From ee10a590d86a586288b9447d70921b5e8dcdc9f9 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Thu, 5 Dec 2002 00:42:48 +0000 Subject: [PATCH] cleaned up pluggable auth. --- lib/WebGUI/Authentication.pm | 324 ++++++++++++++++++++-- lib/WebGUI/Authentication/LDAP.pm | 160 +++++------ lib/WebGUI/Authentication/SMB.pm.disabled | 112 ++++---- lib/WebGUI/Authentication/WebGUI.pm | 146 +++++----- lib/WebGUI/Operation/Account.pm | 64 +---- lib/WebGUI/Operation/Settings.pm | 9 +- lib/WebGUI/Operation/User.pm | 46 +-- lib/WebGUI/Session.pm | 6 +- 8 files changed, 539 insertions(+), 328 deletions(-) diff --git a/lib/WebGUI/Authentication.pm b/lib/WebGUI/Authentication.pm index 8ae1b1342..f2a06d6fc 100644 --- a/lib/WebGUI/Authentication.pm +++ b/lib/WebGUI/Authentication.pm @@ -10,32 +10,320 @@ package WebGUI::Authentication; # http://www.plainblack.com info@plainblack.com #------------------------------------------------------------------- +use strict qw(vars subs); +use WebGUI::ErrorHandler; +use WebGUI::Session; use WebGUI::SQL; -use strict; -sub saveParams { - my ($uid, $authMethod, $data, @values); - ($uid, $authMethod, $data) = @_; - foreach (keys(%$data)) { - WebGUI::SQL->write("delete from authentication where userId=$uid and authMethod=".quote($authMethod)." and fieldName=".quote($_)); - WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldData,fieldName) values ($uid,".quote($authMethod).",".quote($$data{$_}).",".quote($_).")"); - } +#------------------------------------------------------------------- +sub _execute { + my ($authMethod, $function, $params) = @_; + my $cmd = "WebGUI::Authentication::".$authMethod."::".$function; + my $result = eval {&$cmd($params)}; + WebGUI::ErrorHandler::fatalError("Missing method in Authentication module: $authMethod. ".$@) if($@); + return $result; } -sub getParams { - my ($uid, $authMethod); - $uid = shift; - $authMethod = shift; - return WebGUI::SQL->buildHashRef("select fieldName, fieldData from authentication where userId=$uid and authMethod='$authMethod'"); +#------------------------------------------------------------------- + +=head adminForm ( userId, authMethod ) + + Returns the admin form for the specified authentication method. + +=item userId + + This user's id. + +=item authMethod + + Specify the authentication method. + +=cut + +sub adminForm { + my $userId = shift; + my $authMethod = shift; + return _execute($authMethod,"adminForm",$userId); } +#------------------------------------------------------------------- + +=head adminFormSave ( userId, authMethod ) + + Saves the specified user's authentication information to the database. + +=item userId + + The user id to save the information for. + +=item authMethod + + Specify the authentication method. + +=cut + +sub adminFormSave { + my $userId = shift; + my $authMethod = shift; + return _execute($authMethod,"adminFormSave",$userId); +} + +#------------------------------------------------------------------- + +=head adminFormValidate ( authMethod ) + + Returns an error string if there are any problems with the form data. + +=item authMethod + + Specify the authentication method. + +=cut + +sub adminFormValidate { + my $authMethod = shift; + return _execute($authMethod,"adminFormValidate"); +} + +#------------------------------------------------------------------- + +=head authenticate ( userId, identifier, authMethod ) + + Check to see that the user supplied information is correct. Returns + "1" if successful otherwise it returns an error message. + +=item userId + + The user to authenticate. + +=item identifier + + The password, pass phrase, PIN, or other unique identifier to + verify this user. + +=item authMethod + + The type of authentication to use to authenticate this user. + +=cut + +sub authenticate { + my ($userId, $identifier, $authMethod) = @_; + return _execute($authMethod,"authenticate",[$userId,$identifier]); +} + +#------------------------------------------------------------------- + +=head deleteParams ( userId ) + + Removes the specified user's authentication parameters from the + database for all authentication methods. This is primarily useful + when deleting the user's account. + +=item userId + + The user id for the user to have the parameters deleted. + +=cut + sub deleteParams { - my $uid = shift; - - if ($uid) { - WebGUI::SQL->write("delete from authentication where userId=$uid"); - } + my $uid = shift; + if ($uid) { + WebGUI::SQL->write("delete from authentication where userId=$uid"); + } } + +#------------------------------------------------------------------- + +=head getParams ( userId [ , authMethod ] ) + + Returns an error string if there are any problems with the form data. + +=item userId + + Specify a user id. + +=item authMethod + + Optionally specify the authentication method. Defaults + to the user's current authentication method. If the user does not have + an authentication method, then it defaults to the system-wide + authentication method. + +=cut + +sub getParams { + my $uid = shift; + my $authMethod = shift; + if ($uid != $session{user}{userId} && $authMethod eq "") { + my $u = WebGUI::User->new($uid); + $authMethod = $u->authMethod; + } else { + $authMethod = $session{user}{authMethod}; + } + $authMethod = $session{setting}{authMethod} if ($authMethod eq ""); + return WebGUI::SQL->buildHashRef("select fieldName, fieldData from authentication + where userId=$uid and authMethod='$authMethod'"); +} + + +#------------------------------------------------------------------- + +=head optionsLabel ( authMethod ) + + Returns a label that can be displayed to describe the settings for + this auth method. + +=item authMethod + + The authentication method. + +=cut + +sub optionsLabel { + my $authMethod = shift; + return _execute($authMethod,"optionsLabel"); +} + + +#------------------------------------------------------------------- + +=head registrationForm ( ) + + Returns the user registration form for the default auth method. + +=cut + +sub registrationForm { + my $authMethod = $session{setting}{authMethod}; + return _execute($authMethod,"registrationForm"); +} + +#------------------------------------------------------------------- + +=head registrationFormSave ( userId ) + + Creates the appropriate values in the database for this user based + upon their registration information. + +=item userId + + The user id to store with the registration data. + +=cut + +sub registrationFormSave { + my $authMethod = $session{setting}{authMethod}; + _execute($authMethod,"registrationFormSave",$_[0]); +} + +#------------------------------------------------------------------- + +=head registrationFormValidate ( ) + + Returns an error string if there are any problems with the form data. + +=cut + +sub registrationFormValidate { + my $authMethod = $session{setting}{authMethod}; + return _execute($authMethod,"registrationFormValidate"); +} + + +#------------------------------------------------------------------- + +=head settingsForm ( authMethod ) + + Returns a form for the WebGUI settings area. + +=item authMethod + + The authentication method to display the form for. + +=cut + +sub settingsForm { + my $authMethod = shift; + return _execute($authMethod,"settingsForm"); +} + + +#------------------------------------------------------------------- + +=head saveParams ( userId, authMethod, data ) + + Saves the user's authentication parameters to the database. + +=item userId + + Specify a user id. + +=item authMethod + + Specify the authentication method to save these paramaters under. + +=item data + + A hash reference containing parameter names and values to be saved. + +=cut + +sub saveParams { + my ($uid, $authMethod, $data) = @_; + foreach (keys %{$data}) { + WebGUI::SQL->write("delete from authentication where + userId=$uid and authMethod=".quote($authMethod)." and fieldName=".quote($_)); + WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldData,fieldName) + values ($uid,".quote($authMethod).",".quote($data->{$_}).",".quote($_).")"); + } +} + + +#------------------------------------------------------------------- + +=head userForm ( ) + + Returns the user authentication data form. + +=cut + +sub userForm { + my $authMethod = $session{user}{authMethod} || $session{setting}{authMethod}; + return _execute($authMethod,"userForm"); +} + + +#------------------------------------------------------------------- + +=head userFormSave ( ) + + Saves user form data to the database. + +=cut + +sub userFormSave { + my $authMethod = $session{user}{authMethod} || $session{setting}{authMethod}; + _execute($authMethod,"userFormSave"); +} + +#------------------------------------------------------------------- + +=head userFormValidate ( ) + + Returns an error string if there are any problems with the form data. + +=cut + +sub userFormValidate { + my $authMethod = $session{user}{authMethod} || $session{setting}{authMethod}; + return _execute($authMethod,"userFormValidate"); +} + + + 1; + + diff --git a/lib/WebGUI/Authentication/LDAP.pm b/lib/WebGUI/Authentication/LDAP.pm index a95ef8cfa..2df36b932 100644 --- a/lib/WebGUI/Authentication/LDAP.pm +++ b/lib/WebGUI/Authentication/LDAP.pm @@ -33,48 +33,13 @@ my %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol 68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)', 71=>'Affects Multiple DSAs (71)', 80=>'other (80)'); -#------------------------------------------------------------------- -sub hasBadUserData { - my($uri, $port, %args, $ldap, $auth, $error, $search, $connectDN); - $uri = URI->new($session{setting}{ldapURL}); - if ($uri->port < 1) { - $port = 389; - } else { - $port = $uri->port; - } - %args = (port => $port); - $ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79); - return $error if ($error); - $ldap->bind; - $search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{loginId}); - if (defined $search->entry(0)) { - $connectDN = "cn=".$search->entry(0)->get_value("cn"); - $ldap->unbind; - $ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79); - $auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{ldapPassword}); - if ($auth->code == 48 || $auth->code == 49) { - $error = '
  • '.WebGUI::International::get(68); - WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{loginId}); - } elsif ($auth->code > 0) { - $error = '
  • LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. '.WebGUI::International::get(69); - WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code}); - } - $ldap->unbind; - } else { - $error = '
  • '.WebGUI::International::get(68); - WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId}); - } - - return $error; -} #------------------------------------------------------------------- -sub validateUser { +sub authenticate { my ($userId, $password, $userData, $uri, $port, %args, $ldap, $auth, $result); - ($userId, $password) = @_; - + $userId = $_[0]->[0]; + my $identifier = $_[0]->[1]; $userData = WebGUI::Authentication::getParams($userId, 'LDAP'); - $uri = URI->new($userData->{ldapURL}); if ($uri->port < 1) { $port = 389; @@ -84,11 +49,9 @@ sub validateUser { %args = (port => $port); $ldap = Net::LDAP->new($uri->host, %args) or $result = WebGUI::International::get(79); return $result if $result; - - $auth = $ldap->bind(dn=>$$userData{connectDN}, password=>$session{form}{identifier}); + $auth = $ldap->bind(dn=>$$userData{connectDN}, password=>$identifier); if ($auth->code == 48 || $auth->code == 49) { $result = WebGUI::International::get(68); - WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information."); } elsif ($auth->code > 0) { $result .= 'LDAP error "'.$ldapStatusCode{$auth->code}.'" occured.'; $result .= WebGUI::International::get(69); @@ -100,28 +63,22 @@ sub validateUser { return $result; } -#------------------------------------------------------------------------- -# Below are the subs that create and save the forms used for inputting -# config data for this auth module. The 'form' and 'save' subs of each -# from are so related that I've grouped by function. Apart from the -# 'save' and 'form' stuff the subs are still in alphabetical order though. -#------------------------------------------------------------------------- - #------------------------------------------------------------------- -sub formAddUser { +sub adminForm { + my $userData = WebGUI::Authentication::getParams($_[0],'LDAP'); + my $ldapURL = $session{form}{ldapURL} || $userData->{ldapURL} || $session{setting}{ldapURL}; + my $connectDN = $session{form}{connectDN} || $userData->{connectDN}; my $f; - $f = WebGUI::HTMLForm->new; - $f->readOnly("LDAP Authentication Options"); - $f->url("ldapURL",WebGUI::International::get(165),$session{setting}{ldapURL}); - $f->text("connectDN",WebGUI::International::get(166),$session{form}{connectDN}); - + $f->readOnly(''.optionsLabel().''); + $f->url("ldapURL",WebGUI::International::get(165),$ldapURL); + $f->text("connectDN",WebGUI::International::get(166),$connectDN); return $f->printRowsOnly; } #------------------------------------------------------------------- -sub saveAddUser { - WebGUI::Authentication::saveParams($session{form}{uid},'LDAP', +sub adminFormSave { + WebGUI::Authentication::saveParams($_[0],'LDAP', { connectDN => $session{form}{connectDN}, ldapURL => $session{form}{ldapURL} @@ -129,50 +86,94 @@ sub saveAddUser { } #------------------------------------------------------------------- -sub formCreateAccount { - my $f; +sub adminFormValidate { + return ""; +} +#------------------------------------------------------------------- +sub optionsLabel { + return "LDAP Authentication Options"; +} + +#------------------------------------------------------------------- +sub registrationForm { + my $f; $f = WebGUI::HTMLForm->new; + $f->text("ldapId",$session{setting}{ldapIdName}); $f->password("ldapPassword",$session{setting}{ldapPasswordName}); - return $f->printRowsOnly; } #------------------------------------------------------------------- -sub saveCreateAccount { +sub registrationFormSave { my($uri, $port, %args, $ldap, $auth, $search, $connectDN, $uid); - my $uid = shift; - $uri = URI->new($session{setting}{ldapURL}); if ($uri->port < 1) { $port = 389; } else { $port = $uri->port; } - %args = (port => $port); $ldap = Net::LDAP->new($uri->host, %args); $ldap->bind; - $search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{loginId}); + $search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{ldapId}); if (defined $search->entry(0)) { $connectDN = "cn=".$search->entry(0)->get_value("cn"); } $ldap->unbind; - WebGUI::Authentication::saveParams($uid,'LDAP', { connectDN => $connectDN, ldapURL => $session{setting}{ldapURL} }); + return $session{form}{ldapId}; } #------------------------------------------------------------------- -sub formEditUserSettings { - my $f; +sub registrationFormValidate { + my ($uri, $error, $ldap, $port, $search, $auth, $connectDN); + $uri = URI->new($session{setting}{ldapURL}); + if ($uri->port < 1) { + $port = 389; + } else { + $port = $uri->port; + } + if ($ldap = Net::LDAP->new($uri->host, {port=>$port})) { + if ($ldap->bind) { + $search = $ldap->search (base=>$uri->dn,filter=>$session{setting}{ldapId}."=".$session{form}{ldapId}); + if (defined $search->entry(0)) { + $connectDN = "cn=".$search->entry(0)->get_value("cn"); + $ldap->unbind; + $ldap = Net::LDAP->new($uri->host, {port=>$port}) or $error .= WebGUI::International::get(79); + $auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{ldapPassword}); + if ($auth->code == 48 || $auth->code == 49) { + $error .= '
  • '.WebGUI::International::get(68); + WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId}); + } elsif ($auth->code > 0) { + $error .= '
  • LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. ' + .WebGUI::International::get(69); + WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code}); + } + $ldap->unbind; + } else { + $error .= '
  • '.WebGUI::International::get(68); + WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId}); + } + } else { + $error = WebGUI::International::get(79); + } + } else { + $error = WebGUI::International::get(79); + } + return $error; +} +#------------------------------------------------------------------- +sub settingsForm { + my $f; $f = WebGUI::HTMLForm->new; - $f->readOnly('LDAP Authentication Options'); + $f->readOnly(''.optionsLabel().''); $f->url("ldapURL",WebGUI::International::get(120),$session{setting}{ldapURL}); $f->text("ldapId",WebGUI::International::get(121),$session{setting}{ldapId}); $f->text("ldapIdName",WebGUI::International::get(122),$session{setting}{ldapIdName}); @@ -181,26 +182,17 @@ sub formEditUserSettings { } #------------------------------------------------------------------- -sub formEditUser { - my ($f, $userData); - $userData = WebGUI::Authentication::getParams($session{form}{uid}, 'LDAP'); - - $f = WebGUI::HTMLForm->new; - $f->readOnly('LDAP Authentication Options'); - $f->url("ldapURL",WebGUI::International::get(165),$$userData{ldapURL}); - $f->text("connectDN",WebGUI::International::get(166),$$userData{connectDN}); - - return $f->printRowsOnly; +sub userForm { + return ""; } #------------------------------------------------------------------- -sub saveEditUser { - WebGUI::Authentication::saveParams($session{form}{uid},'LDAP', - { - connectDN => $session{form}{connectDN}, - ldapURL => $session{form}{ldapURL} - }); +sub userFormSave { } +#------------------------------------------------------------------- +sub userFormValidate { + return ""; +} 1; diff --git a/lib/WebGUI/Authentication/SMB.pm.disabled b/lib/WebGUI/Authentication/SMB.pm.disabled index 9805a3dae..b68cc5841 100644 --- a/lib/WebGUI/Authentication/SMB.pm.disabled +++ b/lib/WebGUI/Authentication/SMB.pm.disabled @@ -24,26 +24,10 @@ my %smbError = ( ); #------------------------------------------------------------------- -sub hasBadUserData { - my ($pdc, $bdc, $ntDomain, $smbLogin, $smb, $error); - - $pdc = $session{setting}{smbPDC}; - $bdc = $session{setting}{smbBDC}; - $ntDomain = $session{setting}{smbDomain}; - $smbLogin = $session{form}{loginId}; - $smb = Authen::Smb::authen($smbLogin, $session{form}{smbPassword}, $pdc, $bdc, $ntDomain); - if ($smb > 0) { - $error = '
  • '. $smbError{$smb} . "pdc: $pdc, bdc: $bdc, domain: $ntDomain"; - } - - return $error; -} - -#------------------------------------------------------------------- -sub validateUser { +sub authenticate { my ($uid, $password, $userData, $smb, $result); - - ($uid, $password) = @_; + $userId = $_[0]->[0]; + $password = $_[0]->[1]; $userData = WebGUI::Authentication::getParams($uid, 'SMB'); $smb = Authen::Smb::authen($userData->{smbLogin}, $password, $userData->{smbPDC}, $userData->{smbBDC}, $userData->{smbDomain}); @@ -56,28 +40,25 @@ sub validateUser { return $result; } -#------------------------------------------------------------------------- -# Below are the subs that create and save the forms used for inputting -# config data for this auth module. The 'form' and 'save' subs of each -# from are so related that I've grouped by function. Apart from the -# 'save' and 'form' stuff the subs are still in alphabetical order though. -#------------------------------------------------------------------------- - #------------------------------------------------------------------- -sub formAddUser { +sub adminForm { + my $userData = WebGUI::Authentication::getParams($_[0], 'SMB'); + my $pdc = $session{form}{smbPDC} || $userData->{smbPDC} || $session{setting}{smbPDC}; + my $bdc = $session{form}{smbBDC} || $userData->{smbBDC} || $session{setting}{smbBDC}; + my $domain = $session{form}{smbDomain} || $userData->{smbDomain} || $session{setting}{smbDomain}; + my $login = $session{form}{smbLogin} || $userData->{smbLogin}; my $f; - $f = WebGUI::HTMLForm->new; - $f->readOnly("SMB Authentication Options"); - $f->text("smbPDC","PDC",$session{setting}{smbPDC}); - $f->text("smbBDC","BDC",$session{setting}{smbBDC}); - $f->text("smbDomain","NT Domain",$session{setting}{smbDomain}); - $f->text("smbLogin","NT Login name",''); + $f->readOnly(''.optionsLabel().''); + $f->text("smbPDC","PDC",$pdc); + $f->text("smbBDC","BDC",$bdc); + $f->text("smbDomain","NT Domain",$domain); + $f->text("smbLogin","NT Login name",$login); return $f->printRowsOnly; } #------------------------------------------------------------------- -sub saveAddUser { +sub adminFormSave { WebGUI::Authentication::saveParams($session{form}{uid},'SMB', { smbPDC => $session{form}{smbPDC}, @@ -88,19 +69,22 @@ sub saveAddUser { } #------------------------------------------------------------------- -sub formCreateAccount { - my $f; +sub optionsLabel { + return "SMB Authentication Options"; +} +#------------------------------------------------------------------- +sub registrationForm { + my $f; $f = WebGUI::HTMLForm->new; + $f->text("loginId","NT Login Id"); $f->password("smbPassword","NT Password"); - return $f->printRowsOnly; } #------------------------------------------------------------------- -sub saveCreateAccount { +sub registrationFormSave { my $uid; - $uid = shift; WebGUI::Authentication::saveParams($uid,'SMB', { @@ -112,42 +96,44 @@ sub saveCreateAccount { } #------------------------------------------------------------------- -sub formEditUserSettings { - my $f; +sub registrationFormValidate { + my ($pdc, $bdc, $ntDomain, $smbLogin, $smb, $error); + $pdc = $session{setting}{smbPDC}; + $bdc = $session{setting}{smbBDC}; + $ntDomain = $session{setting}{smbDomain}; + $smbLogin = $session{form}{loginId}; + $smb = Authen::Smb::authen($smbLogin, $session{form}{smbPassword}, $pdc, $bdc, $ntDomain); + if ($smb > 0) { + $error = '
  • '. $smbError{$smb} . "pdc: $pdc, bdc: $bdc, domain: $ntDomain"; + } + return $error; +} + +#------------------------------------------------------------------- +sub settingsForm { + my $f; $f = WebGUI::HTMLForm->new; - $f->readOnly("SMB Authentication Options"); + $f->readOnly(''.optionsLabel().''); $f->text("smbPDC","PDC",$session{setting}{smbPDC}); $f->text("smbBDC","BDC",$session{setting}{smbBDC}); $f->text("smbDomain","NT Domain",$session{setting}{smbDomain}); - return $f->printRowsOnly; } #------------------------------------------------------------------- -sub formEditUser { - my ($f, $userData); - $userData = WebGUI::Authentication::getParams($session{form}{uid}, 'SMB'); - - $f = WebGUI::HTMLForm->new; - $f->readOnly("SMB Authentication Options"); - $f->text("smbPDC","PDC",$$userData{smbPDC}); - $f->text("smbBDC","BDC",$$userData{smbBDC}); - $f->text("smbDomain","NT Domain",$$userData{smbDomain}); - $f->text("smbLogin","NT Login name",$$userData{smbLogin}); - - return $f->printRowsOnly; +sub userForm { + return ""; } #------------------------------------------------------------------- -sub saveEditUser { - WebGUI::Authentication::saveParams($session{form}{uid},'SMB', - { - smbPDC => $session{form}{smbPDC}, - smbBDC => $session{form}{smbBDC}, - smbDomain => $session{form}{smbDomain}, - smbLogin => $session{form}{smbLogin} - }); +sub userFormSave { +} + +#------------------------------------------------------------------- +sub userFormValidate { + return ""; } 1; + diff --git a/lib/WebGUI/Authentication/WebGUI.pm b/lib/WebGUI/Authentication/WebGUI.pm index 5662d4209..0dc36ec14 100644 --- a/lib/WebGUI/Authentication/WebGUI.pm +++ b/lib/WebGUI/Authentication/WebGUI.pm @@ -10,100 +10,114 @@ package WebGUI::Authentication::WebGUI; # http://www.plainblack.com info@plainblack.com #------------------------------------------------------------------- +use Digest::MD5; use strict; use WebGUI::Session; use WebGUI::Authentication; use WebGUI::HTMLForm; -use Digest::MD5; + #------------------------------------------------------------------- -sub hasBadUserData { - return WebGUI::Operation::Account::_hasBadPassword($session{form}{identifier1},$session{form}{identifier2}); -} - -#------------------------------------------------------------------- -sub validateUser { +sub authenticate { my ($userId, $identifier, $userData, $success); - ($userId, $identifier) = @_; - + $userId = $_[0]->[0]; + $identifier = $_[0]->[1]; $userData = WebGUI::Authentication::getParams($userId, 'WebGUI'); if ((Digest::MD5::md5_base64($identifier) eq $$userData{identifier}) && ($identifier ne "")) { $success = 1; } else { $success = WebGUI::International::get(68); - WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information."); } return $success; } -#------------------------------------------------------------------------- -# Below are the subs that create and save the forms used for inputting -# config data for this auth module. The 'form' and 'save' subs of each -# from are so related that I've grouped by function. Apart from the -# 'save' and 'form' stuff the subs are still in alphabetical order though. -#------------------------------------------------------------------------- - - #------------------------------------------------------------------- -sub formAddUser { +sub adminForm { my $f; - $f = WebGUI::HTMLForm->new; - $f->readOnly("WebGUI Authentication options"); - $f->password("identifier",WebGUI::International::get(51)); - return $f->printRowsOnly; -} - -#------------------------------------------------------------------- -sub saveAddUser { - my $encryptedPassword; - - $encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier}); - WebGUI::Authentication::saveParams($session{form}{uid},'WebGUI',{identifier => $encryptedPassword}); -} - -#------------------------------------------------------------------- -sub formCreateAccount { - my $f; - - $f = WebGUI::HTMLForm->new; - $f->password("identifier1",WebGUI::International::get(51)); - $f->password("identifier2",WebGUI::International::get(55)); - return $f->printRowsOnly; -} - -#------------------------------------------------------------------- -sub saveCreateAccount { - my ($encryptedPassword, $uid); - - $uid = shift; - $encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1}); - WebGUI::Authentication::saveParams($uid, 'WebGUI', {identifier => $encryptedPassword}); -} - -#------------------------------------------------------------------- -sub formEditUser { - my $f; - - $f = WebGUI::HTMLForm->new; - $f->readOnly('WebGUI Authentication Options'); + $f->readOnly(''.optionsLabel().''); $f->password("identifier",WebGUI::International::get(51),"password"); + return $f->printRowsOnly; } #------------------------------------------------------------------- -sub saveEditUser { - my ($encryptedPassword); - - if ($session{form}{identifier} ne "password") { - $encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier}); - WebGUI::Authentication::saveParams($session{form}{uid}, 'WebGUI', {identifier => $encryptedPassword}); +sub adminFormSave { + unless ($session{form}{identifier} eq "password") { + WebGUI::Authentication::saveParams($_[0],'WebGUI',{identifier => Digest::MD5::md5_base64($session{form}{identifier})}); } } #------------------------------------------------------------------- -sub formEditUserSettings { - return ''; +sub adminFormValidate { + return ""; } +#------------------------------------------------------------------- +sub optionsLabel { + return "WebGUI Authentication Options"; +} + +#------------------------------------------------------------------- +sub registrationForm { + my $f; + $f = WebGUI::HTMLForm->new; + $f->password("identifier",WebGUI::International::get(51)); + $f->password("identifierConfirm",WebGUI::International::get(55)); + return $f->printRowsOnly; +} + +#------------------------------------------------------------------- +sub registrationFormSave { + adminFormSave($_[0]); +} + +#------------------------------------------------------------------- +sub registrationFormValidate { + my ($error); + if ($session{form}{identifier} ne $session{form}{identifierConfirm}) { + $error = '
  • '.WebGUI::International::get(78); + } + if ($session{form}{identifier} eq "password") { + $error .= '
  • '.WebGUI::International::get(727); + } + if ($session{form}{identifier} eq "") { + $error .= '
  • '.WebGUI::International::get(726); + } + return $error; +} + +#------------------------------------------------------------------- +sub settingsForm { + return ""; +} + +#------------------------------------------------------------------- +sub userForm { + my $f; + $f = WebGUI::HTMLForm->new; + $f->password("identifier",WebGUI::International::get(51),"password"); + $f->password("identifierConfirm",WebGUI::International::get(55),"password"); + return $f->printRowsOnly; +} + +#------------------------------------------------------------------- +sub userFormSave { + adminFormSave($session{user}{userId}); +} + +#------------------------------------------------------------------- +sub userFormValidate { + my ($error); + if ($session{form}{identifier} ne $session{form}{identifierConfirm}) { + $error = '
  • '.WebGUI::International::get(78); + } + if ($session{form}{identifier} eq "") { + $error .= '
  • '.WebGUI::International::get(726); + } + return $error; +} + + 1; + diff --git a/lib/WebGUI/Operation/Account.pm b/lib/WebGUI/Operation/Account.pm index 1b95d1511..b36d51232 100644 --- a/lib/WebGUI/Operation/Account.pm +++ b/lib/WebGUI/Operation/Account.pm @@ -10,9 +10,7 @@ package WebGUI::Operation::Account; # http://www.plainblack.com info@plainblack.com #------------------------------------------------------------------- -use Digest::MD5 qw(md5_base64); use Exporter; -use Net::LDAP; use strict qw(vars subs); use URI; use WebGUI::DateTime; @@ -59,21 +57,6 @@ sub _accountOptions { return $output; } -#------------------------------------------------------------------- -sub _hasBadPassword { - my ($error); - if ($_[0] ne $_[1]) { - $error = '
  • '.WebGUI::International::get(78); - } - if ($_[0] eq "password") { - $error .= '
  • '.WebGUI::International::get(727); - } - if ($_[0] eq "") { - $error .= '
  • '.WebGUI::International::get(726); - } - return $error; -} - #------------------------------------------------------------------- sub _hasBadUsername { my ($error,$otherUser); @@ -122,7 +105,7 @@ sub _validateProfileData { #------------------------------------------------------------------- sub www_createAccount { - my ($output, %language, @array, $cmd, $return, + my ($output, %language, @array, $previousCategory, $category, $f, $a, %data, $default, $label, $values, $method); tie %data, 'Tie::CPHash'; if ($session{user}{userId} != 1) { @@ -137,15 +120,7 @@ sub www_createAccount { unless ($session{setting}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) { $f->text("username",WebGUI::International::get(50),$session{form}{username}); } - if ($session{setting}{authMethod} ne 'WebGUI') { - $f->text("loginId", 'loginName'); - } - - $cmd = $session{authentication}{$session{setting}{authMethod}} . "::formCreateAccount"; - $return = eval {&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method formCreateAccount on Authentication module: $session{setting}{authMethod}. ".$@) if($@); - $f->raw($return); - + $f->raw(WebGUI::Authentication::registrationForm()); $a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber"); @@ -205,22 +180,14 @@ sub www_createAccountSave { $username = $session{form}{username}; } $error = _hasBadUsername($username); - - $cmd = $session{authentication}{$session{setting}{authMethod}} . '::hasBadUserData'; - $error .= eval {&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method hasBadUserData on Authentication module: $session{setting}{authMethod}. ".$@) if($@); - + $error .= WebGUI::Authentication::registrationFormValidate(); ($profile, $temp) = _validateProfileData(); $error .= $temp; if ($error eq "") { $u = WebGUI::User->new("new"); $u->username($username); $u->authMethod($session{setting}{authMethod}); - - $cmd = $session{authentication}{$session{setting}{authMethod}} . '::saveCreateAccount'; - eval {&$cmd($u->userId)}; - WebGUI::ErrorHandler::fatalError("Unable to load method saveCreateAccount on Authentication module: $session{setting}{authMethod}. ".$@) if($@); - + WebGUI::Authentication::registrationFormSave($u->userId); $u->karma($session{setting}{karmaPerLogin},"Login","Just for logging in.") if ($session{setting}{useKarma}); foreach $fieldName (keys %{$profile}) { $u->profileField($fieldName,${$profile}{$fieldName}); @@ -282,14 +249,7 @@ sub www_displayAccount { } else { $f->text("username",WebGUI::International::get(50),$session{user}{username}); } - - if ($session{user}{authMethod} ne "WebGUI") { - $f->hidden("identifier1","password"); - $f->hidden("identifier2","password"); - } else { - $f->password("identifier1",WebGUI::International::get(51),"password"); - $f->password("identifier2",WebGUI::International::get(55),"password"); - } + $f->raw(WebGUI::Authentication::userForm()); $f->submit; $output .= $f->print; $output .= _accountOptions(); @@ -420,9 +380,7 @@ sub www_login { if ($uid) { $u = WebGUI::User->new($uid); if ($u->status eq 'Active') { - $cmd = $session{authentication}{$u->authMethod}."::validateUser"; - $success = eval{&$cmd($uid, $session{form}{identifier})}; - WebGUI::ErrorHandler::fatalError("Unable to load method validateUser on Authentication module: $_. ".$@) if($@); + $success = WebGUI::Authentication::authenticate($uid,$session{form}{identifier},$u->authMethod); } else { $success = WebGUI::International::get(820); } @@ -437,6 +395,7 @@ sub www_login { return ""; } else { _logLogin($uid, $success); + WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information."); return "

    ".WebGUI::International::get(70)."

    ".$success.www_displayLogin(); } } @@ -507,15 +466,14 @@ sub www_recoverPasswordFinish { sub www_updateAccount { my ($output, $error, $encryptedPassword, $passwordStatement, $u); if ($session{user}{userId} != 1) { - if ($session{form}{identifier1} ne "password") { - $error = _hasBadPassword($session{form}{identifier1},$session{form}{identifier2}); - } + $error = WebGUI::Authentication::userFormValidate(); $error .= _hasBadUsername($session{form}{username}); if ($error eq "") { $u = WebGUI::User->new($session{user}{userId}); - $u->identifier(Digest::MD5::md5_base64($session{form}{identifier1})) if ($session{form}{identifier1} ne "password"); $u->username($session{form}{username}); - $output .= WebGUI::International::get(81).'

    '; + WebGUI::Authentication::userFormSave(); + $output .= '

  • '.WebGUI::International::get(81).'

    '; + WebGUI::Session::refreshUserInfo($u->userId); } else { $output = $error; } diff --git a/lib/WebGUI/Operation/Settings.pm b/lib/WebGUI/Operation/Settings.pm index 60fbfcc92..5989ab074 100644 --- a/lib/WebGUI/Operation/Settings.pm +++ b/lib/WebGUI/Operation/Settings.pm @@ -56,14 +56,9 @@ sub www_editUserSettings { $f->select("authMethod",\%authMethod,WebGUI::International::get(119),[$session{setting}{authMethod}]); $f->yesNo("usernameBinding",WebGUI::International::get(306),$session{setting}{usernameBinding}); $f->yesNo("selfDeactivation","Allow users to deactivate their account",$session{setting}{selfDeactivation}); - - foreach (@{$session{authentication}{available}}) { - $cmd = "WebGUI::Authentication::".$_."::formEditUserSettings"; - $html = eval{&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method formEditUserSettings on Authentication module: $_. ".$@) if($@); - $f->raw($html); + foreach (keys %{$session{authentication}}) { + $f->raw(WebGUI::Authentication::settingsForm($_)); } - $f->submit; $output .= $f->print; return _submenu($output); diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index 1b8f677bd..bb10edc5b 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -10,7 +10,6 @@ package WebGUI::Operation::User; # http://www.plainblack.com info@plainblack.com #------------------------------------------------------------------- -use Digest::MD5 qw(md5_base64); use Exporter; use strict qw(vars subs); use Tie::CPHash; @@ -56,8 +55,7 @@ sub _submenu { #------------------------------------------------------------------- sub www_addUser { - my (@array, $output, $groups, %hash, $f, $cmd, $html, %status); - tie %hash, 'Tie::IxHash'; + my (@array, $output, $groups, $f, $cmd, $html, %status); return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3)); $output .= helpIcon(5); $output .= '

    '.WebGUI::International::get(163).'

    '; @@ -80,14 +78,9 @@ sub www_addUser { push(@array,7); #everyone $groups = WebGUI::SQL->buildHashRef("select groupId,groupName from groups where groupId not in (".join(",",@array).") order by groupName"); $f->select("groups",$groups,WebGUI::International::get(605),[],5,1); - %hash = map {$_ => $_} @{$session{authentication}{available}}; - $f->select("authMethod",\%hash,WebGUI::International::get(164),[$session{setting}{authMethod}]); - - foreach (@{$session{authentication}{available}}) { - $cmd = "WebGUI::Authentication::".$_."::formAddUser"; - $html = eval{&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method formAddUser on Authentication module: $_. ".$@) if($@); - $f->raw($html); + $f->select("authMethod",$session{authentication},WebGUI::International::get(164),[$session{setting}{authMethod}]); + foreach (keys %{$session{authentication}}) { + $f->raw(WebGUI::Authentication::adminForm(0,$_)); } $f->submit; $output .= $f->print; @@ -104,13 +97,9 @@ sub www_addUserSave { $u = WebGUI::User->new("new"); $session{form}{uid}=$u->userId; $u->username($session{form}{username}); - - foreach (@{$session{authentication}{available}}) { - $cmd = "WebGUI::Authentication::".$_."::saveAddUser"; - eval{&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method saveAddUser on Authentication module: $_. ".$@) if($@); + foreach (keys %{$session{authentication}}) { + WebGUI::Authentication::adminFormSave($u->userId,$_); } - $u->status($session{form}{status}); $u->authMethod($session{form}{authMethod}); @groups = $session{cgi}->param('groups'); @@ -180,6 +169,7 @@ sub www_deleteUserConfirm { return WebGUI::Privilege::vitalComponent(); } else { $u = WebGUI::User->new($session{form}{uid}); + WebGUI::Authentication::deleteParams($u->userId); $u->delete; return www_listUsers(); } @@ -215,7 +205,7 @@ sub www_editGroupingSave { #------------------------------------------------------------------- sub www_editUser { return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3)); - my ($output, $f, $u, $cmd, $html, %hash, %status); + my ($output, $f, $u, $cmd, $html, %status); $u = WebGUI::User->new($session{form}{uid}); $output .= helpIcon(5); $output .= '

    '.WebGUI::International::get(168).'

    '; @@ -227,7 +217,6 @@ sub www_editUser { $f->readOnly(epochToHuman($u->dateCreated,"%z"),WebGUI::International::get(453)); $f->readOnly(epochToHuman($u->lastUpdated,"%z"),WebGUI::International::get(454)); $f->text("username",WebGUI::International::get(50),$u->username); - tie %status, 'Tie::IxHash'; %status = ( Active =>WebGUI::International::get(817), @@ -235,17 +224,10 @@ sub www_editUser { Selfdestructed =>WebGUI::International::get(819) ); $f->select("status",\%status,WebGUI::International::get(816),[$u->status]); - - %hash = map {$_ => $_} @{$session{authentication}{available}}; - $f->select("authMethod",\%hash,WebGUI::International::get(164),[$session{setting}{authMethod}]); - - foreach (@{$session{authentication}{available}}) { - $cmd = "WebGUI::Authentication::".$_."::formEditUser"; - $html = eval{&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method formEditUser on Authentication module: $_. ".$@) if($@); - $f->raw($html); + $f->select("authMethod",$session{authentication},WebGUI::International::get(164),[$session{setting}{authMethod}]); + foreach (keys %{$session{authentication}}) { + $f->raw(WebGUI::Authentication::adminForm($u->userId,$_)); } - $f->submit; $output .= $f->print; return _submenu($output); @@ -261,10 +243,8 @@ sub www_editUserSave { $u->username($session{form}{username}); $u->authMethod($session{form}{authMethod}); $u->status($session{form}{status}); - foreach (@{$session{authentication}{available}}) { - $cmd = "WebGUI::Authentication::".$_."::saveEditUser"; - eval{&$cmd}; - WebGUI::ErrorHandler::fatalError("Unable to load method saveEditUser on Authentication module: $_. ".$@) if($@); + foreach (keys %{$session{authentication}}) { + WebGUI::Authentication::adminFormSave($u->userId,$_); } } else { $error = ''; diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index f73b88fe8..c9cddfdff 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -122,7 +122,7 @@ sub _setupUserInfo { #------------------------------------------------------------------- sub _loadAuthentication { - my ($dir, @files, $slash, $file, $cmd, $namespace, $exclude, @availableModules); + my ($dir, @files, $file, $cmd, $namespace, $exclude); $dir = $session{config}{webguiRoot}.$session{os}{slash}."lib".$session{os}{slash}."WebGUI".$session{os}{slash}."Authentication"; opendir (DIR,$dir) or WebGUI::ErrorHandler::fatalError("Can't open Authentication module directory!"); @files = readdir(DIR); @@ -135,8 +135,7 @@ sub _loadAuthentication { $exclude = $session{config}{excludeAuthentication}; $exclude =~ s/ //g; unless (isIn($namespace, split(/,/,$exclude))) { - $session{authentication}{$namespace} = 'WebGUI::Authentication::' . $namespace; - push(@availableModules, $namespace); + $session{authentication}{$namespace} = $namespace; } } else { WebGUI::ErrorHandler::warn("Authentication module failed to compile: $namespace. ".$@); @@ -144,7 +143,6 @@ sub _loadAuthentication { } } } - $session{authentication}{available} = \@availableModules; closedir(DIR); }