( v ) txt=val[1] val=val[0] end - str = str .. "<option " - if ( v.value == val ) then - str = str .. " selected " + str = str .. "<option " + if type(v.value) == "table" then + if reverseval[val] then + str = str .. " selected" + end + elseif ( v.value == val ) then + str = str .. " selected" end str = str .. nv_pair("value", val) .. ">" .. k .. "</option>" end diff --git a/lib/viewfunctions.lua b/lib/viewfunctions.lua index d69f2cc..c7aa53f 100644 --- a/lib/viewfunctions.lua +++ b/lib/viewfunctions.lua @@ -4,14 +4,14 @@ function displayinfo(myform,tags,viewtype) if (myform[v]) and (myform[v]["value"]) then local val = myform[v] io.write("\n\t<DT") - if (#val.errtxt > 0) then + if (val.errtxt) then val.class = "error" io.write(" class='error'") end io.write(">" .. val.label .. "</DT>") io.write("\n\t\t<DD>") if (viewtype == "viewonly") then - if (val.value == "") and (val.errtxt == "") and ((val.descr) and (val.descr == "")) then val.value = " " end + if (val.value == "") and (val.errtxt == nil) and ((val.descr) and (val.descr == "")) then val.value = " " end io.write(val.value) elseif (val.type == "radio") and (type(val.option) == "table") and (#val.option > 0) then io.write("<span style='display:inline' class='" .. ( val.class or "") .. "'>") @@ -26,7 +26,7 @@ function displayinfo(myform,tags,viewtype) io.write(html.form[val.type](val)) end if (val.descr) and (#val.descr > 0) then io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(val.descr, "\n", "<BR>") .. "</P>") end - if (#val.errtxt > 0) then io.write("\n\t\t<P CLASS='error'>" .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>") end + if (val.errtxt) then io.write("\n\t\t<P CLASS='error'>" .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>") end io.write("\n\t\t</DD>\n") end end @@ -46,31 +46,94 @@ function displaymanagement (myform,tags) end if (myform) and (myform[tags[1]]) then - io.write('<dt>' .. (myform[tags[1]]["label"] or myform[tags[1]]["name"]) .. '</dt>') - io.write('<dd>') - --Show buttons - for k,v in pairs(tags) do - if (myform[v]) then - io.write(html.form[myform[v].type](myform[v])) + io.write('<dt>' .. (myform[tags[1]]["label"] or myform[tags[1]]["name"]) .. '</dt>') + io.write('<dd>') + --Show buttons + for k,v in pairs(tags) do + if (myform[v]) then + io.write(html.form[myform[v].type](myform[v])) + end + end + if (descriptions) and (#descriptions > 0) then + io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(descriptions, "\n", "<BR>") .. "</P>") + end + if (errors) and (#errors > 0) then + io.write("\n\t\t<P CLASS='error'>" .. string.gsub(errors, "\n", "<BR>") .. "</P>") end + io.write('</dd>') + + -- Display the result of previous action + if (myform) and (myform['actionresult']) then + if (myform['actionresult']['errtxt']) and (#myform['actionresult']['errtxt'] > 0) then + io.write('<dt class="error">' .. myform['actionresult']['label'] .. '</dt>') + io.write('<dd><pre class="error">' .. (myform['actionresult']['errtxt'] or "") .. '</pre></dd>') + elseif (myform['actionresult']['descr']) and (#myform['actionresult']['descr'] > 0) then + io.write('<dt>' .. myform['actionresult']['label'] .. '</dt>') + io.write('<dd><pre>' .. (myform['actionresult']['descr'] or "") .. '</pre></dd>') + end + end + end +end + +function displayitem(myitem, viewtype) + io.write("<DT") + if myitem.errtxt then + myitem.class = "error" + io.write(" class='error'") end - if (descriptions) and (#descriptions > 0) then - io.write("\n\t\t<P CLASS='descr'>" .. string.gsub(descriptions, "\n", "<BR>") .. "</P>") + io.write(">" .. myitem.label .. "</DT>\n") + io.write("<DD>") + if (viewtype == "viewonly") then + myitem.disabled = "true" end - if (errors) and (#errors > 0) then - io.write("\n\t\t<P CLASS='error'>" .. string.gsub(errors, "\n", "<BR>") .. "</P>") + if myitem.type == "multi" then + -- FIXME multiple select doesn't work in haserl, so use series of checkboxes + --myitem.type = "select" + --myitem.multiple = "true" + local tempname = myitem.name + local tempval = myitem.value + local reverseval = {} + for x,val in ipairs(tempval) do + reverseval[val] = x + end + for x,val in ipairs(myitem.option) do + myitem.value = val + myitem.checked = reverseval[val] + myitem.name = tempname .. "." .. val + io.write(html.form.checkbox(myitem) .. val .. "<br>\n") + end + myitem.name = tempname + myitem.value = tempval + else + io.write(html.form[myitem.type](myitem) .. "\n") end - io.write('</dd>') + if myitem.descr then io.write("<P CLASS='descr'>" .. string.gsub(myitem.descr, "\n", "<BR>") .. "</P>\n") end + if myitem.errtxt then io.write("<P CLASS='error'>" .. string.gsub(myitem.errtxt, "\n", "<BR>") .. "</P>\n") end + io.write("</DD>\n") +end - -- Display the result of previous action - if (myform) and (myform['actionresult']) then - if (myform['actionresult']['errtxt']) and (#myform['actionresult']['errtxt'] > 0) then - io.write('<dt class="error">' .. myform['actionresult']['label'] .. '</dt>') - io.write('<dd><pre class="error">' .. (myform['actionresult']['errtxt'] or "") .. '</pre></dd>') - elseif (myform['actionresult']['descr']) and (#myform['actionresult']['descr'] > 0) then - io.write('<dt>' .. myform['actionresult']['label'] .. '</dt>') - io.write('<dd><pre>' .. (myform['actionresult']['descr'] or "") .. '</pre></dd>') +function displayform(myform, order) + if myform.descr then io.write("<P CLASS='descr'>" .. string.gsub(myform.descr, "\n", "<BR>") .. "</P>\n") end + if myform.errtxt then io.write("<P CLASS='error'>" .. string.gsub(myform.errtxt, "\n", "<BR>") .. "</P>\n") end + io.write('<form action="' .. myform.action .. '" method="POST">\n') + io.write('<DL>\n') + local reverseorder= {} + if order then + for x,name in ipairs(order) do + reverseorder[name] = x + if myform.value[name] then + myform.value[name].name = name + displayitem(myform.value[name]) + end end end -end + for name,item in pairs(myform.value) do + if nil == reverseorder[name] then + item.name = name + displayitem(item) + end + end + io.write('<DT><input class="submit" type="submit" value="' .. myform.submit .. '"></DT>\n') + io.write('</DL>\n') + io.write('</FORM>') end |