1 # Module of TWiki Enterprise Collaboration Platform, http://TWiki.org/
3 # Copyright (C) 2005-2006 TWiki Contributors.
4 # All Rights Reserved. TWiki Contributors
5 # are listed in the AUTHORS file in the root of this distribution.
6 # NOTE: Please extend that file, not this notice.
8 # Additional copyrights apply to some or all of the code in this
10 # Copyright (C) 2005 Greg Abbas, twiki@abbas.org
12 # This program is free software; you can redistribute it and/or
13 # modify it under the terms of the GNU General Public License
14 # as published by the Free Software Foundation; either version 2
15 # of the License, or (at your option) any later version. For
16 # more details read LICENSE in the root of this distribution.
18 # This program is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
22 # As per the GPL, removal of this notice is prohibited.
26 ---+ package TWiki::LoginManager::TemplateLogin
28 This is a login manager that you can specify in the security setup section of
29 [[%SCRIPTURL{"configure"}%][configure]]. It provides users with a
30 template-based form to enter usernames and passwords, and works with the
31 PasswordManager that you specify to verify those passwords.
33 Subclass of TWiki::LoginManager; see that class for documentation of the
34 methods of this class.
38 package TWiki::LoginManager::TemplateLogin;
39 use base 'TWiki::LoginManager';
47 ---++ ClassMethod new ($session, $impl)
49 Construct the TemplateLogin object
54 my( $class, $session ) = @_;
55 my $this = $class->SUPER::new($session);
56 $session->enterContext( 'can_login' );
57 if ($TWiki::cfg{Sessions}{ExpireCookiesAfter}) {
58 $session->enterContext( 'can_remember_login' );
60 if ($TWiki::cfg{TemplateLogin}{PreventBrowserRememberingPassword}) {
61 $session->enterContext( 'no_auto_complete_login' );
68 ---++ ObjectMethod forceAuthentication () -> boolean
70 method called when authentication is required - redirects to (...|view)auth
71 Triggered on auth fail
75 sub forceAuthentication {
77 my $twiki = $this->{twiki};
79 unless( $twiki->inContext( 'authenticated' )) {
80 my $query = $twiki->{cgiQuery};
81 # Redirect with passthrough so we don't lose the original query params
82 my $twiki = $this->{twiki};
83 my $topic = $twiki->{topicName};
84 my $web = $twiki->{webName};
85 my $url = $twiki->getScriptUrl( 0, 'login', $web, $topic);
86 $query->param( -name=>'origurl', -value=>$ENV{REQUEST_URI} );
87 $twiki->redirect( $url, 1 );
96 ---++ ObjectMethod loginUrl () -> $loginUrl
98 TODO: why is this not used internally? When is it called, and why
99 Content of a login link
105 my $twiki = $this->{twiki};
106 my $topic = $twiki->{topicName};
107 my $web = $twiki->{webName};
108 return $twiki->getScriptUrl( 0, 'login', $web, $topic,
109 origurl => $ENV{REQUEST_URI} );
114 ---++ ObjectMethod login( $query, $twiki )
116 If a login name and password have been passed in the query, it
117 validates these and if authentic, redirects to the original
118 script. If there is no username in the query or the username/password is
119 invalid (validate returns non-zero) then it prompts again.
121 If a flag to remember the login has been passed in the query, then the
122 corresponding session variable will be set. This will result in the
123 login cookie being preserved across browser sessions.
125 The password handler is expected to return a perl true value if the password
126 is valid. This return value is stored in a session variable called
127 VALIDATION. This is so that password handlers can return extra information
128 about the user, such as a list of TWiki groups stored in a separate
129 database, that can then be displayed by referring to
130 %<nop>SESSION_VARIABLE{"VALIDATION"}%
135 my( $this, $query, $twikiSession ) = @_;
136 my $twiki = $this->{twiki};
137 my $users = $twiki->{users};
139 my $origurl = $query->param( 'origurl' );
140 my $loginName = $query->param( 'username' );
141 my $loginPass = $query->param( 'password' );
142 my $remember = $query->param( 'remember' );
144 # Eat these so there's no risk of accidental passthrough
145 $query->delete('origurl', 'username', 'password');
147 # UserMappings can over-ride where the login template is defined
148 my $loginTemplate = $users->loginTemplateName(); #defaults to login.tmpl
149 my $tmpl = $twiki->templates->readTemplate(
150 $loginTemplate, $twiki->getSkin() );
152 my $banner = $twiki->templates->expandTemplate( 'LOG_IN_BANNER' );
154 my $topic = $twiki->{topicName};
155 my $web = $twiki->{webName};
157 my $cgisession = $this->{_cgisession};
159 $cgisession->param( 'REMEMBER', $remember ) if $cgisession;
160 if( $cgisession && $cgisession->param( 'AUTHUSER' ) &&
161 $loginName && $loginName ne $cgisession->param( 'AUTHUSER' )) {
162 $banner = $twiki->templates->expandTemplate( 'LOGGED_IN_BANNER' );
163 $note = $twiki->templates->expandTemplate( 'NEW_USER_NOTE' );
169 my $validation = $users->checkPassword( $loginName, $loginPass );
170 $error = $users->passwordError();
173 $this->userLoggedIn( $loginName );
174 $cgisession->param( 'VALIDATION', $validation ) if $cgisession;
175 if( !$origurl || $origurl eq $query->url() ) {
176 $origurl = $twiki->getScriptUrl( 0, 'view', $web, $topic );
178 #SUCCESS our user is authenticated..
179 $query->delete('sudo'); #remove the sudo param - its only to tell TemplateLogin that we're using BaseMapper..
180 # Redirect with passthrough
181 $twikiSession->redirect($origurl, 1 );
184 $banner = $twiki->templates->expandTemplate('UNRECOGNISED_USER');
188 # TODO: add JavaScript password encryption in the template
191 $twiki->{prefs}->pushPreferenceValues(
193 {ORIGURL=>$origurl, BANNER=>$banner, NOTE=>$note, ERROR=>$error});
195 $tmpl = $twiki->handleCommonTags( $tmpl, $web, $topic );
196 $tmpl = $twiki->renderer->getRenderedVersion( $tmpl, '' );
198 $twiki->writeCompletePage($tmpl);