remove login cookie generation for static admin ind User servlet

cookieAuth is never successful for static admin, leaving the creation and handling for login cookies for static admin obsolete.
8 years ago · 02092de3d8
parent 49f19aff75
commit 02092de3d8
2 changed files with 13 additions and 38 deletions
--- a/htroot/User.java
+++ b/htroot/User.java
@ -54,7 +54,7 @@ public class User{
        prop.put("logged-in_username", "");
        prop.put("logged-in_returnto", "");
        //identified via HTTPPassword
-        entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx"));
+        entry=sb.userDB.proxyAuth(requestHeader.get(RequestHeader.AUTHORIZATION));
        if(entry != null){
        	prop.put("logged-in_identified-by", "1");
        //try via cookie
@ -113,13 +113,9 @@ public class User{
            }

            String cookie="";
-            if(entry != null)
+            if(entry != null) {
                //set a random token in a cookie
                cookie=sb.userDB.getCookie(entry);
-            else if(staticAdmin)
-                cookie=sb.userDB.getAdminCookie();
-
-            if(entry != null || staticAdmin){
                final ResponseHeader outgoingHeader=new ResponseHeader(200);
                outgoingHeader.setCookie("login", cookie);
                prop.setOutgoingHeader(outgoingHeader);
@ -164,8 +160,6 @@ public class User{
            if(entry != null){
                final String ip = requestHeader.getRemoteAddr();
                entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getHeaderCookies())); //todo: logout cookie
-            }else{
-                sb.userDB.adminLogout(UserDB.getLoginToken(requestHeader.getHeaderCookies()));
            }
            try {
                requestHeader.logout(); // servlet container session logout
--- a/source/net/yacy/data/UserDB.java
+++ b/source/net/yacy/data/UserDB.java
@ -52,7 +52,14 @@ import net.yacy.kelondro.util.kelondroException;
 import net.yacy.search.Switchboard;
 import net.yacy.search.SwitchboardConstants;

-
+/**
+ * Holds details of users that can login to YaCy, their rights and credentials.
+ * Caches succesfull login, holding cookie and/or ip information.
+ *
+ * In addition a systemadmin (static admin) account is available by default,
+ * included in the global Switchboard configuration.
+ *
+ */
 public final class UserDB {
    
    private static final int USERNAME_MIN_LENGTH = 4;
@ -60,7 +67,7 @@ public final class UserDB {
    private MapHeap userTable;
    private final File userTableFile;
    private final Map<String, String> ipUsers = new HashMap<String, String>();
-    private final Map<String, Object> cookieUsers = new HashMap<String, Object>();
+    private final Map<String, Entry> cookieUsers = new HashMap<String, Entry>(); // mapping to identify user by a login cookie "login=<token>"
    
    public UserDB(final File userTableFile) throws IOException {
        this.userTableFile = userTableFile;
@ -249,24 +256,12 @@ public final class UserDB {
    public Entry cookieAuth(final String cookieString){
        final String token = getLoginToken(cookieString);
        if (cookieUsers.containsKey(token)) {
-            final Object entry = cookieUsers.get(token);
-            if (entry instanceof Entry) //String would mean static Admin
-                return (Entry)entry;
+            final Entry entry = cookieUsers.get(token);
+            return entry;
        }
        return null;
    }

-    public boolean cookieAdminAuth(final String cookieString){
-        final String token = getLoginToken(cookieString);
-        if (cookieUsers.containsKey(token)) {
-            final Object entry = cookieUsers.get(token);
-            if (entry instanceof String && entry.equals("admin")) {
-                return true;
-            }
-        }
-        return false;
-    }
-
    public String getCookie(final Entry entry){
        final Random r = new Random();
        final String token = Long.toString(Math.abs(r.nextLong()), 36);
@ -274,13 +269,6 @@ public final class UserDB {
        return token;
    }
    
-    public String getAdminCookie(){
-        final Random r = new Random();
-        final String token = Long.toString(Math.abs(r.nextLong()), 36);
-        cookieUsers.put(token, "admin");
-        return token;
-    }
-    
    public static String getLoginToken(final String cookies){
        final String[] cookie = CommonPattern.SEMICOLON.split(cookies); //TODO: Mozilla uses "; "
        for (final String c :cookie) {
@ -292,13 +280,6 @@ public final class UserDB {
        return "";
    }

-    public void adminLogout(final String logintoken){
-        if (cookieUsers.containsKey(logintoken)) {
-            //XXX: We could check, if its == "admin", but we want to logout anyway.
-            cookieUsers.remove(logintoken);
-        }
-    }
-
    public enum AccessRight {

        //to create new rights, you just add them here