diff options
| author | Steven Barth <steven@midlink.org> | 2008-08-10 12:58:05 +0000 |
|---|---|---|
| committer | Steven Barth <steven@midlink.org> | 2008-08-10 12:58:05 +0000 |
| commit | f9fa6d82da4f15473a49822d6d9dfda34144b85e (patch) | |
| tree | b5a1593155a67919118e2201c244d239a87ba31f /libs/web | |
| parent | 2787a7f68896663647e19a1387195ae18db7d37a (diff) | |
* libs/web: Reworked authentication
Diffstat (limited to 'libs/web')
| -rw-r--r-- | libs/web/luasrc/dispatcher.lua | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index d9917c2a8..b74c5bdc2 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -33,6 +33,8 @@ require("luci.fs") context = luci.util.threadlocal() +authenticator = {} + -- Index table local index = nil @@ -76,25 +78,20 @@ function error500(message) return false end ---- Render and evaluate the system authentication login form. --- @param default Default username --- @return Authentication status -function sysauth(default) +function authenticator.htmlauth(validator, default) local user = luci.http.formvalue("username") local pass = luci.http.formvalue("password") - if user and luci.sys.user.checkpasswd(user, pass) then - local sid = luci.sys.uniqueid(16) - luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") - luci.sauth.write(sid, user) - return true - else - require("luci.i18n") - require("luci.template") - context.path = {} - luci.template.render("sysauth", {duser=default, fuser=user}) - return false + if user and validator(user, pass) then + return user end + + require("luci.i18n") + require("luci.template") + context.path = {} + luci.template.render("sysauth", {duser=default, fuser=user}) + return false + end --- Dispatch an HTTP request. @@ -172,13 +169,23 @@ function dispatch(request) if track.sysauth then require("luci.sauth") + local authen = authenticator[track.sysauth_authenticator] local def = (type(track.sysauth) == "string") and track.sysauth local accs = def and {track.sysauth} or track.sysauth local user = luci.sauth.read(luci.http.getcookie("sysauth")) - if not luci.util.contains(accs, user) then - if not sysauth(def) then + if authen then + local user = authen(luci.sys.user.checkpasswd, def) + if not user or not luci.util.contains(accs, user) then + return + else + local sid = luci.sys.uniqueid(16) + luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") + luci.sauth.write(sid, user) + end + else + luci.http.status(403, "Forbidden") return end end |