/*
Callback from httpLogin to verify credentials using the password defined in the database.
*/
static bool verifyUser(HttpStream *stream, cchar *username, cchar *password)
{
HttpAuth *auth;
HttpUser *user;
HttpRx *rx;
EdiRec *urec;
rx = stream->rx;
auth = rx->route->auth;
if ((urec = readRecWhere("user", "username", "==", username)) == 0) {
httpLog(stream->trace, "auth.login.error", "error", "msg: 'Cannot verify user', username: '******'", username);
return 0;
}
if (!mprCheckPassword(password, getField(urec, "password"))) {
httpLog(stream->trace, "auth.login.error", "error", "msg: 'Password failed to authenticate', username: '******'", username);
mprSleep(500);
return 0;
}
/*
Cache the user and define the user roles. Thereafter, the app can use "httpCanUser" to test if the user
has the required abilities (defined by their roles) to perform a given request or operation.
*/
if ((user = httpLookupUser(auth, username)) == 0) {
user = httpAddUser(auth, username, 0, ediGetFieldValue(urec, "roles"));
}
/*
Define this as the authenticated and authorized user for this session
*/
httpSetStreamUser(stream, user);
httpLog(stream->trace, "auth.login.authenticated", "context", "msg: 'User authenticated', username: '******'", username);
return 1;
}
static void retractPackage() {
EdiRec *rec;
cchar *password, *name;
name = param("name");
password = param("password");
if (!name || !*name || !password || !*password) {
sendResult(feedback("error", "Missing name or password parameters"));
return;
}
if ((rec = readRecWhere("pak", "name", "==", name)) == 0) {
sendResult(feedback("error", "Cannot find package"));
return;
} else if (!mprCheckPassword(password, getField(rec, "password"))) {
sendResult(feedback("error", "Invalid password"));
return;
}
sendResult(removeRec("pak", rec->id));
}
/*
Verify the user password for the "config" store based on the users defined via configuration directives.
Password may be NULL only if using auto-login.
*/
static bool configVerifyUser(HttpConn *conn, cchar *username, cchar *password)
{
HttpRx *rx;
HttpAuth *auth;
bool success;
char *requiredPassword;
rx = conn->rx;
auth = rx->route->auth;
if (!conn->user && (conn->user = mprLookupKey(auth->userCache, username)) == 0) {
httpTrace(conn, "auth.login.error", "error", "msg: 'Unknown user', username:'******'", username);
return 0;
}
if (password) {
if (auth->realm == 0 || *auth->realm == '\0') {
mprLog("error http auth", 0, "No AuthRealm defined");
}
requiredPassword = (rx->passwordDigest) ? rx->passwordDigest : conn->user->password;
if (sncmp(requiredPassword, "BF", 2) == 0 && slen(requiredPassword) > 4 && isdigit(requiredPassword[2]) &&
requiredPassword[3] == ':') {
/* Blowifsh */
success = mprCheckPassword(sfmt("%s:%s:%s", username, auth->realm, password), conn->user->password);
} else {
if (!conn->encoded) {
password = mprGetMD5(sfmt("%s:%s:%s", username, auth->realm, password));
conn->encoded = 1;
}
success = smatch(password, requiredPassword);
}
if (success) {
httpTrace(conn, "auth.login.authenticated", "context", "msg:'User authenticated', username:'******'", username);
} else {
httpTrace(conn, "auth.login.error", "error", "msg:'Password failed to authenticate', username:'******'", username);
}
return success;
}
return 1;
}
/*
Can call this without being authenticated
*/
static void publishPackage() {
HttpConn *conn;
EdiRec *rec;
cchar *email, *password, *name, *endpoint;
bool checkPassword;
name = param("name");
endpoint = param("endpoint");
password = param("password");
email = param("email");
conn = getConn();
if (!name || !*name || !endpoint || !*endpoint) {
sendResult(feedback("error", "Missing name or endpoint parameters"));
return;
}
if (!email || !*email) {
sendResult(feedback("error", "Missing email parameter"));
return;
}
if (canUser("edit", 0) && smatch(conn->username, name)) {
checkPassword = 0;
httpTrace(conn, "auth.login.authenticated", "context", "msg=\"Authenticated for package\", pak=%s", name);
} else {
if (!password || !*password) {
sendResult(feedback("error", "Missing password parameter"));
return;
}
checkPassword = 1;
}
if ((rec = readRecWhere("pak", "name", "==", name)) != 0) {
if (checkPassword && !mprCheckPassword(password, getField(rec, "password"))) {
sendResult(feedback("error", "Package already exists but invalid password"));
return;
}
setFields(rec, params());
} else {
#if FUTURE
cchar *uri, *response, *err;
uri = strim(endpoint, ".git", MPR_TRIM_END);
uri = sjoin(uri, "/raw/master/package.json", NULL);
status = httpRequest("GET", uri, NULL, &response, &err);
if (status != 200) {
feedback("warn", "Could not verify endpoint");
} else {
if (!response || mprParseJson(response) == 0) {
feedback("warn", "Could not verify endpoint package.json");
}
}
#endif
if ((rec = createRec("pak", params())) == 0) {
sendResult(feedback("error", "Cannot create package record"));
return;
}
}
setField(rec, "password", mprMakePassword(password, PASSWORD_SALT, PASSWORD_ROUNDS));
if (!(updateRec(rec))) {
sendResult(feedback("error", "Cannot save package details"));
return;
}
sendRec(rec);
}
