aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorPatrick J Cherry <patrick@bytemark.co.uk>2012-03-22 17:40:38 +0000
committerPatrick J Cherry <patrick@bytemark.co.uk>2012-03-22 17:40:38 +0000
commitdc443284c4b5f59a4447797f88730d9fe1bc0b45 (patch)
tree1f82d0e9754c3239cc4ac65220ef4f54a4a5e44e /lib
parent2622cd5d2cb322b78229d345d82076a582925ae2 (diff)
Tidied up login authentication + tests (woo!)
Diffstat (limited to 'lib')
-rw-r--r--lib/mauve/authentication.rb9
-rw-r--r--lib/mauve/web_interface.rb17
2 files changed, 19 insertions, 7 deletions
diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb
index d0d4596..54743f1 100644
--- a/lib/mauve/authentication.rb
+++ b/lib/mauve/authentication.rb
@@ -139,7 +139,7 @@ module Mauve
client.login(login, response)
return true
rescue XMLRPC::FaultException => fault
- logger.warn "Authentication for #{login} failed: #{fault.faultCode}: #{fault.faultString}"
+ logger.warn "#{self.class} for #{login} failed: #{fault.faultCode}: #{fault.faultString}"
return false
rescue IOError => ex
logger.warn "#{ex.class} during auth for #{login} (#{ex.to_s})"
@@ -164,7 +164,12 @@ module Mauve
# @return [Boolean]
def authenticate(login,password)
super
- Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password
+ if ( Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password )
+ return true
+ else
+ logger.warn "#{self.class} for #{login} failed"
+ return false
+ end
end
end
diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb
index b998ad8..225cc33 100644
--- a/lib/mauve/web_interface.rb
+++ b/lib/mauve/web_interface.rb
@@ -4,6 +4,7 @@ require 'redcloth'
require 'json'
require 'mauve/authentication'
+require 'mauve/http_server'
tilt_lib = "tilt"
begin
@@ -120,7 +121,6 @@ EOF
unless ok_urls.include?(request.path_info)
flash['error'] = "You must be logged in to access that page."
- status 403
redirect "/login?next_page=#{request.path_info}" unless no_redirect_urls.any?{|u| /^#{u}/ =~ request.path_info }
end
end
@@ -146,7 +146,9 @@ EOF
if @person
redirect '/'
else
+ @username = nil
@next_page = params[:next_page] || '/'
+ status 403 if flash['error']
haml :login
end
end
@@ -154,7 +156,7 @@ EOF
post '/login' do
usr = params['username'].to_s
pwd = params['password'].to_s
- next_page = params['next_page'].to_s
+ next_page = params['next_page'] || "/"
#
# Make sure we don't magically logout automatically :)
@@ -165,14 +167,19 @@ EOF
session['username'] = usr
redirect next_page
else
- flash['error'] = "You must be logged in to access that page."
- redirect "/login?next_page=#{next_page}"
+ flash['error'] = "Authentication failed."
+ status 401
+# redirect "/login?next_page=#{next_page}"
+ @title += " Login"
+ @username = usr
+ @next_page = next_page
+ haml :login
end
end
get '/logout' do
session.delete('username')
- flash['error'] = "You have logged out!"
+ flash['info'] = "You have logged out!"
redirect '/login'
end