added authentication for link deletion in search result

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1177 6c8d7289-2bf4-0310-a012-ef5d649a1542
19 years ago · 13fdebc50d
parent 37f88b4017
commit 13fdebc50d
3 changed files with 28 additions and 15 deletions
--- a/htroot/Steering.java
+++ b/htroot/Steering.java
@ -62,19 +62,9 @@ public class Steering {
        if (prop == null) { return prop; }

        // handle access rights
-        switch (sb.adminAuthenticated(header)) {
-            case 0: // wrong password given
-                try {Thread.sleep(3000);} catch (InterruptedException e) {} // prevent brute-force
-                prop.put("AUTHENTICATE", "admin log-in"); // force log-in
-                return prop;
-            case 1: // no password given
-                prop.put("AUTHENTICATE", "admin log-in"); // force log-in
-                return prop;
-            case 2: // no password stored
-                //prop.put("info", 1); // actions only with password
-                //return prop;
-            case 3: // soft-authenticated for localhost only
-            case 4: // hard-authenticated, all ok
+        if (!sb.verifyAuthentication(header, false)) {
+            prop.put("AUTHENTICATE", "admin log-in"); // force log-in
+            return prop;
        }

        if (post.containsKey("shutdown")) {
--- a/htroot/index.java
+++ b/htroot/index.java
@ -137,8 +137,13 @@ public class index {

        // if a minus-button was hit, remove a special reference first
        if (post.containsKey("deleteref")) {
-        		final String delHash = post.get("deleteref", "");
-        		sb.removeReferences(delHash, query);
+            if (!sb.verifyAuthentication(header, true)) {
+                final serverObjects prop = new serverObjects();
+                prop.put("AUTHENTICATE", "admin log-in"); // force log-in
+                return prop;
+            }
+            final String delHash = post.get("deleteref", "");
+            sb.removeReferences(delHash, query);
        }
        
        // prepare search order
--- a/source/de/anomic/plasma/plasmaSwitchboard.java
+++ b/source/de/anomic/plasma/plasmaSwitchboard.java
@ -1848,6 +1848,24 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
        return 0; // wrong password
    }
    
+    public boolean verifyAuthentication(httpHeader header, boolean strict) {
+        // handle access rights
+        switch (adminAuthenticated(header)) {
+        case 0: // wrong password given
+            try { Thread.sleep(3000); } catch (InterruptedException e) { } // prevent brute-force
+            return false;
+        case 1: // no password given
+            return false;
+        case 2: // no password stored
+            return !strict;
+        case 3: // soft-authenticated for localhost only
+            return true;
+        case 4: // hard-authenticated, all ok
+            return true;
+        }
+        return false;
+    }
+    
    public void terminate() {
        this.terminate = true;
        this.shutdownSync.V();