boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

HTML-login, logout fixed.

Browse Source 
TODO: If you login with the form, then logout with the form, and then try to login with httpauth, the first try will fail.
(should logged_out be resettet in ipAuth? but if there is ipAuth before proxyAuth, the logout would be broken. Maybe a combined method can help.)

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2200 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 19 years ago
parent 3f1ebc097e
commit bd22634c44
3 changed files with 25 additions and 22 deletions
Show Stats Download Patch File Download Diff File

6
htroot/User.java
Unescape View File

@ -76,6 +76,9 @@ public class User{
}else if(post != null && post.containsKey("username") && post.containsKey("password")){
entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"), (String)header.get("CLIENTIP", "xxxxxx"));
prop.put("logged-in_identified-by", 1);
if(post.containsKey("returnto")){
prop.put("LOCATION", (String)post.get("returnto"));
}
//identified via ip.
}else{
entry=sb.userDB.ipAuth(((String)header.get("CLIENTIP", "xxxxxx")));
@ -124,7 +127,8 @@ public class User{
prop.put("status_password", 1); //old pw wrong
}
}
}else if(post!=null && post.containsKey("logout")){
}
if(post!=null && post.containsKey("logout")){
prop.put("logged-in",0);
if(entry != null){
entry.logout(((String)header.get("CLIENTIP", "xxxxxx")));

8
htroot/proxymsg/authfail.inc
Unescape View File

@ -1 +1,7 @@
Your Username/Password is wrong.
Your Username/Password is wrong.
<form action="/User.html" method="POST">
username: <input type="text" name="username"><br />
password: <input type="password" name="password"><br />
<input type="hidden" name="returnto", value="#[returnto]#"><br />
<input type="submit" value="login">
</form>

33
source/de/anomic/http/httpdFileHandler.java
Unescape View File

@ -103,11 +103,11 @@ import java.util.zip.GZIPOutputStream;
import javax.imageio.ImageIO;
import de.anomic.data.userDB;
import de.anomic.plasma.plasmaParser;
import de.anomic.plasma.plasmaSwitchboard;
import de.anomic.server.serverByteBuffer;
import de.anomic.server.serverClassLoader;
import de.anomic.server.serverCodings;
import de.anomic.server.serverCore;
import de.anomic.server.serverFileUtils;
import de.anomic.server.serverObjects;
@ -313,26 +313,26 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
// check permission/granted access
String authorization = (String) requestHeader.get(httpHeader.AUTHORIZATION);
String adminAccountBase64MD5 = switchboard.getConfig("adminAccountBase64MD5", "");
int pos = path.lastIndexOf(".");
if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
// authentication required
if (authorization == null) {
userDB.Entry entry=sb.userDB.ipAuth(conProp.getProperty(httpHeader.CONNECTION_PROP_CLIENTIP));
if( (entry != null && entry.hasAdminRight()) || (authorization != null && sb.userDB.hasAdminRight(authorization)) ){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
}else if (authorization == null) {
// no authorization given in response. Ask for that
httpHeader headers = getDefaultHeaders(path);
headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
//httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), new serverObjects(), null, headers);
serverObjects tp=new serverObjects();
tp.put("returnto", path);
httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, headers);
return;
}
// authorization is given
if (sb.userDB.hasAdminRight(authorization)) {
// Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
} else {
// a wrong authentication was given. Ask again
// a wrong authentication was given or the userDB user does not have admin access. Ask again
String clientIP = conProp.getProperty("CLIENTIP", "unknown-host");
serverLog.logInfo("HTTPD", "Wrong log-in for account 'admin' in http file handler for path '" + path + "' from host '" + clientIP + "'");
Integer attempts = (Integer) serverCore.bfHost.get(clientIP);
@ -344,17 +344,10 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
httpHeader headers = getDefaultHeaders(path);
headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
return;
return;
}
}
// handle bfHost in case we have authentified correctly
if ((authorization != null) &&
(adminAccountBase64MD5.length() != 0) &&
(adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization.trim().substring(6))))) {
// remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty(httpHeader.CONNECTION_PROP_CLIENTIP));
}
// parse arguments
serverObjects args = new serverObjects();
@ -453,7 +446,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
}
}
}else{
//you cannot share a .png/.gif file with a name like a class in htroot.
//XXX: you cannot share a .png/.gif file with a name like a class in htroot.
if ( !(targetFile.exists()) && !((path.endsWith("png")||path.endsWith("gif")||path.endsWith(".stream"))&&targetClass!=null ) ){
targetFile = new File(htDocsPath, path);
targetClass = rewriteClassFile(new File(htDocsPath, path));

Write Preview
Loading…
Cancel
Save