diff options
author | Ted Trask <ttrask01@yahoo.com> | 2010-09-28 07:15:36 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2010-09-28 07:15:36 +0000 |
commit | b202af98292d6d7b5053e5a934b916153ce89af9 (patch) | |
tree | bd8a6e2a973d01317fbf462e13d98932fbed2822 /lib/authenticator.lua | |
parent | 09344bc273f7147a9f81168096d2f8bb3d0fdedc (diff) | |
download | acf-core-b202af98292d6d7b5053e5a934b916153ce89af9.tar.bz2 acf-core-b202af98292d6d7b5053e5a934b916153ce89af9.tar.xz |
Made major changes to authenticator and roles to improve efficiency.
Changed authenticator.lua to request individual users, rather than always loading everyone.
Modified get_userinfo and removed get_userinfo_roles and get_userinfo_skin to remove unnecessary cfe processing.
This was especially bad when retrieving the cfe options for skins and roles.
This does break the interface used by other modules like acf-tinydns.
Validation and cfe processing were moved into password-model, where they belong.
Added global variables to authenticator and roles libraries so they can reuse data that was already generated.
Modified logon-controller to only check for zero users if logon fails.
Diffstat (limited to 'lib/authenticator.lua')
-rw-r--r-- | lib/authenticator.lua | 281 |
1 files changed, 71 insertions, 210 deletions
diff --git a/lib/authenticator.lua b/lib/authenticator.lua index 45caec7..95eb3d7 100644 --- a/lib/authenticator.lua +++ b/lib/authenticator.lua @@ -21,103 +21,43 @@ usertable = "passwd" roletable = "roles" -- This will hold the auth structure from the database -local authstruct +local authstruct = {} +local complete = false + +local parse_entry = function(id, entry) + local a + if id and id ~= "" and entry and entry ~= "" then + local fields = {} + for x in string.gmatch(entry or "", "([^:]*):?") do + fields[#fields + 1] = x + end + a = {} + a.userid = id + a.password = fields[1] or "" + a.username = fields[2] or "" + a.roles = fields[3] or "" + a.skin = fields[4] or "" + authstruct[id] = a + end + return a +end local load_database = function(self) - if not authstruct then + if not complete then local authtable = auth.read_field(self, usertable, "") or {} authstruct = {} for i,value in ipairs(authtable) do - if value.id ~= "" then - local fields = {} - for x in string.gmatch(value.entry, "([^:]*):?") do - fields[#fields + 1] = x - end - local a = {} - a.userid = value.id - a.password = fields[1] or "" - a.username = fields[2] or "" - a.roles = fields[3] or "" - a.skin = fields[4] or "" - table.insert(authstruct, a) - end - end - end -end - -local get_id = function(userid) - if authstruct ~= nil then - for x = 1,#authstruct do - if authstruct[x].userid == userid then - return authstruct[x] - end - end - end - return nil -end - -local weak_password = function(password) - -- If password is too short, return false - if (#password < 4) then - return true, "Password is too short!" - end - if (tonumber(password)) then - return true, "Password can't contain only numbers!" - end - - return false, nil -end - -local write_settings = function(self, settings, id) - load_database() - id = id or get_id(settings.value.userid.value) or {} - -- Username, password, roles, skin are allowed to not exist, just leave the same - id.userid = settings.value.userid.value - if settings.value.username then id.username = settings.value.username.value end - if settings.value.password then id.password = md5.sumhexa(settings.value.password.value) end - if settings.value.roles then id.roles = table.concat(settings.value.roles.value, ",") end - if settings.value.skin then id.skin = settings.value.skin.value end - - local success = auth.write_entry(self, usertable, "", id.userid, (id.password or "")..":"..(id.username or "")..":"..(id.roles or "")..":"..(id.skin or "")) - - if success and self.sessiondata and self.sessiondata.userinfo and self.sessiondata.userinfo.userid == id.userid then - self.sessiondata.userinfo = {} - for name,value in pairs(id) do - self.sessiondata.userinfo[name] = value + parse_entry(value.id, value.entry) end + complete = true end - - return success end --- validate the settings (ignore password if it's nil) -local validate_settings = function(settings) - -- Username, password, roles, and skin are allowed to not exist, just leave the same - -- Set errtxt when entering invalid values - if (#settings.value.userid.value == 0) then settings.value.userid.errtxt = "You need to enter a valid userid!" end - if string.find(settings.value.userid.value, "[^%w_]") then settings.value.userid.errtxt = "Can only contain letters, numbers, and '_'" end - if settings.value.username and string.find(settings.value.username.value, "%p") then settings.value.username.errtxt = "Cannot contain punctuation" end - if settings.value.password then - if (#settings.value.password.value == 0) then - settings.value.password.errtxt = "Password cannot be blank!" - elseif (not settings.value.password_confirm) or (settings.value.password.value ~= settings.value.password_confirm.value) then - settings.value.password.errtxt = "You entered wrong password/confirmation" - else - local weak_password_result, weak_password_errormessage = weak_password(settings.value.password.value) - if (weak_password_result) then settings.value.password.errtxt = weak_password_errormessage end - end +local get_id = function(self, userid) + if not authstruct[userid] then + parse_entry(userid, auth.read_entry(self, usertable, "", userid)) end - if settings.value.roles then modelfunctions.validatemulti(settings.value.roles) end - if settings.value.skin then modelfunctions.validateselect(settings.value.skin) end - - -- Return false if any errormessages are set - for name,value in pairs(settings.value) do - if value.errtxt then - return false, settings - end - end - - return true, settings + return authstruct[userid] end --- public methods @@ -130,17 +70,12 @@ authenticate = function(self, userid, password) if not userid or not password then errtxt = "Invalid parameter" else - load_database(self) - - if not authstruct then - errtxt = "Could not load authentication database" - else - local id = get_id(userid) - if not id then - errtxt = "Userid not found" - elseif id.password ~= md5.sumhexa(password) then - errtxt = "Invalid password" - end + local id = get_id(self, userid) + + if not id then + errtxt = "Userid not found" + elseif id.password ~= md5.sumhexa(password) then + errtxt = "Invalid password" end end @@ -149,133 +84,59 @@ end -- This function returns the username, roles, ... get_userinfo = function(self, userid) - load_database(self) - local result = {} - result.userid = cfe({ value=userid, label="User id" }) - result.username = cfe({ label="Real name" }) - local id = get_id(userid) - if id then - result.username.value = id.username - elseif userid then - result.userid.errtxt = "User does not exist" - end - result.password = cfe({ label="Password" }) - result.password_confirm = cfe({ label="Password (confirm)" }) - result.roles = get_userinfo_roles(self, userid) - result.skin = get_userinfo_skin(self, userid) - - return cfe({ type="group", value=result, label="User Config" }) -end - -get_userinfo_roles = function(self, userid) - load_database(self) - local id = get_id(userid) - local roles = cfe({ type="multi", value={}, label="Roles", option={} }) + local id = get_id(self, userid) if id then - for x in string.gmatch(id.roles or "", "([^,]+),?") do - roles.value[#roles.value + 1] = x + -- Make a copy so roles don't get changed in the authstruct + local result = {} + for n,v in pairs(id) do + result[n]=v end - elseif userid then - roles.errtxt = "Could not load roles" - end - local rol = require("roles") - if rol then - local avail_roles = rol.list_all_roles(self) - for x,role in ipairs(avail_roles) do - if role==rol.guest_role then - table.remove(avail_roles,x) - break - end + local tmp = {} + for x in string.gmatch(id.roles or "", "([^,]+),?") do + tmp[#tmp + 1] = x end - roles.option = avail_roles - end - return roles -end - -get_userinfo_skin = function(self, userid) - load_database(self) - local id = get_id(userid) - local skin = cfe({ type="select", value="", label="Skin", option={""} }) - if id then - skin.value = id.skin or skin.value - elseif userid then - skin.errtxt = "Could not load skin" - end - -- Call into skins controller to get the list of skins - local contrl = self:new("acf-util/skins") - local skins = contrl:read() - contrl:destroy() - for i,s in ipairs(skins.value) do - skin.option[#skin.option + 1] = s.value + result.roles = tmp + return result end - table.sort(skin.option) - return skin + return nil end -list_users = function (self) - load_database(self) - local output = {} - if authstruct then - for k,v in pairs(authstruct) do - table.insert(output,v.userid) - end +write_userinfo = function(self, userinfo) + if not userinfo or not userinfo.userid or userinfo.userid == "" then + return false end - return output -end + id = get_id(self, userinfo.userid) or {} + -- Username, password, roles, skin are allowed to not exist, just leave the same + id.userid = userinfo.userid + if userinfo.username then id.username = userinfo.username end + if userinfo.password then id.password = md5.sumhexa(userinfo.password) end + if userinfo.roles then id.roles = table.concat(userinfo.roles, ",") end + if userinfo.skin then id.skin = userinfo.skin end --- For an existing user, change the settings that are non-nil -change_settings = function (self, settings) - local success, settings = validate_settings(settings) + local success = auth.write_entry(self, usertable, "", id.userid, (id.password or "")..":"..(id.username or "")..":"..(id.roles or "")..":"..(id.skin or "")) + authstruct[userinfo.userid] = nil + get_id(self, id.userid) - -- Get the current user info - local id - if success then - load_database(self) - id = get_id(settings.value.userid.value) - if not id then - settings.value.userid.errtxt = "This userid does not exist!" - success = false + if success and self.sessiondata and self.sessiondata.userinfo and self.sessiondata.userinfo.userid == id.userid then + self.sessiondata.userinfo = {} + for name,value in pairs(id) do + self.sessiondata.userinfo[name] = value end end - if success then - success = write_settings(self, settings, id) - end - - if not success then - settings.errtxt = "Failed to save settings" - end - - return settings + return success end - -new_settings = function (self, settings) - local success, settings = validate_settings(settings) - - if success then - load_database(self) - local id = get_id(settings.value.userid.value) - if id then - settings.value.userid.errtxt = "This userid already exists!" - success = false - end - end - - if success then - success = write_settings(self, settings) - end - - if not success then - settings.errtxt = "Failed to create new user" + +list_users = function (self) + load_database(self) + local output = {} + for k in pairs(authstruct) do + table.insert(output,k) end - - return settings + return output end delete_user = function (self, userid) - local cmdresult = "Failed to delete user" - if auth.delete_entry(self, usertable, "", userid) then - cmdresult = "User deleted" - end - return cfe({ value=cmdresult, label="Delete user result" }) + authstruct[userid] = nil + return auth.delete_entry(self, usertable, "", userid) end |