From bd22634c4491e03029eab58d9783cf570ee530b7 Mon Sep 17 00:00:00 2001 From: allo Date: Mon, 12 Jun 2006 13:47:44 +0000 Subject: [PATCH] HTML-login, logout fixed. TODO: If you login with the form, then logout with the form, and then try to login with httpauth, the first try will fail. (should logged_out be resettet in ipAuth? but if there is ipAuth before proxyAuth, the logout would be broken. Maybe a combined method can help.) git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2200 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/User.java | 6 +++- htroot/proxymsg/authfail.inc | 8 ++++- source/de/anomic/http/httpdFileHandler.java | 33 ++++++++------------- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/htroot/User.java b/htroot/User.java index 71f31b829..3751ea4a8 100644 --- a/htroot/User.java +++ b/htroot/User.java @@ -76,6 +76,9 @@ public class User{ }else if(post != null && post.containsKey("username") && post.containsKey("password")){ entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"), (String)header.get("CLIENTIP", "xxxxxx")); prop.put("logged-in_identified-by", 1); + if(post.containsKey("returnto")){ + prop.put("LOCATION", (String)post.get("returnto")); + } //identified via ip. }else{ entry=sb.userDB.ipAuth(((String)header.get("CLIENTIP", "xxxxxx"))); @@ -124,7 +127,8 @@ public class User{ prop.put("status_password", 1); //old pw wrong } } - }else if(post!=null && post.containsKey("logout")){ + } + if(post!=null && post.containsKey("logout")){ prop.put("logged-in",0); if(entry != null){ entry.logout(((String)header.get("CLIENTIP", "xxxxxx"))); diff --git a/htroot/proxymsg/authfail.inc b/htroot/proxymsg/authfail.inc index c6ea7ae1d..1416b31da 100644 --- a/htroot/proxymsg/authfail.inc +++ b/htroot/proxymsg/authfail.inc @@ -1 +1,7 @@ -Your Username/Password is wrong. \ No newline at end of file +Your Username/Password is wrong. +
+username:
+password:
+
+ +
diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java index b3d625be4..d93a2b638 100644 --- a/source/de/anomic/http/httpdFileHandler.java +++ b/source/de/anomic/http/httpdFileHandler.java @@ -103,11 +103,11 @@ import java.util.zip.GZIPOutputStream; import javax.imageio.ImageIO; +import de.anomic.data.userDB; import de.anomic.plasma.plasmaParser; import de.anomic.plasma.plasmaSwitchboard; import de.anomic.server.serverByteBuffer; import de.anomic.server.serverClassLoader; -import de.anomic.server.serverCodings; import de.anomic.server.serverCore; import de.anomic.server.serverFileUtils; import de.anomic.server.serverObjects; @@ -313,26 +313,26 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http // check permission/granted access String authorization = (String) requestHeader.get(httpHeader.AUTHORIZATION); String adminAccountBase64MD5 = switchboard.getConfig("adminAccountBase64MD5", ""); + int pos = path.lastIndexOf("."); if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) { // authentication required - - if (authorization == null) { + userDB.Entry entry=sb.userDB.ipAuth(conProp.getProperty(httpHeader.CONNECTION_PROP_CLIENTIP)); + if( (entry != null && entry.hasAdminRight()) || (authorization != null && sb.userDB.hasAdminRight(authorization)) ){ + //Authentication successful. remove brute-force flag + serverCore.bfHost.remove(conProp.getProperty("CLIENTIP")); + }else if (authorization == null) { // no authorization given in response. Ask for that httpHeader headers = getDefaultHeaders(path); headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\""); //httpd.sendRespondHeader(conProp,out,httpVersion,401,headers); - httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), new serverObjects(), null, headers); + serverObjects tp=new serverObjects(); + tp.put("returnto", path); + httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, headers); return; - } - - // authorization is given - if (sb.userDB.hasAdminRight(authorization)) { - // Authentication successful. remove brute-force flag - serverCore.bfHost.remove(conProp.getProperty("CLIENTIP")); } else { - // a wrong authentication was given. Ask again + // a wrong authentication was given or the userDB user does not have admin access. Ask again String clientIP = conProp.getProperty("CLIENTIP", "unknown-host"); serverLog.logInfo("HTTPD", "Wrong log-in for account 'admin' in http file handler for path '" + path + "' from host '" + clientIP + "'"); Integer attempts = (Integer) serverCore.bfHost.get(clientIP); @@ -344,17 +344,10 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http httpHeader headers = getDefaultHeaders(path); headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\""); httpd.sendRespondHeader(conProp,out,httpVersion,401,headers); - return; + return; } } - // handle bfHost in case we have authentified correctly - if ((authorization != null) && - (adminAccountBase64MD5.length() != 0) && - (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization.trim().substring(6))))) { - // remove brute-force flag - serverCore.bfHost.remove(conProp.getProperty(httpHeader.CONNECTION_PROP_CLIENTIP)); - } // parse arguments serverObjects args = new serverObjects(); @@ -453,7 +446,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http } } }else{ - //you cannot share a .png/.gif file with a name like a class in htroot. + //XXX: you cannot share a .png/.gif file with a name like a class in htroot. if ( !(targetFile.exists()) && !((path.endsWith("png")||path.endsWith("gif")||path.endsWith(".stream"))&&targetClass!=null ) ){ targetFile = new File(htDocsPath, path); targetClass = rewriteClassFile(new File(htDocsPath, path));