void AuthWidget::oAuthDone(OAuthProcess *oauth, const Identity& identity) { /* * FIXME: perhaps consider moving this to the model with signals or * by passing the Login object ? */ if (identity.isValid()) { LOG_SECURE(oauth->service().name() << ": identified: as " << identity.id() << ", " << identity.name() << ", " << identity.email()); std::auto_ptr<AbstractUserDatabase::Transaction> t(model_->users().startTransaction()); User user = model_->baseAuth()->identifyUser(identity, model_->users()); if (user.isValid()) login_.login(user); else registerNewUser(identity); if (t.get()) t->commit(); } else { LOG_SECURE(oauth->service().name() << ": error: " << oauth->error()); displayError(oauth->error()); } }
void RegistrationWidget::oAuthDone(OAuthProcess *oauth, const Identity& identity) { if (identity.isValid()) { LOG_SECURE(oauth->service().name() << ": identified: as " << identity.id() << ", " << identity.name() << ", " << identity.email()); if (!model_->registerIdentified(identity)) update(); } else { if (authWidget_) authWidget_->displayError(oauth->error()); LOG_SECURE(oauth->service().name() << ": error: " << oauth->error()); } }
bool AuthModel::validateField(Field field) { if (field == RememberMeField) return true; User user = users().findWithIdentity(Identity::LoginName, valueText(LoginNameField)); if (field == LoginNameField) { if (user.isValid()) setValid(LoginNameField); else { setValidation (LoginNameField, WValidator::Result(ValidationState::Invalid, WString::tr("Wt.Auth.user-name-invalid"))); throttlingDelay_ = 0; } return user.isValid(); } else if (field == PasswordField) { if (user.isValid()) { PasswordResult r = passwordAuth()->verifyPassword(user, valueText(PasswordField)); switch (r) { case PasswordResult::PasswordInvalid: setValidation (PasswordField, WValidator::Result(ValidationState::Invalid, WString::tr("Wt.Auth.password-invalid"))); if (passwordAuth()->attemptThrottlingEnabled()) throttlingDelay_ = passwordAuth()->delayForNextAttempt(user); return false; case PasswordResult::LoginThrottling: setValidation (PasswordField, WValidator::Result(ValidationState::Invalid, WString::tr("Wt.Auth.password-info"))); setValidated(PasswordField, false); throttlingDelay_ = passwordAuth()->delayForNextAttempt(user); LOG_SECURE("throttling: " << throttlingDelay_ << " seconds for " << user.identity(Identity::LoginName)); return false; case PasswordResult::PasswordValid: setValid(PasswordField); return true; } /* unreachable */ return false; } else return false; } else return false; }
void XSSSanitize(xml_node<> *x_node) { for (xml_attribute<> *x_attr = x_node->first_attribute(); x_attr;) { xml_attribute<> *x_next_attr = x_attr->next_attribute(); if (Wt::XSS::isBadAttribute(x_attr->name()) || Wt::XSS::isBadAttributeValue(x_attr->name(), x_attr->value())) { LOG_SECURE("discarding invalid attribute: " << x_attr->name() << ": " << x_attr->value()); x_node->remove_attribute(x_attr); } x_attr = x_next_attr; } for (xml_node<> *x_child = x_node->first_node(); x_child;) { xml_node<> *x_next_child = x_child->next_sibling(); if (Wt::XSS::isBadTag(x_child->name())) { LOG_SECURE("discarding invalid tag: " << x_child->name()); x_node->remove_node(x_child); } else XSSSanitize(x_child); x_child = x_next_child; } if (!x_node->first_node() && x_node->value_size() == 0 && !DomElement::isSelfClosingTag(x_node->name())) { // We need to add an emtpy data node since <div /> is illegal HTML // (but valid XML / XHTML) xml_node<> *empty = x_node->document()->allocate_node(node_data, 0, 0, 0, 0); x_node->append_node(empty); } }