From dc443284c4b5f59a4447797f88730d9fe1bc0b45 Mon Sep 17 00:00:00 2001 From: Patrick J Cherry Date: Thu, 22 Mar 2012 17:40:38 +0000 Subject: Tidied up login authentication + tests (woo!) --- lib/mauve/authentication.rb | 9 +++++++-- lib/mauve/web_interface.rb | 17 ++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) (limited to 'lib/mauve') diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb index d0d4596..54743f1 100644 --- a/lib/mauve/authentication.rb +++ b/lib/mauve/authentication.rb @@ -139,7 +139,7 @@ module Mauve client.login(login, response) return true rescue XMLRPC::FaultException => fault - logger.warn "Authentication for #{login} failed: #{fault.faultCode}: #{fault.faultString}" + logger.warn "#{self.class} for #{login} failed: #{fault.faultCode}: #{fault.faultString}" return false rescue IOError => ex logger.warn "#{ex.class} during auth for #{login} (#{ex.to_s})" @@ -164,7 +164,12 @@ module Mauve # @return [Boolean] def authenticate(login,password) super - Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password + if ( Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password ) + return true + else + logger.warn "#{self.class} for #{login} failed" + return false + end end end diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb index b998ad8..225cc33 100644 --- a/lib/mauve/web_interface.rb +++ b/lib/mauve/web_interface.rb @@ -4,6 +4,7 @@ require 'redcloth' require 'json' require 'mauve/authentication' +require 'mauve/http_server' tilt_lib = "tilt" begin @@ -120,7 +121,6 @@ EOF unless ok_urls.include?(request.path_info) flash['error'] = "You must be logged in to access that page." - status 403 redirect "/login?next_page=#{request.path_info}" unless no_redirect_urls.any?{|u| /^#{u}/ =~ request.path_info } end end @@ -146,7 +146,9 @@ EOF if @person redirect '/' else + @username = nil @next_page = params[:next_page] || '/' + status 403 if flash['error'] haml :login end end @@ -154,7 +156,7 @@ EOF post '/login' do usr = params['username'].to_s pwd = params['password'].to_s - next_page = params['next_page'].to_s + next_page = params['next_page'] || "/" # # Make sure we don't magically logout automatically :) @@ -165,14 +167,19 @@ EOF session['username'] = usr redirect next_page else - flash['error'] = "You must be logged in to access that page." - redirect "/login?next_page=#{next_page}" + flash['error'] = "Authentication failed." + status 401 +# redirect "/login?next_page=#{next_page}" + @title += " Login" + @username = usr + @next_page = next_page + haml :login end end get '/logout' do session.delete('username') - flash['error'] = "You have logged out!" + flash['info'] = "You have logged out!" redirect '/login' end -- cgit v1.2.1