1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
local mymodule = {}
authenticator = require("authenticator")
roles = require("roles")
session = require("session")
avail_roles, avail_skins, avail_homes = nil
local weak_password = function(password)
-- If password is too short, return false
if (#password < 4) then
return true, "Password is too short!"
end
if (tonumber(password)) then
return true, "Password can't contain only numbers!"
end
return false, nil
end
local validate_settings = function(settings, create)
-- Set errtxt when encountering invalid values
if (#settings.value.userid.value == 0) then settings.value.userid.errtxt = "You need to enter a valid userid!" end
if string.find(settings.value.userid.value, "[^%w_]") then settings.value.userid.errtxt = "Can only contain letters, numbers, and '_'" end
if string.find(settings.value.username.value, "%p") then settings.value.username.errtxt = "Cannot contain punctuation" end
-- Blank password is allowed for edit, indicates to leave the same
if (#settings.value.password.value == 0) and create then
settings.value.password.errtxt = "Password cannot be blank!"
elseif (settings.value.password.value ~= settings.value.password_confirm.value) then
settings.value.password.errtxt = "You entered wrong password/confirmation"
elseif (#settings.value.password.value ~= 0) then
local weak_password_result, weak_password_errormessage = weak_password(settings.value.password.value)
if (weak_password_result) then settings.value.password.errtxt = weak_password_errormessage end
end
-- roles will not exist for editme action
if settings.value.roles then modelfunctions.validatemulti(settings.value.roles) end
modelfunctions.validateselect(settings.value.skin)
modelfunctions.validateselect(settings.value.home)
-- Return false if any errormessages are set
for name,value in pairs(settings.value) do
if value.errtxt then
return false, settings
end
end
return true, settings
end
local function get_blank_user(self)
local result = cfe({ type="group", value={}, label="User Account" })
if not avail_roles then
avail_roles = roles.list_all_roles(self)
for x,role in ipairs(avail_roles) do
if role==roles.guest_role then
table.remove(avail_roles,x)
break
end
end
end
-- Call into skins controller to get the list of skins
if not avail_skins then
avail_skins = {""}
local contrl = self:new("acf-util/skins")
skins = contrl.model.get_update(contrl)
contrl:destroy()
for i,s in ipairs(skins.value.skin.option) do
avail_skins[#avail_skins + 1] = s.value or s
end
end
-- Call into roles library to get the list of home actions
if not avail_homes then
avail_homes = {""}
local tmp1, tmp2 = roles.get_all_permissions(self)
table.sort(tmp2)
for i,h in ipairs(tmp2) do
if h ~= "/acf-util/logon/logoff" and h ~= "/acf-util/logon/logon" then
avail_homes[#avail_homes+1] = h
end
end
end
result.value.userid = cfe({ value="", label="User id", seq=1 })
result.value.username = cfe({ value="", label="Real name", seq=2 })
result.value.password = cfe({ type="password", value="", label="Password", seq=4 })
result.value.password_confirm = cfe({ type="password", value="", label="Password (confirm)", seq=5 })
result.value.roles = cfe({ type="multi", value={}, label="Roles", option=avail_roles or {}, seq=3 })
result.value.skin = cfe({ type="select", value="", label="Skin", option=avail_skins or {""}, seq=7 })
result.value.home = cfe({ type="select", value="", label="Home", option=avail_homes or {""}, seq=6 })
result.value.locked = cfe({ type="boolean", value=false, label="Locked", readonly=true, seq=8 })
return result
end
local function get_user(self, userid)
local result = get_blank_user(self)
result.value.userid.key = true
result.value.userid.value = userid or ""
if result.value.userid.value ~= "" then
result.value.userid.readonly = true
local userinfo = authenticator.get_userinfo(self, result.value.userid.value)
if not userinfo then
result.value.userid.errtxt = "User does not exist"
userinfo = {}
else
for n,v in pairs(userinfo) do
if result.value[n] and n ~= "password" then result.value[n].value = v end
end
end
result.value.locked.value = session.count_events(self.conf.sessiondir, result.value.userid.value)
end
return result
end
function mymodule.create_user(self, settings, submit)
return mymodule.update_user(self, settings, submit, true)
end
function mymodule.update_user(self, settings, submit, create)
local success, settings = validate_settings(settings, create)
if success then
local userinfo = authenticator.get_userinfo(self, settings.value.userid.value)
if userinfo and create then
settings.value.userid.errtxt = "This userid already exists!"
success = false
elseif not userinfo and not create then
settings.value.userid.errtxt = "This userid does not exist!"
success = false
end
end
if success then
local userinfo = {}
for name,val in pairs(settings.value) do
-- If password is blank, don't set it
if name == "password" and val.value == "" then
else
userinfo[name] = val.value
end
end
success = authenticator.write_userinfo(self, userinfo)
end
if not success then
if create then
settings.errtxt = "Failed to create new user"
else
settings.errtxt = "Failed to save settings"
end
end
return settings
end
function mymodule.read_user(self, clientdata)
-- create a temp result so handle_clientdata only handles userid
local tmpresult = cfe({type="group", value={userid=cfe()} })
self.handle_clientdata(tmpresult, clientdata)
return get_user(self, tmpresult.value.userid.value)
end
function mymodule.get_new_user(self, clientdata)
local result = get_blank_user(self)
-- Special handling for case where no users exist yet
local userlist = authenticator.list_users(self)
if #userlist == 0 then
-- There are no users yet, suggest some values
result.value.userid.value = "root"
result.value.username.value = "Admin account"
result.value.roles.value = {"ADMIN"}
end
return result
end
function mymodule.read_user_without_roles(self, clientdata)
local result = mymodule.read_user(self, clientdata)
-- We don't allow a user to modify his own roles
-- Since they can't modify roles, we should restrict the available options for home
result.value.home.option = {""}
local tmp1, tmp2 = roles.get_roles_perm(self, result.value.roles.value)
table.sort(tmp2)
for i,h in ipairs(tmp2) do
if h ~= "/acf-util/logon/logoff" and h ~= "/acf-util/logon/logon" then
result.value.home.option[#result.value.home.option+1] = h
end
end
result.value.roles = nil
return result
end
function mymodule.get_users(self)
--List all users and their userinfo
local users = {}
local userlist = authenticator.list_users(self)
table.sort(userlist)
for x,user in pairs(userlist) do
users[#users+1] = get_user(self, user)
end
return cfe({ type="group", value=users, label="User Accounts" })
end
function mymodule.get_delete_user(self, clientdata)
local userid = cfe({ label="User id", value=clientdata.userid or "" })
return cfe({ type="group", value={userid=userid}, label="Delete User" })
end
function mymodule.delete_user(self, deleteuser)
deleteuser.errtxt = "Failed to delete user"
if authenticator.delete_user(self, deleteuser.value.userid.value) then
deleteuser.errtxt = nil
end
return deleteuser
end
function mymodule.list_lock_events(self, clientdata)
return cfe({type="structure", value=session.list_events(self.conf.sessiondir), label="Lock events"})
end
function mymodule.get_unlock_user(self, clientdata)
local retval = cfe({type="group", value={}, label="Unlock user"})
retval.value.userid = cfe({ label="User id" })
return retval
end
function mymodule.unlock_user(self, unlock)
session.delete_events(self.conf.sessiondir, unlock.value.userid.value)
return unlock
end
function mymodule.get_unlock_ip(self, clientdata)
local retval = cfe({type="group", value={}, label="Unlock IP address"})
retval.value.ip = cfe({ label="IP address" })
return retval
end
function mymodule.unlock_ip(self, unlock)
session.delete_events(self.conf.sessiondir, nil, unlock.value.ip.value)
return unlock
end
return mymodule
|