diff --git a/htroot/User.java b/htroot/User.java index 45edc98ba..ec0a2d780 100644 --- a/htroot/User.java +++ b/htroot/User.java @@ -54,7 +54,7 @@ public class User{ prop.put("logged-in_username", ""); prop.put("logged-in_returnto", ""); //identified via HTTPPassword - entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")); + entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION)); if(entry != null){ prop.put("logged-in_identified-by", "1"); //try via cookie @@ -113,13 +113,9 @@ public class User{ } String cookie=""; - if(entry != null) + if(entry != null) { //set a random token in a cookie cookie=sb.userDB.getCookie(entry); - else if(staticAdmin) - cookie=sb.userDB.getAdminCookie(); - - if(entry != null || staticAdmin){ final ResponseHeader outgoingHeader=new ResponseHeader(200); outgoingHeader.setCookie("login", cookie); prop.setOutgoingHeader(outgoingHeader); @@ -164,8 +160,6 @@ public class User{ if(entry != null){ final String ip = requestHeader.getRemoteAddr(); entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getHeaderCookies())); //todo: logout cookie - }else{ - sb.userDB.adminLogout(UserDB.getLoginToken(requestHeader.getHeaderCookies())); } try { requestHeader.logout(); // servlet container session logout diff --git a/source/net/yacy/data/UserDB.java b/source/net/yacy/data/UserDB.java index 3ad8557b7..bdc3d7b1d 100644 --- a/source/net/yacy/data/UserDB.java +++ b/source/net/yacy/data/UserDB.java @@ -52,7 +52,14 @@ import net.yacy.kelondro.util.kelondroException; import net.yacy.search.Switchboard; import net.yacy.search.SwitchboardConstants; - +/** + * Holds details of users that can login to YaCy, their rights and credentials. + * Caches succesfull login, holding cookie and/or ip information. + * + * In addition a systemadmin (static admin) account is available by default, + * included in the global Switchboard configuration. + * + */ public final class UserDB { private static final int USERNAME_MIN_LENGTH = 4; @@ -60,7 +67,7 @@ public final class UserDB { private MapHeap userTable; private final File userTableFile; private final Map ipUsers = new HashMap(); - private final Map cookieUsers = new HashMap(); + private final Map cookieUsers = new HashMap(); // mapping to identify user by a login cookie "login=" public UserDB(final File userTableFile) throws IOException { this.userTableFile = userTableFile; @@ -249,23 +256,11 @@ public final class UserDB { public Entry cookieAuth(final String cookieString){ final String token = getLoginToken(cookieString); if (cookieUsers.containsKey(token)) { - final Object entry = cookieUsers.get(token); - if (entry instanceof Entry) //String would mean static Admin - return (Entry)entry; + final Entry entry = cookieUsers.get(token); + return entry; } return null; } - - public boolean cookieAdminAuth(final String cookieString){ - final String token = getLoginToken(cookieString); - if (cookieUsers.containsKey(token)) { - final Object entry = cookieUsers.get(token); - if (entry instanceof String && entry.equals("admin")) { - return true; - } - } - return false; - } public String getCookie(final Entry entry){ final Random r = new Random(); @@ -273,13 +268,6 @@ public final class UserDB { cookieUsers.put(token, entry); return token; } - - public String getAdminCookie(){ - final Random r = new Random(); - final String token = Long.toString(Math.abs(r.nextLong()), 36); - cookieUsers.put(token, "admin"); - return token; - } public static String getLoginToken(final String cookies){ final String[] cookie = CommonPattern.SEMICOLON.split(cookies); //TODO: Mozilla uses "; " @@ -291,13 +279,6 @@ public final class UserDB { } return ""; } - - public void adminLogout(final String logintoken){ - if (cookieUsers.containsKey(logintoken)) { - //XXX: We could check, if its == "admin", but we want to logout anyway. - cookieUsers.remove(logintoken); - } - } public enum AccessRight {