diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-10-08 18:50:56 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-10-08 18:50:56 +0300 |
| commit | 33728ad3382d74281412d4556561d479bb88832b (patch) | |
| tree | e8a9b2798dec96d820715f729989e91f9e7d5e12 /acf/model/aaa.lua | |
| parent | 3e48dd63e8bdf0c2641cfb73e6b20bea8c466ff8 (diff) | |
| download | aconf-33728ad3382d74281412d4556561d479bb88832b.tar.bz2 aconf-33728ad3382d74281412d4556561d479bb88832b.tar.xz | |
changed module paths from acf to acf2v0.1.0
Diffstat (limited to 'acf/model/aaa.lua')
| -rw-r--r-- | acf/model/aaa.lua | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/acf/model/aaa.lua b/acf/model/aaa.lua deleted file mode 100644 index 17ad98c..0000000 --- a/acf/model/aaa.lua +++ /dev/null @@ -1,87 +0,0 @@ ---[[ -Copyright (c) 2012-2013 Kaarle Ritvanen -See LICENSE file for license details ---]] - -local M = require('acf.model') -local object = require('acf.object') - -local digest = require('crypto').digest - - -Role = M.new() -Role.permissions = M.Set{type=M.Reference{scope='../../../permissions'}} - - -local function hash_password(algorithm, salt, password) - return algorithm..'$'..salt..'$'..digest(algorithm, salt..password) -end - -local hash_pattern = '^(%w+)%$(%w+)%$%x+$' - - -local Password = object.class(M.String) - -function Password:_validate(context, value) - value = object.super(self, M.String):_validate(context, value) - if not value or value:find(hash_pattern) then return value end - - local salt = '' - for i = 1,12 do - local c = math.random(48, 109) - if c > 57 then c = c + 7 end - if c > 90 then c = c + 6 end - salt = salt..string.char(c) - end - return hash_password('sha256', salt, value) -end - - -User = M.new() -User.password = Password -User['real-name'] = M.String -User.superuser = M.Boolean{default=false} -User.roles = M.Set{type=M.Reference{scope='../../../roles'}} - -function User:check_password(password) - if not self.password then return false end - local _, _, algorithm, salt = self.password:find(hash_pattern) - if not salt then return false end - return hash_password(algorithm, salt, password) == self.password -end - -function User:check_permission(permission) - -- TODO audit trail - print('check permission', permission) - - if self.superuser then return true end - - assert(getmetatable(self).txn:fetch('/auth/permissions')[permission]) - - for _, role in M.node.pairs(self.roles, true) do - for _, p in M.node.pairs(role.permissions, true) do - if p == permission then return true end - end - end - return false -end - - -Authentication = M.new() -Authentication.users = M.Collection{type=User} -Authentication.roles = M.Collection{type=Role} -Authentication.permissions = M.Set{ - type=M.String, - addr='/volatile/aaa/permissions' -} - -M.register( - 'auth', - Authentication, - { - addr='/json'..require('posix').getcwd()..'/config/aaa.json', - ui_name='Authentication' - } -) - -M.permission.defaults('/auth') |