summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/dispatcher.lua
AgeCommit message (Collapse)Author
2018-04-05luci-base: dispatcher: reject non-POST requests with any cbi.submit valueJo-Philipp Wich
Due to the fact that luci.model.cbi reacts on any "cbi.submit" value while the dispatcher only required POST for cbi.submit == 1, the CSRF token protection could be bypassed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-base: add FULL_REQUEST_URI template propertyJo-Philipp Wich
Introduce a new template property FULL_REQUEST_URI which returns the full canonicalized request URL built from SCRIPT_NAME, PATH_INFO and QUERY_STRING. This new property is safer to use compared to using the raw REQUEST_URI CGI environment variable directly as this value is essentially untrusted user input which may contain embedded escaped slashes, double forward slashes and other oddities allowing XSS exploitation or request redirection. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-17luci-base: log login attemptsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-13luci-base: improve language detectionJo-Philipp Wich
Properly deal with client accept languages containing a culture identifier such as "zh-CN" or "pt-BR". Fixes #1226. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-11luci-base: properly handle authentication without authenticatorJo-Philipp Wich
Some controller actions like the ones in "servicectl" require authentication but are not meant to provide an authenticator because they're only invoked by scripts. Rework the dispatcher logic to handle this situation and only bail out if an authenticator name other than "htmlauth" is set. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-09luci-base: use rpcd session loginsJo-Philipp Wich
Drop the custom credentials checking in favor to perform proper session logins via rpcd. This is needed to properly setup ACLs when spawning rpcd sessions in order to support direct client side ubus access in the future. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-06luci-base: luci.dispatcher: allow overriding sysauth templateJo-Philipp Wich
In some cases it is useful to be able to override the template used for the sysauth login dialog. Add a new property "sysauth_template" which allows overriding the template name from controller files. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-03-01modules/base: dispatcher: use default language if automatic choice failsMatthias Schiffer
Fall back to default language if "auto" is configured, but none provided by the browser matches. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-02-10luci-base: dispatcher: let attr() automatically serialize JSONJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-02-02Fix embedded links: github instead of luci.subsignal.orgHannu Nyman
Fix links to point into Github repo instead of luci.subsignal.org - the hint to file a bug in dispatcher - footers of Bootstrap and Firefunk themes Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-01-11luci-base: properly handle ubus connections for non-root (#570, #571)Jo-Philipp Wich
Instead of relying on the connect-before-setuid hack, ship a proper acl definition file whitelisting the procedures that LuCI requires on its non-root pages. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-22luci-base: dispatcher expose test_post_security()Jo-Philipp Wich
Allows external code to perform POST and token checking manually. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-base: ensure that base url is emitted with trailing slashJo-Philipp Wich
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid url while cookies are restricted to only '/cgi-bin/luci/' and below. In order to ensure that the first request after login refers to a path covered by the authentication cookie, change build_url() to always append a trailing slash if we're referring to the base url. This should fix the login problems mentioned in #516. While we're touching the dispatcher, also remove remaining url token code. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-base: remove security token from urlsJo-Philipp Wich
Now that sensitive urls require post requests and only accept them if a valid security token is sent along the request, we can drop the global random url token to improve LuCI usability. The main improvement is the ability to use multiple tabs with the same login session, but also deep linking to specific urls without the need for another login becomes feasible, e.g. for documentation purposes. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-base: generalize post security token handlingJo-Philipp Wich
* Add a generic helper function to check need for post / csrf token validation * Remove custom token verification in cbi targets * Support requiring post security depending on specific submit parameters, usable through post_on() action Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-base: expose luci.dispatcher.build_url() as url() in templatesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-base: protect simpleforms with CSRF tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: protect CBI forms with CSRF tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: add support for POST-only actions with CSRF token checkJo-Philipp Wich
Add the dispatcher infrastructure to restrict certain routes to POST requests only in conjunction with verification of CSRF tokens. This is the first step to get rid of the CSRF token in the url in favor to tokens embedded in forms. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-02-09Avoid setting duplicate cookiesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-02-09luci-base: pass session timeout as integerJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-02-09luci-base: establish ubus connection before dropping privileges (#310)Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-29Move inline documentation into separate files.Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-26luci-base: improve login/logout handlingJo-Philipp Wich
Redirect to the canonical url after login and redirect to an url without security token if the session expired. Also make sure that the login page is served with status code 403, not 200 to give ajax calls a chance to detect expired sessions. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Globally reduce copyright headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16luci-base: remove luci.initJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16luci-base: use local sys module table in luci.dispatcherJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-15luci-base: remove old fastindex support code, use cached module tablesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-15luci-base: switch to ubus sessionsJo-Philipp Wich
Remove luci.sauth session storage implementation and offload the session management to the rpcd ubus backend. Also depend on rpcd due to this.
2015-01-08Rework LuCI build systemJo-Philipp Wich
* Rename subdirectories to their repective OpenWrt package names * Make each LuCI module its own standalone package * Deploy a shared luci.mk which is used by each module Makefile Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>