boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2214 6c8d7289-2bf4-0310-a012-ef5d649a1542

Browse Source
pull/1/head
allo 19 years ago
parent 11951aed41
commit 0621106ef3
5 changed files with 44 additions and 17 deletions
Show Stats Download Patch File Download Diff File

3
htroot/User.java
Unescape View File

@ -162,7 +162,10 @@ public class User{
prop.put("logged-in",0);
if(entry != null){
entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), userDB.getLoginToken(header.getHeaderCookies())); //todo: logout cookie
}else{
sb.userDB.adminLogout(userDB.getLoginToken(header.getHeaderCookies()));
}
//XXX: This should not be needed anymore, because of isLoggedout
if(! ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
prop.put("AUTHENTICATE","admin log-in");
}

28
source/de/anomic/data/userDB.java
Unescape View File

@ -186,7 +186,9 @@ public final class userDB {
* @param auth the http-headerline for authorisation
*/
public boolean hasAdminRight(String auth, String ip, String cookies){
Entry entry=proxyAuth(auth);
Entry entry=null;
if(auth != null)
entry=proxyAuth(auth);
if(entry != null && entry.hasAdminRight())
return true;
entry=cookieAuth(cookies);
@ -262,16 +264,18 @@ public final class userDB {
return entry;
}
public Entry cookieAuth(String cookieString){
if(cookieUsers.containsKey(cookieString)){
Object entry=cookieUsers.get(cookieString);
String token=getLoginToken(cookieString);
if(cookieUsers.containsKey(token)){
Object entry=cookieUsers.get(token);
if(entry instanceof Entry) //String would mean static Admin
return (Entry)entry;
}
return null;
}
public boolean cookieAdminAuth(String cookieString){
if(cookieUsers.containsKey(cookieString)){
Object entry=cookieUsers.get(cookieString);
String token=getLoginToken(cookieString);
if(cookieUsers.containsKey(token)){
Object entry=cookieUsers.get(token);
if(entry instanceof String && entry.equals("admin"))
return true;
}
@ -301,6 +305,13 @@ public final class userDB {
}
return "";
}
public void adminLogout(String logintoken){
if(cookieUsers.containsKey(logintoken)){
//XXX: We could check, if its == "admin", but we want to logout anyway.
cookieUsers.remove(logintoken);
}
}
public class Entry {
public static final String MD5ENCODED_USERPWD_STRING = "MD5_user:pwd";
@ -518,10 +529,10 @@ public final class userDB {
public boolean isLoggedOut(){
return (this.mem.containsKey(LOGGED_OUT)?((String)this.mem.get(LOGGED_OUT)).equals("true"):false);
}
public void logout(String ip, String cookieString){
public void logout(String ip, String logintoken){
logout(ip);
if(cookieUsers.containsKey(cookieString)){
cookieUsers.remove(cookieString);
if(cookieUsers.containsKey(logintoken)){
cookieUsers.remove(logintoken);
}
}
public void logout(String ip){
@ -535,7 +546,6 @@ public final class userDB {
public void logout(){
logout("xxxxxx");
}
public String toString() {
StringBuffer str = new StringBuffer();
str.append((this.userName==null)?"null":this.userName)

6
source/de/anomic/http/httpHeader.java
Unescape View File

@ -899,6 +899,12 @@ public final class httpHeader extends TreeMap implements Map {
}
return "";
}
public Vector getCookieVector(){
return cookies;
}
public void setCookieVector(Vector mycookies){
cookies=mycookies;
}
/**
* Returns an iterator within all properties can be reached.
* Is used mainly by httpd.

19
source/de/anomic/http/httpdFileHandler.java
Unescape View File

@ -316,13 +316,16 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
int pos = path.lastIndexOf(".");
if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
// authentication required
if(authorization != null){
//TODO: One (switchboard? httpd?) method to check it all, without too much userDB in the other classes.
if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())|| sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
}
//authentication required
//userDB
if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
//static
}else if(authorization != null && sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
//no auth
}else if (authorization == null) {
// no authorization given in response. Ask for that
httpHeader headers = getDefaultHeaders(path);
@ -330,6 +333,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
//httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
serverObjects tp=new serverObjects();
tp.put("returnto", path);
//TODO: separate errorpage Wrong Login / No Login
httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, headers);
return;
} else {
@ -613,6 +617,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
if (location.length() == 0) location = path;
httpHeader headers = getDefaultHeaders(path);
headers.setCookieVector(tp.getOutgoingHeader().getCookieVector()); //put the cookies into the new header TODO: can we put all headerlines, without trouble?
headers.put(httpHeader.LOCATION,location);
httpd.sendRespondHeader(conProp,out,httpVersion,302,headers);
return;

5
source/de/anomic/server/serverObjects.java
Unescape View File

@ -79,7 +79,10 @@ public final class serverObjects extends Hashtable implements Cloneable {
}
public httpHeader getOutgoingHeader()
{
return outgoingHeader;
if(outgoingHeader!=null)
return outgoingHeader;
else
return new httpHeader();
}

Write Preview
Loading…
Cancel
Save