i18n = require "luci.i18n"
_M.fs = fs
-authenticator = {}
-
-- Index table
local index = nil
return false
end
-function authenticator.htmlauth(validator, accs, default, template)
- local user = http.formvalue("luci_username")
- local pass = http.formvalue("luci_password")
-
- if user and validator(user, pass) then
- return user
- end
-
- require("luci.i18n")
- require("luci.template")
- context.path = {}
- http.status(403, "Forbidden")
- luci.template.render(template or "sysauth", {duser=default, fuser=user})
-
- return false
-
-end
-
function httpdispatch(request, prefix)
http.context.request = request
return true
end
+local function session_retrieve(sid, allowed_users)
+ local sdat = util.ubus("session", "get", { ubus_rpc_session = sid })
+
+ if type(sdat) == "table" and
+ type(sdat.values) == "table" and
+ type(sdat.values.token) == "string" and
+ util.contains(allowed_users, sdat.values.username)
+ then
+ return sid, sdat.values
+ end
+
+ return nil, nil
+end
+
+local function session_setup(user, pass)
+ local login = util.ubus("session", "login", {
+ username = user,
+ password = pass,
+ timeout = tonumber(luci.config.sauth.sessiontime)
+ })
+
+ if type(login) == "table" and
+ type(login.ubus_rpc_session) == "string"
+ then
+ util.ubus("session", "set", {
+ ubus_rpc_session = login.ubus_rpc_session,
+ values = { token = sys.uniqueid(16) }
+ })
+
+ return login.ubus_rpc_session
+ end
+
+ return nil
+end
+
function dispatch(request)
--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
local ctx = context
)
if track.sysauth then
- local authen = type(track.sysauth_authenticator) == "function"
- and track.sysauth_authenticator
- or authenticator[track.sysauth_authenticator]
-
- local def = (type(track.sysauth) == "string") and track.sysauth
- local accs = def and {track.sysauth} or track.sysauth
- local sess = ctx.authsession
- if not sess then
- sess = http.getcookie("sysauth")
- sess = sess and sess:match("^[a-f0-9]*$")
- end
+ local authen = track.sysauth_authenticator
+ local _, sid, sdat, default_user, allowed_users
- local sdat = (util.ubus("session", "get", { ubus_rpc_session = sess }) or { }).values
- local user, token
-
- if sdat then
- user = sdat.user
- token = sdat.token
+ if type(track.sysauth) == "table" then
+ default_user, allowed_users = nil, track.sysauth
else
- local eu = http.getenv("HTTP_AUTH_USER")
- local ep = http.getenv("HTTP_AUTH_PASS")
- if eu and ep and sys.user.checkpasswd(eu, ep) then
- authen = function() return eu end
- end
+ default_user, allowed_users = track.sysauth, { track.sysauth }
end
- if not util.contains(accs, user) then
- if authen then
- local user, sess = authen(sys.user.checkpasswd, accs, def, track.sysauth_template)
- local token
- if not user or not util.contains(accs, user) then
- return
- else
- if not sess then
- local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) })
- if sdat then
- token = sys.uniqueid(16)
- util.ubus("session", "set", {
- ubus_rpc_session = sdat.ubus_rpc_session,
- values = {
- user = user,
- token = token,
- section = sys.uniqueid(16)
- }
- })
- sess = sdat.ubus_rpc_session
- end
- end
+ if type(authen) == "function" then
+ _, sid = authen(sys.user.checkpasswd, allowed_users)
+ elseif authen == "htmlauth" then
+ sid, sdat = session_retrieve(http.getcookie("sysauth"), allowed_users)
- if sess and token then
- http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
+ if not sid then
+ local user = http.getenv("HTTP_AUTH_USER")
+ local pass = http.getenv("HTTP_AUTH_PASS")
- ctx.authsession = sess
- ctx.authtoken = token
- ctx.authuser = user
+ if user == nil and pass == nil then
+ user = http.formvalue("luci_username")
+ pass = http.formvalue("luci_password")
+ end
- http.redirect(build_url(unpack(ctx.requestpath)))
- end
+ if util.contains(allowed_users, user) then
+ sid, sdat = session_setup(user, pass), nil
end
- else
- http.status(403, "Forbidden")
- return
+
+ if not sid then
+ require("luci.i18n")
+ require("luci.template")
+ context.path = {}
+ http.status(403, "Forbidden")
+ luci.template.render(track.sysauth_template or "sysauth", {
+ duser = default_user,
+ fuser = user
+ })
+ return
+ end
+
+ http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+ http.redirect(build_url(unpack(ctx.requestpath)))
end
else
- ctx.authsession = sess
- ctx.authtoken = token
- ctx.authuser = user
+ error500("Unsupported authenticator configured")
+ return
+ end
+
+ if not sdat then
+ sid, sdat = session_retrieve(sid, allowed_users)
end
+
+ if not sid or not sdat then
+ http.status(403, "Forbidden")
+ return
+ end
+
+ ctx.authsession = sid
+ ctx.authtoken = sdat.token
+ ctx.authuser = sdat.username
end
if c and require_post_security(c.target) then
projects / project / luci.git / commitdiff