lib/TWiki/LoginManager/TemplateLogin.pm
changeset 0 414e01d06fd5
child 1 e2915a7cbdfa
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/lib/TWiki/LoginManager/TemplateLogin.pm	Sat Jan 26 15:50:53 2008 +0100
     1.3 @@ -0,0 +1,197 @@
     1.4 +# Module of TWiki Enterprise Collaboration Platform, http://TWiki.org/
     1.5 +#
     1.6 +# Copyright (C) 2005-2006 TWiki Contributors.
     1.7 +# All Rights Reserved. TWiki Contributors
     1.8 +# are listed in the AUTHORS file in the root of this distribution.
     1.9 +# NOTE: Please extend that file, not this notice.
    1.10 +#
    1.11 +# Additional copyrights apply to some or all of the code in this
    1.12 +# file as follows:
    1.13 +# Copyright (C) 2005 Greg Abbas, twiki@abbas.org
    1.14 +#
    1.15 +# This program is free software; you can redistribute it and/or
    1.16 +# modify it under the terms of the GNU General Public License
    1.17 +# as published by the Free Software Foundation; either version 2
    1.18 +# of the License, or (at your option) any later version. For
    1.19 +# more details read LICENSE in the root of this distribution.
    1.20 +#
    1.21 +# This program is distributed in the hope that it will be useful,
    1.22 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    1.23 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    1.24 +#
    1.25 +# As per the GPL, removal of this notice is prohibited.
    1.26 +
    1.27 +=pod
    1.28 +
    1.29 +---+ package TWiki::LoginManager::TemplateLogin
    1.30 +
    1.31 +This is a login manager that you can specify in the security setup section of
    1.32 +[[%SCRIPTURL{"configure"}%][configure]]. It provides users with a
    1.33 +template-based form to enter usernames and passwords, and works with the
    1.34 +PasswordManager that you specify to verify those passwords.
    1.35 +
    1.36 +Subclass of TWiki::LoginManager; see that class for documentation of the
    1.37 +methods of this class.
    1.38 +
    1.39 +=cut
    1.40 +
    1.41 +package TWiki::LoginManager::TemplateLogin;
    1.42 +use base 'TWiki::LoginManager';
    1.43 +
    1.44 +use strict;
    1.45 +use Assert;
    1.46 +
    1.47 +
    1.48 +=pod
    1.49 +
    1.50 +---++ ClassMethod new ($session, $impl)
    1.51 +
    1.52 +Construct the TemplateLogin object
    1.53 +
    1.54 +=cut
    1.55 +
    1.56 +sub new {
    1.57 +    my( $class, $session ) = @_;
    1.58 +    my $this = $class->SUPER::new($session);
    1.59 +    $session->enterContext( 'can_login' );
    1.60 +    if ($TWiki::cfg{Sessions}{ExpireCookiesAfter}) {
    1.61 +        $session->enterContext( 'can_remember_login' );
    1.62 +    }
    1.63 +    return $this;
    1.64 +}
    1.65 +
    1.66 +=pod
    1.67 +
    1.68 +---++ ObjectMethod forceAuthentication () -> boolean
    1.69 +
    1.70 +method called when authentication is required - redirects to (...|view)auth
    1.71 +Triggered on auth fail
    1.72 +
    1.73 +=cut
    1.74 +
    1.75 +sub forceAuthentication {
    1.76 +    my $this = shift;
    1.77 +    my $twiki = $this->{twiki};
    1.78 +
    1.79 +    unless( $twiki->inContext( 'authenticated' )) {
    1.80 +        my $query = $twiki->{cgiQuery};
    1.81 +        # Redirect with passthrough so we don't lose the original query params
    1.82 +        my $twiki = $this->{twiki};
    1.83 +        my $topic = $twiki->{topicName};
    1.84 +        my $web = $twiki->{webName};
    1.85 +        my $url = $twiki->getScriptUrl( 0, 'login', $web, $topic);
    1.86 +        $query->param( -name=>'origurl', -value=>$ENV{REQUEST_URI} );
    1.87 +        $twiki->redirect( $url, 1 );
    1.88 +        return 1;
    1.89 +    }
    1.90 +    return undef;
    1.91 +}
    1.92 +
    1.93 +
    1.94 +=pod
    1.95 +
    1.96 +---++ ObjectMethod loginUrl () -> $loginUrl
    1.97 +
    1.98 +TODO: why is this not used internally? When is it called, and why
    1.99 +Content of a login link
   1.100 +
   1.101 +=cut
   1.102 +
   1.103 +sub loginUrl {
   1.104 +    my $this = shift;
   1.105 +    my $twiki = $this->{twiki};
   1.106 +    my $topic = $twiki->{topicName};
   1.107 +    my $web = $twiki->{webName};
   1.108 +    return $twiki->getScriptUrl( 0, 'login', $web, $topic,
   1.109 +                                 origurl => $ENV{REQUEST_URI} );
   1.110 +}
   1.111 +
   1.112 +=pod
   1.113 +
   1.114 +---++ ObjectMethod login( $query, $twiki )
   1.115 +
   1.116 +If a login name and password have been passed in the query, it
   1.117 +validates these and if authentic, redirects to the original
   1.118 +script. If there is no username in the query or the username/password is
   1.119 +invalid (validate returns non-zero) then it prompts again.
   1.120 +
   1.121 +If a flag to remember the login has been passed in the query, then the
   1.122 +corresponding session variable will be set. This will result in the
   1.123 +login cookie being preserved across browser sessions.
   1.124 +
   1.125 +The password handler is expected to return a perl true value if the password
   1.126 +is valid. This return value is stored in a session variable called
   1.127 +VALIDATION. This is so that password handlers can return extra information
   1.128 +about the user, such as a list of TWiki groups stored in a separate
   1.129 +database, that can then be displayed by referring to
   1.130 +%<nop>SESSION_VARIABLE{"VALIDATION"}%
   1.131 +
   1.132 +=cut
   1.133 +
   1.134 +sub login {
   1.135 +    my( $this, $query, $twikiSession ) = @_;
   1.136 +    my $twiki = $this->{twiki};
   1.137 +    my $users = $twiki->{users};
   1.138 +
   1.139 +    my $origurl = $query->param( 'origurl' );
   1.140 +    my $loginName = $query->param( 'username' );
   1.141 +    my $loginPass = $query->param( 'password' );
   1.142 +    my $remember = $query->param( 'remember' );
   1.143 +
   1.144 +    # Eat these so there's no risk of accidental passthrough
   1.145 +    $query->delete('origurl', 'username', 'password');
   1.146 +
   1.147 +    # UserMappings can over-ride where the login template is defined
   1.148 +    my $loginTemplate = $users->loginTemplateName();        #defaults to login.tmpl
   1.149 +    my $tmpl = $twiki->templates->readTemplate(
   1.150 +        $loginTemplate, $twiki->getSkin() );
   1.151 +
   1.152 +    my $banner = $twiki->templates->expandTemplate( 'LOG_IN_BANNER' );
   1.153 +    my $note = '';
   1.154 +    my $topic = $twiki->{topicName};
   1.155 +    my $web = $twiki->{webName};
   1.156 +
   1.157 +    my $cgisession = $this->{_cgisession};
   1.158 +
   1.159 +    $cgisession->param( 'REMEMBER', $remember ) if $cgisession;
   1.160 +    if( $cgisession && $cgisession->param( 'AUTHUSER' ) &&
   1.161 +        $loginName && $loginName ne $cgisession->param( 'AUTHUSER' )) {
   1.162 +        $banner = $twiki->templates->expandTemplate( 'LOGGED_IN_BANNER' );
   1.163 +        $note = $twiki->templates->expandTemplate( 'NEW_USER_NOTE' );
   1.164 +     }
   1.165 +
   1.166 +    my $error = '';
   1.167 +
   1.168 +    if( $loginName ) {
   1.169 +        my $validation = $users->checkPassword( $loginName, $loginPass );
   1.170 +        $error = $users->passwordError();
   1.171 +
   1.172 +        if( $validation ) {
   1.173 +            $this->userLoggedIn( $loginName );
   1.174 +            $cgisession->param( 'VALIDATION', $validation ) if $cgisession;
   1.175 +            if( !$origurl || $origurl eq $query->url() ) {
   1.176 +                $origurl = $twiki->getScriptUrl( 0, 'view', $web, $topic );
   1.177 +            }
   1.178 +            #SUCCESS our user is authenticated..
   1.179 +            $query->delete('sudo'); #remove the sudo param - its only to tell TemplateLogin that we're using BaseMapper..
   1.180 +            # Redirect with passthrough
   1.181 +            $twikiSession->redirect($origurl, 1 );
   1.182 +            return;
   1.183 +        } else {
   1.184 +            $banner = $twiki->templates->expandTemplate('UNRECOGNISED_USER');
   1.185 +        }
   1.186 +    }
   1.187 +
   1.188 +    # TODO: add JavaScript password encryption in the template
   1.189 +    # to use a template)
   1.190 +    $origurl ||= '';
   1.191 +    $twiki->{prefs}->pushPreferenceValues('SESSION', {ORIGURL=>$origurl, BANNER=>$banner, NOTE=>$note, ERROR=>$error});
   1.192 +
   1.193 +    $tmpl = $twiki->handleCommonTags( $tmpl, $web, $topic );
   1.194 +    $tmpl = $twiki->renderer->getRenderedVersion( $tmpl, '' );
   1.195 +    $tmpl =~ s/<nop>//g;
   1.196 +    print $twiki->generateHTTPHeaders( $query );
   1.197 +    print $tmpl;
   1.198 +}
   1.199 +
   1.200 +1;