From 43ac64370f5e8d53ecf874048c27d493c5bc01b4 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Sun, 24 Jan 2016 22:24:30 +0000 Subject: Add password.listlockevents/unlockuser/unlockip actions to acf-util password.status now reports locked status for each user Modified session lib to add list_events/delete_events Changed session.record_event/count_events to take IP rather than hash --- app/acf-util/acf-util.roles | 2 +- app/acf-util/logon-model.lua | 6 ++-- app/acf-util/password-controller.lua | 12 +++++++ app/acf-util/password-listlockevents-html.lsp | 48 +++++++++++++++++++++++++++ app/acf-util/password-model.lua | 32 ++++++++++++++++-- app/acf-util/password-status-html.lsp | 6 +++- app/acf-util/password.menu | 2 +- 7 files changed, 100 insertions(+), 8 deletions(-) create mode 100644 app/acf-util/password-listlockevents-html.lsp (limited to 'app/acf-util') diff --git a/app/acf-util/acf-util.roles b/app/acf-util/acf-util.roles index 926b74d..4e96271 100644 --- a/app/acf-util/acf-util.roles +++ b/app/acf-util/acf-util.roles @@ -2,4 +2,4 @@ GUEST=logon/logon,logon/logoff,logon/status,welcome/read DEFAULT= USER=password/editme,roles/read EXPERT= -ADMIN=logon/logon,logon/logoff,logon/status,password/editme,password/status,password/edituser,password/newuser,password/deleteuser,roles/read,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,welcome/read,password/status,password/edituser,password/newuser,password/deleteuser,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,skins/update +ADMIN=logon/logon,logon/logoff,logon/status,password/editme,password/status,password/edituser,password/newuser,password/deleteuser,password/listlockevents,password/unlockuser,password/unlockip,roles/read,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,welcome/read,password/status,password/edituser,password/newuser,password/deleteuser,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,skins/update diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index 0cfba7f..3394445 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -45,9 +45,9 @@ end mymodule.logon = function (self, logon) logon.errtxt = "Logon Attempt Failed" -- Check to see if we can log on this user id / ip addr - local countevent = session.count_events(self.conf.sessiondir, logon.value.userid.value, session.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) + local countevent = session.count_events(self.conf.sessiondir, logon.value.userid.value, self.conf.clientip, self.conf.lockouttime, self.conf.lockouteventlimit) if countevent then - session.record_event(self.conf.sessiondir, logon.value.userid.value, session.hash_ip_addr(self.conf.clientip)) + session.record_event(self.conf.sessiondir, logon.value.userid.value, self.conf.clientip) end if false == countevent then @@ -71,7 +71,7 @@ mymodule.logon = function (self, logon) logon.errtxt = nil else -- We have a bad logon, log the event - session.record_event(self.conf.sessiondir, logon.value.userid.value, session.hash_ip_addr(self.conf.clientip)) + session.record_event(self.conf.sessiondir, logon.value.userid.value, self.conf.clientip) end end return logon diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua index 264aadc..b457350 100644 --- a/app/acf-util/password-controller.lua +++ b/app/acf-util/password-controller.lua @@ -25,4 +25,16 @@ function mymodule.deleteuser(self) return self.handle_form(self, self.model.get_delete_user, self.model.delete_user, self.clientdata, "Delete", "Delete User", "Deleted user") end +function mymodule.listlockevents(self) + return self.model.list_lock_events(self, self.clientdata) +end + +function mymodule.unlockuser(self) + return self.handle_form(self, self.model.get_unlock_user, self.model.unlock_user, self.clientdata, "Unlock", "Unlock User", "Unlocked user") +end + +function mymodule.unlockip(self) + return self.handle_form(self, self.model.get_unlock_ip, self.model.unlock_ip, self.clientdata, "Unlock", "Unlock IP Address", "Unlocked IP address") +end + return mymodule diff --git a/app/acf-util/password-listlockevents-html.lsp b/app/acf-util/password-listlockevents-html.lsp new file mode 100644 index 0000000..81ea7f6 --- /dev/null +++ b/app/acf-util/password-listlockevents-html.lsp @@ -0,0 +1,48 @@ +<% local view, viewlibrary, page_info, session = ... +htmlviewfunctions = require("htmlviewfunctions") +html = require("acf.html") +%> + + + + + + + + +<% htmlviewfunctions.displaycommandresults({"unlockuser", "unlockip"}, session, true) %> + +<% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> + + + + + + + +<% for i,lock in ipairs( view.value ) do %> + + + + + +<% end %> +
User IDIP AddressTime
<%= html.html_escape(lock.userid) %><%= html.html_escape(lock.ip) %><%= format.formattime(lock.time) %>
+<% htmlviewfunctions.displaysectionend(header_level) %> + +<% if viewlibrary and viewlibrary.dispatch_component then + viewlibrary.dispatch_component("unlockuser") + viewlibrary.dispatch_component("unlockip") +end %> diff --git a/app/acf-util/password-model.lua b/app/acf-util/password-model.lua index 54faf4b..72ae416 100644 --- a/app/acf-util/password-model.lua +++ b/app/acf-util/password-model.lua @@ -2,6 +2,7 @@ local mymodule = {} authenticator = require("authenticator") roles = require("roles") +session = require("session") avail_roles, avail_skins, avail_homes = nil @@ -89,6 +90,7 @@ local function get_blank_user(self) result.value.roles = cfe({ type="multi", value={}, label="Roles", option=avail_roles or {}, seq=3 }) result.value.skin = cfe({ type="select", value="", label="Skin", option=avail_skins or {""}, seq=7 }) result.value.home = cfe({ type="select", value="", label="Home", option=avail_homes or {""}, seq=6 }) + result.value.locked = cfe({ type="boolean", value=false, label="Locked", readonly=true, seq=8 }) return result end @@ -96,7 +98,7 @@ end local function get_user(self, userid) local result = get_blank_user(self) result.value.userid.key = true - result.value.userid.value = userid + result.value.userid.value = userid or "" if result.value.userid.value ~= "" then result.value.userid.readonly = true @@ -109,6 +111,7 @@ local function get_user(self, userid) if result.value[n] and n ~= "password" then result.value[n].value = v end end end + result.value.locked.value = session.count_events(self.conf.sessiondir, result.value.userid.value) end return result @@ -204,7 +207,6 @@ function mymodule.get_users(self) for x,user in pairs(userlist) do users[#users+1] = get_user(self, user) end - return cfe({ type="group", value=users, label="User Accounts" }) end @@ -221,4 +223,30 @@ function mymodule.delete_user(self, deleteuser) return deleteuser end +function mymodule.list_lock_events(self, clientdata) + return cfe({type="structure", value=session.list_events(self.conf.sessiondir), label="Lock events"}) +end + +function mymodule.get_unlock_user(self, clientdata) + local retval = cfe({type="group", value={}, label="Unlock user"}) + retval.value.userid = cfe({ label="User id" }) + return retval +end + +function mymodule.unlock_user(self, unlock) + session.delete_events(self.conf.sessiondir, unlock.value.userid.value) + return unlock +end + +function mymodule.get_unlock_ip(self, clientdata) + local retval = cfe({type="group", value={}, label="Unlock IP address"}) + retval.value.ip = cfe({ label="IP address" }) + return retval +end + +function mymodule.unlock_ip(self, unlock) + session.delete_events(self.conf.sessiondir, nil, unlock.value.ip.value) + return unlock +end + return mymodule diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp index 551f798..8845b13 100644 --- a/app/acf-util/password-status-html.lsp +++ b/app/acf-util/password-status-html.lsp @@ -2,7 +2,7 @@ <% htmlviewfunctions = require("htmlviewfunctions") %> <% html = require("acf.html") %> -<% htmlviewfunctions.displaycommandresults({"newuser", "edituser", "deleteuser"}, session) %> +<% htmlviewfunctions.displaycommandresults({"newuser", "edituser", "deleteuser", "unlockuser"}, session) %> <% local header_level = htmlviewfunctions.displaysectionstart(form, page_info) @@ -26,6 +26,9 @@ for i,user in ipairs(form.value) do <%= html.html_escape(user.value.roles.label) %> <%= html.html_escape(table.concat(user.value.roles.value, ", ")) %> + + <%= html.html_escape(user.value.locked.label) %> + <%= html.html_escape(tostring(user.value.locked.value)) %> Option @@ -33,6 +36,7 @@ for i,user in ipairs(form.value) do <% htmlviewfunctions.displayitem(cfe({type="link", value={userid=userid, redir=redir}, label="", option="Edit", action="edituser"}), page_info, -1) %> <% htmlviewfunctions.displayitem(cfe({type="form", value={userid=userid}, label="", option="Delete", action="deleteuser" }), page_info, -1) %> <% htmlviewfunctions.displayitem(cfe({type="link", value={userid=userid}, label="", option="View Roles", action=page_info.script.."/acf-util/roles/viewuserroles"}), page_info, -1) %> + <% if (user.value.locked.value) then htmlviewfunctions.displayitem(cfe({type="form", value={userid=userid}, label="", option="Unlock", action="unlockuser"}), page_info, -1) end %> diff --git a/app/acf-util/password.menu b/app/acf-util/password.menu index 1a079e1..be2091a 100644 --- a/app/acf-util/password.menu +++ b/app/acf-util/password.menu @@ -1,4 +1,4 @@ #CAT GROUP/DESC TAB ACTION System 10User_management Administration status +System 10User_management Lock_Events listlockevents System 10User_management Edit_me editme - -- cgit v1.2.3