void AuthWidget::oAuthDone(OAuthProcess *oauth, const Identity& identity)
{
/*
* FIXME: perhaps consider moving this to the model with signals or
* by passing the Login object ?
*/
if (identity.isValid()) {
LOG_SECURE(oauth->service().name() << ": identified: as "
<< identity.id() << ", "
<< identity.name() << ", " << identity.email());
std::auto_ptr<AbstractUserDatabase::Transaction>
t(model_->users().startTransaction());
User user = model_->baseAuth()->identifyUser(identity, model_->users());
if (user.isValid())
login_.login(user);
else
registerNewUser(identity);
if (t.get())
t->commit();
} else {
LOG_SECURE(oauth->service().name() << ": error: " << oauth->error());
displayError(oauth->error());
}
}
void RegistrationWidget::oAuthDone(OAuthProcess *oauth,
const Identity& identity)
{
if (identity.isValid()) {
LOG_SECURE(oauth->service().name() << ": identified: as "
<< identity.id() << ", " << identity.name() << ", "
<< identity.email());
if (!model_->registerIdentified(identity))
update();
} else {
if (authWidget_)
authWidget_->displayError(oauth->error());
LOG_SECURE(oauth->service().name() << ": error: " << oauth->error());
}
}
bool AuthModel::validateField(Field field)
{
if (field == RememberMeField)
return true;
User user = users().findWithIdentity(Identity::LoginName,
valueText(LoginNameField));
if (field == LoginNameField) {
if (user.isValid())
setValid(LoginNameField);
else {
setValidation
(LoginNameField,
WValidator::Result(ValidationState::Invalid,
WString::tr("Wt.Auth.user-name-invalid")));
throttlingDelay_ = 0;
}
return user.isValid();
} else if (field == PasswordField) {
if (user.isValid()) {
PasswordResult r
= passwordAuth()->verifyPassword(user, valueText(PasswordField));
switch (r) {
case PasswordResult::PasswordInvalid:
setValidation
(PasswordField,
WValidator::Result(ValidationState::Invalid,
WString::tr("Wt.Auth.password-invalid")));
if (passwordAuth()->attemptThrottlingEnabled())
throttlingDelay_ = passwordAuth()->delayForNextAttempt(user);
return false;
case PasswordResult::LoginThrottling:
setValidation
(PasswordField,
WValidator::Result(ValidationState::Invalid,
WString::tr("Wt.Auth.password-info")));
setValidated(PasswordField, false);
throttlingDelay_ = passwordAuth()->delayForNextAttempt(user);
LOG_SECURE("throttling: " << throttlingDelay_
<< " seconds for " << user.identity(Identity::LoginName));
return false;
case PasswordResult::PasswordValid:
setValid(PasswordField);
return true;
}
/* unreachable */
return false;
} else
return false;
} else
return false;
}
void XSSSanitize(xml_node<> *x_node)
{
for (xml_attribute<> *x_attr = x_node->first_attribute(); x_attr;) {
xml_attribute<> *x_next_attr = x_attr->next_attribute();
if (Wt::XSS::isBadAttribute(x_attr->name())
|| Wt::XSS::isBadAttributeValue(x_attr->name(), x_attr->value())) {
LOG_SECURE("discarding invalid attribute: "
<< x_attr->name() << ": " << x_attr->value());
x_node->remove_attribute(x_attr);
}
x_attr = x_next_attr;
}
for (xml_node<> *x_child = x_node->first_node(); x_child;) {
xml_node<> *x_next_child = x_child->next_sibling();
if (Wt::XSS::isBadTag(x_child->name())) {
LOG_SECURE("discarding invalid tag: " << x_child->name());
x_node->remove_node(x_child);
} else
XSSSanitize(x_child);
x_child = x_next_child;
}
if (!x_node->first_node()
&& x_node->value_size() == 0
&& !DomElement::isSelfClosingTag(x_node->name())) {
// We need to add an emtpy data node since <div /> is illegal HTML
// (but valid XML / XHTML)
xml_node<> *empty
= x_node->document()->allocate_node(node_data, 0, 0, 0, 0);
x_node->append_node(empty);
}
}
