1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
-- ACF Authenticator - does validation and loads sub-authenticator to read/write database
-- We store the login info in the passwd table, "" field. It looks like
-- password:username:ROLE1[,ROLE2...]
module (..., package.seeall)
require("modelfunctions")
require("format")
require("md5")
-- This is the sub-authenticator
-- In the future, this will be set based upon configuration
-- This is a public variable to allow other controllers (ie tinydns) to do their own permissions
if APP and APP.conf and APP.conf.authenticator and APP.conf.authenticator ~= "" then
auth = require(string.gsub(APP.conf.authenticator, "%.lua$", ""))
else
auth = require("authenticator-plaintext")
end
-- Publicly define the pre-defined tables
usertable = "passwd"
roletable = "roles"
-- This will hold the auth structure from the database
local authstruct = {}
local complete = false
local parse_entry = function(id, entry)
local a
if id and id ~= "" and entry and entry ~= "" then
local fields = {}
for x in string.gmatch(entry or "", "([^:]*):?") do
fields[#fields + 1] = x
end
a = {}
a.userid = id
a.password = fields[1] or ""
a.username = fields[2] or ""
a.roles = fields[3] or ""
a.skin = fields[4] or ""
a.home = fields[5] or ""
authstruct[id] = a
end
return a
end
local load_database = function(self)
if not complete then
local authtable = auth.read_field(self, usertable, "") or {}
authstruct = {}
for i,value in ipairs(authtable) do
parse_entry(value.id, value.entry)
end
complete = true
end
end
local get_id = function(self, userid)
if not authstruct[userid] then
parse_entry(userid, auth.read_entry(self, usertable, "", userid))
end
return authstruct[userid]
end
--- public methods
-- This function returns true or false, and
-- if false: the reason for failure
authenticate = function(self, userid, password)
local errtxt
if not userid or not password then
errtxt = "Invalid parameter"
else
local id = get_id(self, userid)
if not id then
errtxt = "Userid not found"
elseif id.password ~= md5.sumhexa(password) then
errtxt = "Invalid password"
end
end
return (errtxt == nil), errtxt
end
-- This function returns the username, roles, ...
get_userinfo = function(self, userid)
local id = get_id(self, userid)
if id then
-- Make a copy so roles don't get changed in the authstruct
local result = {}
for n,v in pairs(id) do
result[n]=v
end
local tmp = {}
for x in string.gmatch(id.roles or "", "([^,]+),?") do
tmp[#tmp + 1] = x
end
result.roles = tmp
return result
end
return nil
end
write_userinfo = function(self, userinfo)
if not userinfo or not userinfo.userid or userinfo.userid == "" then
return false
end
id = get_id(self, userinfo.userid) or {}
-- Username, password, roles, skin, home are allowed to not exist, just leave the same
id.userid = userinfo.userid
if userinfo.username then id.username = userinfo.username end
if userinfo.password then id.password = md5.sumhexa(userinfo.password) end
if userinfo.roles then id.roles = table.concat(userinfo.roles, ",") end
if userinfo.skin then id.skin = userinfo.skin end
if userinfo.home then id.home = userinfo.home end
local success = auth.write_entry(self, usertable, "", id.userid, (id.password or "")..":"..(id.username or "")..":"..(id.roles or "")..":"..(id.skin or "")..":"..(id.home or ""))
authstruct[userinfo.userid] = nil
get_id(self, id.userid)
if success and self.sessiondata and self.sessiondata.userinfo and self.sessiondata.userinfo.userid == id.userid then
self.sessiondata.userinfo = {}
for name,value in pairs(id) do
self.sessiondata.userinfo[name] = value
end
end
return success
end
list_users = function (self)
load_database(self)
local output = {}
for k in pairs(authstruct) do
table.insert(output,k)
end
return output
end
delete_user = function (self, userid)
authstruct[userid] = nil
return auth.delete_entry(self, usertable, "", userid)
end
|