Changeset 27318 for main/trunk/greenstone2/perllib/cgiactions
- Timestamp:
- 2013-05-08T20:27:02+12:00 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/perllib/cgiactions/baseaction.pm
r27295 r27318 31 31 use inexport; 32 32 33 our $authentication_enabled = 0; # debugging flag (can debug without authentication when set to 0) 33 # for time conversion and formatting functions 34 use Time::Local; 35 use POSIX; 36 37 our $authentication_enabled = 1; # debugging flag (can debug without authentication when set to 0) 34 38 our $mail_enabled = 0; 35 39 … … 225 229 my $collection = shift(@_); 226 230 231 my $keydecay = 1800; # 30 mins same as in runtime-src/recpt/authentication.cpp 232 227 233 my $gsdl_cgi = $self->{'gsdl_cgi'}; 228 234 229 235 # Remove the pw argument (since this can mess up other scripts) 230 236 my $user_password = $gsdl_cgi->clean_param("pw"); 237 my $user_key = $gsdl_cgi->clean_param("ky"); 238 231 239 $gsdl_cgi->delete("pw"); 232 233 if ((!defined $user_password) || ($user_password =~ m/^\s*$/)) { 234 $gsdl_cgi->generate_error("Authentication failed: no password specified."); 240 $gsdl_cgi->delete("ky"); 241 242 if ((!defined $user_password || $user_password =~ m/^\s*$/) && (!defined $user_key || $user_key =~ m/^\s*$/)) { 243 $gsdl_cgi->generate_error("Authentication failed: no password or key specified."); 235 244 } 236 245 … … 259 268 $gsdl_cgi->generate_error("Authentication failed: no account for user '$username'."); 260 269 } 261 270 262 271 # Check password 263 my ($valid_user_password) = ($user_data =~ /\<password\>(.*)/); 264 if ($user_password ne $valid_user_password) { 265 $gsdl_cgi->generate_error("Authentication failed: incorrect password."); 272 if(defined $user_password) { 273 my ($valid_user_password) = ($user_data =~ /\<password\>(.*)/); 274 if ($user_password ne $valid_user_password) { 275 $gsdl_cgi->generate_error("Authentication failed: incorrect password."); 276 } 277 } 278 else { # check $user_key #if(!defined $user_password && defined $user_key) { 279 280 # check to see if there is a key for this particular user in the database that hasn't decayed. 281 # if the key validates, refresh the key again by setting its timestamp to the present time. 282 283 # Use db2txt to get the key accounts information 284 my $key_db_file_path = &util::filename_cat($etc_directory, "key.gdb"); 285 286 my $key_db_content = ""; 287 open(USERS_DB, "db2txt \"$key_db_file_path\" |"); 288 while (<USERS_DB>) { 289 $key_db_content .= $_; 290 } 291 292 my %key_db_data = (); 293 foreach my $key_db_entry (split(/-{70}/, $key_db_content)) { 294 if ($key_db_entry =~ /\n?\[(.+)\]\n/) { 295 $key_db_data{$1} = $key_db_entry; 296 } 297 } 298 299 # check key entry 300 my $key_data = $key_db_data{$user_key}; 301 if (!defined $key_data) { 302 303 #$gsdl_cgi->generate_error("Authentication failed: invalid key $user_key. Does not exist."); 304 $gsdl_cgi->generate_error("Authentication failed: invalid key. No entry for the given key."); 305 } 306 else { 307 my ($valid_username) = ($key_data =~ /\<user\>(.*)/); 308 if ($username ne $valid_username) { 309 $gsdl_cgi->generate_error("Authentication failed: key does not belong to user."); 310 } 311 312 # http://stackoverflow.com/questions/12644322/how-to-write-the-current-timestamp-in-a-file-perl 313 # http://stackoverflow.com/questions/2149532/how-can-i-format-a-timestamp-in-perl 314 # http://stackoverflow.com/questions/7726514/how-to-convert-text-date-to-timestamp 315 316 my $current_timestamp = time; #localtime(time); 317 318 my ($keycreation_time) = ($key_data =~ /\<time\>(.*)/); # of the form: 2013/05/06 14:39:23 319 if ($keycreation_time !~ m/^\s*$/) { # not empty 320 321 my ($year,$mon,$mday,$hour,$min,$sec) = split(/[\s\/:]+/, $keycreation_time); # split by space, /, : 322 my $key_timestamp = timelocal($sec,$min,$hour,$mday,$mon-1,$year); 323 324 if(($current_timestamp - $key_timestamp) > $keydecay) { 325 $gsdl_cgi->generate_error("Authentication failed: key has expired."); 326 } else { 327 # succeeded, update the key's time in the database 328 329 # beware http://community.activestate.com/forum/posixstrftime-problem-e-numeric-day-month 330 my $current_time = strftime("%Y/%m/%d %H:%M:%S\n", localtime($current_timestamp)); # POSIX 331 332 my $infodbtype = $self->{'infodbtype'}; 333 my $key_rec = &dbutil::read_infodb_entry($infodbtype, $key_db_file_path, $user_key); 334 $key_rec->{"time"}->[0] = $current_time; 335 my $status = &dbutil::set_infodb_entry($infodbtype, $key_db_file_path, $user_key, $key_rec); 336 337 if ($status != 0) { 338 $gsdl_cgi->generate_error("Error updating authentication key."); 339 } 340 } 341 } else { 342 $gsdl_cgi->generate_error("Authentication failed: Invalid key entry. No time stored for key."); 343 } 344 } 266 345 } 267 346 … … 271 350 # the user doesn't need to be a specific collection's editor in order to add comments to that collection. 272 351 # So we no longer check the user is in the group here. 352 # $self->check_group($collection, $username, $user_data); 353 } 354 355 356 sub check_group 357 { 358 my $self = shift @_; 359 my $collection = shift @_; 360 my $username = shift @_; 361 my $user_data = shift @_; 362 363 364 my $gsdl_cgi = $self->{'gsdl_cgi'}; 273 365 274 366 # Check group 275 #my ($user_groups) = ($user_data =~ /\<groups\>(.*)/);276 #if ($collection eq "") {277 ## If we're not editing a collection then the user doesn't need to be in a particular group278 #return $user_groups; # Authentication successful279 #}280 #foreach my $user_group (split(/\,/, $user_groups)) {367 my ($user_groups) = ($user_data =~ /\<groups\>(.*)/); 368 if ($collection eq "") { 369 # If we're not editing a collection then the user doesn't need to be in a particular group 370 return $user_groups; # Authentication successful 371 } 372 foreach my $user_group (split(/\,/, $user_groups)) { 281 373 # Does this user have access to all collections? 282 #if ($user_group eq "all-collections-editor") {283 #return $user_groups; # Authentication successful284 #}374 if ($user_group eq "all-collections-editor") { 375 return $user_groups; # Authentication successful 376 } 285 377 # Does this user have access to personal collections, and is this one? 286 #if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) {287 #return $user_groups; # Authentication successful288 #}378 if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) { 379 return $user_groups; # Authentication successful 380 } 289 381 # Does this user have access to this collection 290 # if ($user_group eq "$collection-collection-editor") { 291 # return $user_groups; # Authentication successful 292 # } 293 # } 294 # 295 # $gsdl_cgi->generate_error("Authentication failed: user is not in the required group."); 296 } 297 298 382 if ($user_group eq "$collection-collection-editor") { 383 return $user_groups; # Authentication successful 384 } 385 } 386 387 $gsdl_cgi->generate_error("Authentication failed: user is not in the required group."); 388 } 299 389 300 390 sub check_installation
Note:
See TracChangeset
for help on using the changeset viewer.