boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

remove login cookie generation for static admin ind User servlet

Browse Source 
cookieAuth is never successful for static admin, leaving the creation and
handling for login cookies for static admin obsolete.
pull/93/head
reger 8 years ago
parent 49f19aff75
commit 02092de3d8
2 changed files with 13 additions and 38 deletions
Show Stats Download Patch File Download Diff File

10
htroot/User.java
Unescape View File

@ -54,7 +54,7 @@ public class User{
prop.put("logged-in_username", ""); prop.put("logged-in_username", "");
prop.put("logged-in_returnto", ""); prop.put("logged-in_returnto", "");
//identified via HTTPPassword //identified via HTTPPassword
entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")); entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION));
if(entry != null){ if(entry != null){
prop.put("logged-in_identified-by", "1"); prop.put("logged-in_identified-by", "1");
//try via cookie //try via cookie
@ -113,13 +113,9 @@ public class User{
} }
String cookie=""; String cookie="";
if(entry != null) if(entry != null) {
//set a random token in a cookie //set a random token in a cookie
cookie=sb.userDB.getCookie(entry); cookie=sb.userDB.getCookie(entry);
else if(staticAdmin)
cookie=sb.userDB.getAdminCookie();
if(entry != null || staticAdmin){
final ResponseHeader outgoingHeader=new ResponseHeader(200); final ResponseHeader outgoingHeader=new ResponseHeader(200);
outgoingHeader.setCookie("login", cookie); outgoingHeader.setCookie("login", cookie);
prop.setOutgoingHeader(outgoingHeader); prop.setOutgoingHeader(outgoingHeader);
@ -164,8 +160,6 @@ public class User{
if(entry != null){ if(entry != null){
final String ip = requestHeader.getRemoteAddr(); final String ip = requestHeader.getRemoteAddr();
entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getHeaderCookies())); //todo: logout cookie entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getHeaderCookies())); //todo: logout cookie
}else{
sb.userDB.adminLogout(UserDB.getLoginToken(requestHeader.getHeaderCookies()));
} }
try { try {
requestHeader.logout(); // servlet container session logout requestHeader.logout(); // servlet container session logout

41
source/net/yacy/data/UserDB.java
Unescape View File

@ -52,7 +52,14 @@ import net.yacy.kelondro.util.kelondroException;
import net.yacy.search.Switchboard; import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants; import net.yacy.search.SwitchboardConstants;
/**
* Holds details of users that can login to YaCy, their rights and credentials.
* Caches succesfull login, holding cookie and/or ip information.
*
* In addition a systemadmin (static admin) account is available by default,
* included in the global Switchboard configuration.
*
*/
public final class UserDB { public final class UserDB {
private static final int USERNAME_MIN_LENGTH = 4; private static final int USERNAME_MIN_LENGTH = 4;
@ -60,7 +67,7 @@ public final class UserDB {
private MapHeap userTable; private MapHeap userTable;
private final File userTableFile; private final File userTableFile;
private final Map<String, String> ipUsers = new HashMap<String, String>(); private final Map<String, String> ipUsers = new HashMap<String, String>();
private final Map<String, Object> cookieUsers = new HashMap<String, Object>(); private final Map<String, Entry> cookieUsers = new HashMap<String, Entry>(); // mapping to identify user by a login cookie "login=<token>"
public UserDB(final File userTableFile) throws IOException { public UserDB(final File userTableFile) throws IOException {
this.userTableFile = userTableFile; this.userTableFile = userTableFile;
@ -249,24 +256,12 @@ public final class UserDB {
public Entry cookieAuth(final String cookieString){ public Entry cookieAuth(final String cookieString){
final String token = getLoginToken(cookieString); final String token = getLoginToken(cookieString);
if (cookieUsers.containsKey(token)) { if (cookieUsers.containsKey(token)) {
final Object entry = cookieUsers.get(token); final Entry entry = cookieUsers.get(token);
if (entry instanceof Entry) //String would mean static Admin return entry;
return (Entry)entry;
} }
return null; return null;
} }
public boolean cookieAdminAuth(final String cookieString){
final String token = getLoginToken(cookieString);
if (cookieUsers.containsKey(token)) {
final Object entry = cookieUsers.get(token);
if (entry instanceof String && entry.equals("admin")) {
return true;
}
}
return false;
}
public String getCookie(final Entry entry){ public String getCookie(final Entry entry){
final Random r = new Random(); final Random r = new Random();
final String token = Long.toString(Math.abs(r.nextLong()), 36); final String token = Long.toString(Math.abs(r.nextLong()), 36);
@ -274,13 +269,6 @@ public final class UserDB {
return token; return token;
} }
public String getAdminCookie(){
final Random r = new Random();
final String token = Long.toString(Math.abs(r.nextLong()), 36);
cookieUsers.put(token, "admin");
return token;
}
public static String getLoginToken(final String cookies){ public static String getLoginToken(final String cookies){
final String[] cookie = CommonPattern.SEMICOLON.split(cookies); //TODO: Mozilla uses "; " final String[] cookie = CommonPattern.SEMICOLON.split(cookies); //TODO: Mozilla uses "; "
for (final String c :cookie) { for (final String c :cookie) {
@ -292,13 +280,6 @@ public final class UserDB {
return ""; return "";
} }
public void adminLogout(final String logintoken){
if (cookieUsers.containsKey(logintoken)) {
//XXX: We could check, if its == "admin", but we want to logout anyway.
cookieUsers.remove(logintoken);
}
}
public enum AccessRight { public enum AccessRight {
//to create new rights, you just add them here //to create new rights, you just add them here

Write Preview
Loading…
Cancel
Save