lib/TWiki/LoginManager/TemplateLogin.pm
changeset 0 414e01d06fd5
child 1 e2915a7cbdfa
equal deleted inserted replaced
-1:000000000000 0:414e01d06fd5
       
     1 # Module of TWiki Enterprise Collaboration Platform, http://TWiki.org/
       
     2 #
       
     3 # Copyright (C) 2005-2006 TWiki Contributors.
       
     4 # All Rights Reserved. TWiki Contributors
       
     5 # are listed in the AUTHORS file in the root of this distribution.
       
     6 # NOTE: Please extend that file, not this notice.
       
     7 #
       
     8 # Additional copyrights apply to some or all of the code in this
       
     9 # file as follows:
       
    10 # Copyright (C) 2005 Greg Abbas, twiki@abbas.org
       
    11 #
       
    12 # This program is free software; you can redistribute it and/or
       
    13 # modify it under the terms of the GNU General Public License
       
    14 # as published by the Free Software Foundation; either version 2
       
    15 # of the License, or (at your option) any later version. For
       
    16 # more details read LICENSE in the root of this distribution.
       
    17 #
       
    18 # This program is distributed in the hope that it will be useful,
       
    19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
       
    20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       
    21 #
       
    22 # As per the GPL, removal of this notice is prohibited.
       
    23 
       
    24 =pod
       
    25 
       
    26 ---+ package TWiki::LoginManager::TemplateLogin
       
    27 
       
    28 This is a login manager that you can specify in the security setup section of
       
    29 [[%SCRIPTURL{"configure"}%][configure]]. It provides users with a
       
    30 template-based form to enter usernames and passwords, and works with the
       
    31 PasswordManager that you specify to verify those passwords.
       
    32 
       
    33 Subclass of TWiki::LoginManager; see that class for documentation of the
       
    34 methods of this class.
       
    35 
       
    36 =cut
       
    37 
       
    38 package TWiki::LoginManager::TemplateLogin;
       
    39 use base 'TWiki::LoginManager';
       
    40 
       
    41 use strict;
       
    42 use Assert;
       
    43 
       
    44 
       
    45 =pod
       
    46 
       
    47 ---++ ClassMethod new ($session, $impl)
       
    48 
       
    49 Construct the TemplateLogin object
       
    50 
       
    51 =cut
       
    52 
       
    53 sub new {
       
    54     my( $class, $session ) = @_;
       
    55     my $this = $class->SUPER::new($session);
       
    56     $session->enterContext( 'can_login' );
       
    57     if ($TWiki::cfg{Sessions}{ExpireCookiesAfter}) {
       
    58         $session->enterContext( 'can_remember_login' );
       
    59     }
       
    60     return $this;
       
    61 }
       
    62 
       
    63 =pod
       
    64 
       
    65 ---++ ObjectMethod forceAuthentication () -> boolean
       
    66 
       
    67 method called when authentication is required - redirects to (...|view)auth
       
    68 Triggered on auth fail
       
    69 
       
    70 =cut
       
    71 
       
    72 sub forceAuthentication {
       
    73     my $this = shift;
       
    74     my $twiki = $this->{twiki};
       
    75 
       
    76     unless( $twiki->inContext( 'authenticated' )) {
       
    77         my $query = $twiki->{cgiQuery};
       
    78         # Redirect with passthrough so we don't lose the original query params
       
    79         my $twiki = $this->{twiki};
       
    80         my $topic = $twiki->{topicName};
       
    81         my $web = $twiki->{webName};
       
    82         my $url = $twiki->getScriptUrl( 0, 'login', $web, $topic);
       
    83         $query->param( -name=>'origurl', -value=>$ENV{REQUEST_URI} );
       
    84         $twiki->redirect( $url, 1 );
       
    85         return 1;
       
    86     }
       
    87     return undef;
       
    88 }
       
    89 
       
    90 
       
    91 =pod
       
    92 
       
    93 ---++ ObjectMethod loginUrl () -> $loginUrl
       
    94 
       
    95 TODO: why is this not used internally? When is it called, and why
       
    96 Content of a login link
       
    97 
       
    98 =cut
       
    99 
       
   100 sub loginUrl {
       
   101     my $this = shift;
       
   102     my $twiki = $this->{twiki};
       
   103     my $topic = $twiki->{topicName};
       
   104     my $web = $twiki->{webName};
       
   105     return $twiki->getScriptUrl( 0, 'login', $web, $topic,
       
   106                                  origurl => $ENV{REQUEST_URI} );
       
   107 }
       
   108 
       
   109 =pod
       
   110 
       
   111 ---++ ObjectMethod login( $query, $twiki )
       
   112 
       
   113 If a login name and password have been passed in the query, it
       
   114 validates these and if authentic, redirects to the original
       
   115 script. If there is no username in the query or the username/password is
       
   116 invalid (validate returns non-zero) then it prompts again.
       
   117 
       
   118 If a flag to remember the login has been passed in the query, then the
       
   119 corresponding session variable will be set. This will result in the
       
   120 login cookie being preserved across browser sessions.
       
   121 
       
   122 The password handler is expected to return a perl true value if the password
       
   123 is valid. This return value is stored in a session variable called
       
   124 VALIDATION. This is so that password handlers can return extra information
       
   125 about the user, such as a list of TWiki groups stored in a separate
       
   126 database, that can then be displayed by referring to
       
   127 %<nop>SESSION_VARIABLE{"VALIDATION"}%
       
   128 
       
   129 =cut
       
   130 
       
   131 sub login {
       
   132     my( $this, $query, $twikiSession ) = @_;
       
   133     my $twiki = $this->{twiki};
       
   134     my $users = $twiki->{users};
       
   135 
       
   136     my $origurl = $query->param( 'origurl' );
       
   137     my $loginName = $query->param( 'username' );
       
   138     my $loginPass = $query->param( 'password' );
       
   139     my $remember = $query->param( 'remember' );
       
   140 
       
   141     # Eat these so there's no risk of accidental passthrough
       
   142     $query->delete('origurl', 'username', 'password');
       
   143 
       
   144     # UserMappings can over-ride where the login template is defined
       
   145     my $loginTemplate = $users->loginTemplateName();        #defaults to login.tmpl
       
   146     my $tmpl = $twiki->templates->readTemplate(
       
   147         $loginTemplate, $twiki->getSkin() );
       
   148 
       
   149     my $banner = $twiki->templates->expandTemplate( 'LOG_IN_BANNER' );
       
   150     my $note = '';
       
   151     my $topic = $twiki->{topicName};
       
   152     my $web = $twiki->{webName};
       
   153 
       
   154     my $cgisession = $this->{_cgisession};
       
   155 
       
   156     $cgisession->param( 'REMEMBER', $remember ) if $cgisession;
       
   157     if( $cgisession && $cgisession->param( 'AUTHUSER' ) &&
       
   158         $loginName && $loginName ne $cgisession->param( 'AUTHUSER' )) {
       
   159         $banner = $twiki->templates->expandTemplate( 'LOGGED_IN_BANNER' );
       
   160         $note = $twiki->templates->expandTemplate( 'NEW_USER_NOTE' );
       
   161      }
       
   162 
       
   163     my $error = '';
       
   164 
       
   165     if( $loginName ) {
       
   166         my $validation = $users->checkPassword( $loginName, $loginPass );
       
   167         $error = $users->passwordError();
       
   168 
       
   169         if( $validation ) {
       
   170             $this->userLoggedIn( $loginName );
       
   171             $cgisession->param( 'VALIDATION', $validation ) if $cgisession;
       
   172             if( !$origurl || $origurl eq $query->url() ) {
       
   173                 $origurl = $twiki->getScriptUrl( 0, 'view', $web, $topic );
       
   174             }
       
   175             #SUCCESS our user is authenticated..
       
   176             $query->delete('sudo'); #remove the sudo param - its only to tell TemplateLogin that we're using BaseMapper..
       
   177             # Redirect with passthrough
       
   178             $twikiSession->redirect($origurl, 1 );
       
   179             return;
       
   180         } else {
       
   181             $banner = $twiki->templates->expandTemplate('UNRECOGNISED_USER');
       
   182         }
       
   183     }
       
   184 
       
   185     # TODO: add JavaScript password encryption in the template
       
   186     # to use a template)
       
   187     $origurl ||= '';
       
   188     $twiki->{prefs}->pushPreferenceValues('SESSION', {ORIGURL=>$origurl, BANNER=>$banner, NOTE=>$note, ERROR=>$error});
       
   189 
       
   190     $tmpl = $twiki->handleCommonTags( $tmpl, $web, $topic );
       
   191     $tmpl = $twiki->renderer->getRenderedVersion( $tmpl, '' );
       
   192     $tmpl =~ s/<nop>//g;
       
   193     print $twiki->generateHTTPHeaders( $query );
       
   194     print $tmpl;
       
   195 }
       
   196 
       
   197 1;