/* Internal login service routine for Form-based auth */ static void loginServiceProc(Webs *wp) { WebsRoute *route; assert(wp); route = wp->route; assert(route); if (websLoginUser(wp, websGetVar(wp, "username", ""), websGetVar(wp, "password", ""))) { /* If the application defines a referrer session var, redirect to that */ char *referrer; if ((referrer = websGetSessionVar(wp, "referrer", 0)) != 0) { websRedirect(wp, referrer); } else { websRedirectByStatus(wp, HTTP_CODE_OK); } websSetSessionVar(wp, "loginStatus", "ok"); } else { if (route->askLogin) { (route->askLogin)(wp); } websSetSessionVar(wp, "loginStatus", "failed"); websRedirectByStatus(wp, HTTP_CODE_UNAUTHORIZED); } }
PUBLIC bool websAuthenticate(Webs *wp) { WebsRoute *route; char *username; int cached; assert(wp); assert(wp->route); route = wp->route; if (!route || !route->authType || autoLogin) { /* Authentication not required */ return 1; } cached = 0; if (wp->cookie && websGetSession(wp, 0) != 0) { /* Retrieve authentication state from the session storage. Faster than re-authenticating. */ if ((username = (char*) websGetSessionVar(wp, WEBS_SESSION_USERNAME, 0)) != 0) { cached = 1; wfree(wp->username); wp->username = sclone(username); } } if (!cached) { if (wp->authType && !smatch(wp->authType, route->authType)) { websError(wp, HTTP_CODE_UNAUTHORIZED, "Access denied. Wrong authentication protocol type."); return 0; } if (wp->authDetails && route->parseAuth) { if (!(route->parseAuth)(wp)) { wp->username = 0; } } if (!wp->username || !*wp->username) { if (route->askLogin) { (route->askLogin)(wp); } websRedirectByStatus(wp, HTTP_CODE_UNAUTHORIZED); return 0; } if (!(route->verify)(wp)) { if (route->askLogin) { (route->askLogin)(wp); } websRedirectByStatus(wp, HTTP_CODE_UNAUTHORIZED); return 0; } /* Store authentication state and user in session storage */ if (websGetSession(wp, 1) != 0) { websSetSessionVar(wp, WEBS_SESSION_USERNAME, wp->username); } } return 1; }
static void sessionTest(Webs *wp, char *path, char *query) { char *number; if (scaselessmatch(wp->method, "POST")) { number = websGetVar(wp, "number", 0); websSetSessionVar(wp, "number", number); } else { number = websGetSessionVar(wp, "number", 0); } websSetStatus(wp, 200); websWriteHeaders(wp, -1, 0); websWriteEndHeaders(wp); websWrite(wp, "<html><body><p>Number %s</p></body></html>\n", number); websDone(wp); }
PUBLIC bool websLoginUser(Webs *wp, char *username, char *password) { assure(wp); assure(wp->route); assure(username && *username); assure(password); if (!wp->route || !wp->route->verify) { return 0; } wfree(wp->username); wp->username = sclone(username); wfree(wp->password); wp->password = sclone(password); if (!(wp->route->verify)(wp)) { trace(2, "Password does not match\n"); return 0; } websSetSessionVar(wp, WEBS_SESSION_USERNAME, wp->username); return 1; }