diff options
| -rw-r--r-- | app/acf-util/logon-model.lua | 9 | ||||
| -rw-r--r-- | app/acf-util/roles-model.lua | 2 | ||||
| -rw-r--r-- | app/acf_www-controller.lua | 8 | ||||
| -rw-r--r-- | lib/session.lua | 20 |
4 files changed, 26 insertions, 13 deletions
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index ff5515a..a3a1171 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -8,9 +8,6 @@ require ("fs") require ("roles") --varibles for time in case of logons,expired,lockouts -minutes_expired_events=30 -minutes_count_events=30 -limit_count_events=10 -- load an authenticator -- FIXME: use an "always true" as default? @@ -37,9 +34,9 @@ end sessiondata.id = session.random_hash(512) end -local counteven = session.count_events(conf.sessiondir, id_user, session.hash_ip_addr(ENV["REMOTE_ADDR"]), minutes_count_events) +local counteven = session.count_events(conf.sessiondir, id_user, session.hash_ip_addr(ENV["REMOTE_ADDR"])) -if counteven > limit_count_events then +if counteven then userid.errtxt="Information not recognized" return (cfe {type="form", option={script=ENV["SCRIPT_NAME"], @@ -50,7 +47,7 @@ return (cfe {type="form", }) end -session.expired_events(conf.sessiondir, minutes_expired_events) +session.expired_events(conf.sessiondir) if id_user and password_user then local password_user_md5 = fs.md5sum_string(password_user) if auth.authenticate (self, id_user, password_user_md5) then diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index b4641dc..95f28d1 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -9,7 +9,7 @@ read = function(self,sessionid) useid , theroles = session.check_session(conf.sessiondir,sessionid,"roles") --we need to expand roles to give us real perm list perm = roles.get_roles_perm(self,theroles) - return ( cfe { userid={value=useid,name="userid"},roles={ value=theroles,name="roles"}, perm={value=perm,name="perm"} }) + return ( cfe { userid={value=useid,name="userid"},roles={ value=theroles,name="roles"}, perm={value=perm,name="perm"},{value=self.conf,name="self"},{value=sessiondata.userinfo.perm,name="perm2"} }) end getcont = function(self) diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index 6b4bfdf..2db6d0e 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -53,6 +53,12 @@ mvc.on_load = function (self, parent) sessionlib.record_event(self.conf.sessiondir, sessionlib.hash_ip_addr(self.conf.clientip)) else + local now = os.time() + local minutes_ago = now - (sessionlib.minutes_expired_events * 60) + if timestamp < minutes_ago then + sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid) + sessiondata.id = sessionlib.random_hash(512) + sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip),sessionlib.limit_count_events) --[[ FIXME --- need to write this function if too many bad events for this ip invaidate the session @@ -65,6 +71,8 @@ mvc.on_load = function (self, parent) generate flash message "Inactivity logout" end ]]-- + sessionlib.expired_events(self.conf.sessiondir,sessionlib.minutes_expired_events) + end end end end diff --git a/lib/session.lua b/lib/session.lua index 751b693..c6ea7ca 100644 --- a/lib/session.lua +++ b/lib/session.lua @@ -15,6 +15,10 @@ module (..., package.seeall) require "posix" require "format" +minutes_expired_events=30 +minutes_count_events=30 +limit_count_events=10 + local b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-" -- Return a sessionid of at least size bits length @@ -183,17 +187,17 @@ end -- Check how many invalid login events -- have happened for this id in the last n minutes -- this will only effect the lockevent files -count_events = function (sessionpath, id_user, ipaddr, minutes) +count_events = function (sessionpath, id_user, ipaddr) --we need to have the counts added up? deny off any and or all local now = os.time() - local minutes_ago = now - (minutes * 60) + local minutes_ago = now - (minutes_count_events * 60) local t = {} --give me all lockevents then we will sort through them local searchfor = sessionpath .. "/lockevent.*" local t = posix.glob(searchfor) if t == nil or id_user == nil or ipaddr == nil then - return 0 + return false else local temp = {} @@ -208,17 +212,21 @@ count_events = function (sessionpath, id_user, ipaddr, minutes) if c ~= nil then temp2[#temp2 + 1] = v end end - return #temp2 + if #temp2 > limit_count_events then + return true + else + return false + end end end -- Clear events that are older than n minutes -expired_events = function (sessionpath, minutes) +expired_events = function (sessionpath) --current os time in seconds local now = os.time() --take minutes and convert to seconds - local minutes_ago = now - (minutes * 60) + local minutes_ago = now - (minutes_expired_events * 60) local searchfor = sessionpath .. "/lockevent.*" --first do the lockevent files local temp = posix.glob(searchfor) |