summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base
diff options
context:
space:
mode:
Diffstat (limited to 'modules/luci-base')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua52
1 files changed, 14 insertions, 38 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index df562dd5d..bb02912f4 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -113,24 +113,11 @@ function authenticator.htmlauth(validator, accs, default)
return user
end
- if context.urltoken.stok then
- context.urltoken.stok = nil
-
- local cookie = 'sysauth=%s; expires=%s; path=%s/' %{
- http.getcookie('sysauth') or 'x',
- 'Thu, 01 Jan 1970 01:00:00 GMT',
- build_url()
- }
-
- http.header("Set-Cookie", cookie)
- http.redirect(build_url())
- else
- require("luci.i18n")
- require("luci.template")
- context.path = {}
- http.status(403, "Forbidden")
- luci.template.render("sysauth", {duser=default, fuser=user})
- end
+ require("luci.i18n")
+ require("luci.template")
+ context.path = {}
+ http.status(403, "Forbidden")
+ luci.template.render("sysauth", {duser=default, fuser=user})
return false
@@ -151,18 +138,8 @@ function httpdispatch(request, prefix)
end
end
- local tokensok = true
for node in pathinfo:gmatch("[^/]+") do
- local tkey, tval
- if tokensok then
- tkey, tval = node:match(";(%w+)=([a-fA-F0-9]*)")
- end
- if tkey then
- context.urltoken[tkey] = tval
- else
- tokensok = false
- r[#r+1] = node
- end
+ r[#r+1] = node
end
local stat, err = util.coxpcall(function()
@@ -311,13 +288,14 @@ function dispatch(request)
resource = luci.config.main.resourcebase;
ifattr = function(...) return _ifattr(...) end;
attr = function(...) return _ifattr(true, ...) end;
- token = ctx.urltoken.stok;
url = build_url;
}, {__index=function(table, key)
if key == "controller" then
return build_url()
elseif key == "REQUEST_URI" then
return build_url(unpack(ctx.requestpath))
+ elseif key == "token" then
+ return ctx.authtoken
else
return rawget(table, key) or _G[key]
end
@@ -340,20 +318,17 @@ function dispatch(request)
local def = (type(track.sysauth) == "string") and track.sysauth
local accs = def and {track.sysauth} or track.sysauth
local sess = ctx.authsession
- local verifytoken = false
if not sess then
sess = http.getcookie("sysauth")
sess = sess and sess:match("^[a-f0-9]*$")
- verifytoken = true
end
local sdat = (util.ubus("session", "get", { ubus_rpc_session = sess }) or { }).values
- local user
+ local user, token
if sdat then
- if not verifytoken or ctx.urltoken.stok == sdat.token then
- user = sdat.user
- end
+ user = sdat.user
+ token = sdat.token
else
local eu = http.getenv("HTTP_AUTH_USER")
local ep = http.getenv("HTTP_AUTH_PASS")
@@ -390,8 +365,8 @@ function dispatch(request)
sess, build_url()
})
- ctx.urltoken.stok = token
ctx.authsession = sess
+ ctx.authtoken = token
ctx.authuser = user
http.redirect(build_url(unpack(ctx.requestpath)))
@@ -403,6 +378,7 @@ function dispatch(request)
end
else
ctx.authsession = sess
+ ctx.authtoken = token
ctx.authuser = user
end
end
@@ -414,7 +390,7 @@ function dispatch(request)
return
end
- if http.formvalue("token") ~= ctx.urltoken.stok then
+ if http.formvalue("token") ~= ctx.authtoken then
http.status(403, "Forbidden")
luci.template.render("csrftoken")
return