X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=modules%2Fluci-base%2Fluasrc%2Fdispatcher.lua;h=4866727572e67f2bb87ad563e65b3f039aba1127;hp=0876ce658580cf2848f419dd3411638b3f59aaa7;hb=bf71ae5f1b9eef61f61f917a5f24cbbdab418e70;hpb=c8675d0c5560fb47eace7db531c381edbef25db7

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 0876ce658..486672757 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -14,8 +14,6 @@ uci = require "luci.model.uci"
 i18n = require "luci.i18n"
 _M.fs = fs
 
-authenticator = {}
-
 -- Index table
 local index = nil
 
@@ -101,24 +99,6 @@ function error500(message)
 	return false
 end
 
-function authenticator.htmlauth(validator, accs, default)
-	local user = http.formvalue("luci_username")
-	local pass = http.formvalue("luci_password")
-
-	if user and validator(user, pass) then
-		return user
-	end
-
-	require("luci.i18n")
-	require("luci.template")
-	context.path = {}
-	http.status(403, "Forbidden")
-	luci.template.render("sysauth", {duser=default, fuser=user})
-
-	return false
-
-end
-
 function httpdispatch(request, prefix)
 	http.context.request = request
 
@@ -188,6 +168,53 @@ function test_post_security()
 	return true
 end
 
+local function session_retrieve(sid, allowed_users)
+	local sdat = util.ubus("session", "get", { ubus_rpc_session = sid })
+
+	if type(sdat) == "table" and
+	   type(sdat.values) == "table" and
+	   type(sdat.values.token) == "string" and
+	   (not allowed_users or
+	    util.contains(allowed_users, sdat.values.username))
+	then
+		return sid, sdat.values
+	end
+
+	return nil, nil
+end
+
+local function session_setup(user, pass, allowed_users)
+	if util.contains(allowed_users, user) then
+		local login = util.ubus("session", "login", {
+			username = user,
+			password = pass,
+			timeout  = tonumber(luci.config.sauth.sessiontime)
+		})
+
+		local rp = context.requestpath
+			and table.concat(context.requestpath, "/") or ""
+
+		if type(login) == "table" and
+		   type(login.ubus_rpc_session) == "string"
+		then
+			util.ubus("session", "set", {
+				ubus_rpc_session = login.ubus_rpc_session,
+				values = { token = sys.uniqueid(16) }
+			})
+
+			io.stderr:write("luci: accepted login on /%s for %s from %s\n"
+				%{ rp, user, http.getenv("REMOTE_ADDR") or "?" })
+
+			return session_retrieve(login.ubus_rpc_session)
+		end
+
+		io.stderr:write("luci: failed login on /%s for %s from %s\n"
+			%{ rp, user, http.getenv("REMOTE_ADDR") or "?" })
+	end
+
+	return nil, nil
+end
+
 function dispatch(request)
 	--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
 	local ctx = context
@@ -201,10 +228,19 @@ function dispatch(request)
 	local lang = conf.main.lang or "auto"
 	if lang == "auto" then
 		local aclang = http.getenv("HTTP_ACCEPT_LANGUAGE") or ""
-		for lpat in aclang:gmatch("[%w-]+") do
-			lpat = lpat and lpat:gsub("-", "_")
-			if conf.languages[lpat] then
-				lang = lpat
+		for aclang in aclang:gmatch("[%w_-]+") do
+			local country, culture = aclang:match("^([a-z][a-z])[_-]([a-zA-Z][a-zA-Z])$")
+			if country and culture then
+				local cc = "%s_%s" %{ country, culture:lower() }
+				if conf.languages[cc] then
+					lang = cc
+					break
+				elseif conf.languages[country] then
+					lang = country
+					break
+				end
+			elseif conf.languages[aclang] then
+				lang = aclang
 				break
 			end
 		end
@@ -310,15 +346,23 @@ function dispatch(request)
 		   ifattr      = function(...) return _ifattr(...) end;
 		   attr        = function(...) return _ifattr(true, ...) end;
 		   url         = build_url;
-		}, {__index=function(table, key)
+		}, {__index=function(tbl, key)
 			if key == "controller" then
 				return build_url()
 			elseif key == "REQUEST_URI" then
 				return build_url(unpack(ctx.requestpath))
+			elseif key == "FULL_REQUEST_URI" then
+				local url = { http.getenv("SCRIPT_NAME"), http.getenv("PATH_INFO") }
+				local query = http.getenv("QUERY_STRING")
+				if query and #query > 0 then
+					url[#url+1] = "?"
+					url[#url+1] = query
+				end
+				return table.concat(url, "")
 			elseif key == "token" then
 				return ctx.authtoken
 			else
-				return rawget(table, key) or _G[key]
+				return rawget(tbl, key) or _G[key]
 			end
 		end})
 	end
@@ -331,75 +375,66 @@ function dispatch(request)
 		"https://github.com/openwrt/luci/issues"
 	)
 
-	if track.sysauth then
-		local authen = type(track.sysauth_authenticator) == "function"
-		 and track.sysauth_authenticator
-		 or authenticator[track.sysauth_authenticator]
+	if track.sysauth and not ctx.authsession then
+		local authen = track.sysauth_authenticator
+		local _, sid, sdat, default_user, allowed_users
 
-		local def  = (type(track.sysauth) == "string") and track.sysauth
-		local accs = def and {track.sysauth} or track.sysauth
-		local sess = ctx.authsession
-		if not sess then
-			sess = http.getcookie("sysauth")
-			sess = sess and sess:match("^[a-f0-9]*$")
+		if type(authen) == "string" and authen ~= "htmlauth" then
+			error500("Unsupported authenticator %q configured" % authen)
+			return
 		end
 
-		local sdat = (util.ubus("session", "get", { ubus_rpc_session = sess }) or { }).values
-		local user, token
+		if type(track.sysauth) == "table" then
+			default_user, allowed_users = nil, track.sysauth
+		else
+			default_user, allowed_users = track.sysauth, { track.sysauth }
+		end
 
-		if sdat then
-			user = sdat.user
-			token = sdat.token
+		if type(authen) == "function" then
+			_, sid = authen(sys.user.checkpasswd, allowed_users)
 		else
-			local eu = http.getenv("HTTP_AUTH_USER")
-			local ep = http.getenv("HTTP_AUTH_PASS")
-			if eu and ep and sys.user.checkpasswd(eu, ep) then
-				authen = function() return eu end
-			end
+			sid = http.getcookie("sysauth")
 		end
 
-		if not util.contains(accs, user) then
-			if authen then
-				local user, sess = authen(sys.user.checkpasswd, accs, def)
-				local token
-				if not user or not util.contains(accs, user) then
-					return
-				else
-					if not sess then
-						local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) })
-						if sdat then
-							token = sys.uniqueid(16)
-							util.ubus("session", "set", {
-								ubus_rpc_session = sdat.ubus_rpc_session,
-								values = {
-									user = user,
-									token = token,
-									section = sys.uniqueid(16)
-								}
-							})
-							sess = sdat.ubus_rpc_session
-						end
-					end
+		sid, sdat = session_retrieve(sid, allowed_users)
 
-					if sess and token then
-						http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
+		if not (sid and sdat) and authen == "htmlauth" then
+			local user = http.getenv("HTTP_AUTH_USER")
+			local pass = http.getenv("HTTP_AUTH_PASS")
 
-						ctx.authsession = sess
-						ctx.authtoken = token
-						ctx.authuser = user
+			if user == nil and pass == nil then
+				user = http.formvalue("luci_username")
+				pass = http.formvalue("luci_password")
+			end
+
+			sid, sdat = session_setup(user, pass, allowed_users)
+
+			if not sid then
+				local tmpl = require "luci.template"
+
+				context.path = {}
 
-						http.redirect(build_url(unpack(ctx.requestpath)))
-					end
-				end
-			else
 				http.status(403, "Forbidden")
+				tmpl.render(track.sysauth_template or "sysauth", {
+					duser = default_user,
+					fuser = user
+				})
+
 				return
 			end
-		else
-			ctx.authsession = sess
-			ctx.authtoken = token
-			ctx.authuser = user
+
+			http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+			http.redirect(build_url(unpack(ctx.requestpath)))
 		end
+
+		if not sid or not sdat then
+			http.status(403, "Forbidden")
+			return
+		end
+
+		ctx.authsession = sid
+		ctx.authtoken = sdat.token
+		ctx.authuser = sdat.username
 	end
 
 	if c and require_post_security(c.target) then
@@ -623,6 +658,23 @@ function node(...)
 	return c
 end
 
+function lookup(...)
+	local i, path = nil, {}
+	for i = 1, select('#', ...) do
+		local name, arg = nil, tostring(select(i, ...))
+		for name in arg:gmatch("[^/]+") do
+			path[#path+1] = name
+		end
+	end
+
+	for i = #path, 1, -1 do
+		local node = context.treecache[table.concat(path, ".", 1, i)]
+		if node and (i == #path or node.leaf) then
+			return node, build_url(unpack(path))
+		end
+	end
+end
+
 function _create_node(path)
 	if #path == 0 then
 		return context.tree
@@ -764,7 +816,16 @@ local function _cbi(self, ...)
 
 	local state = nil
 
+	local i, res
 	for i, res in ipairs(maps) do
+		if util.instanceof(res, cbi.SimpleForm) then
+			io.stderr:write("Model %s returns SimpleForm but is dispatched via cbi(),\n"
+				% self.model)
+
+			io.stderr:write("please change %s to use the form() action instead.\n"
+				% table.concat(context.request, "/"))
+		end
+
 		res.flow = config
 		local cstate = res:parse()
 		if cstate and (not state or cstate < state) then
@@ -857,7 +918,7 @@ end
 function cbi(model, config)
 	return {
 		type = "cbi",
-		post = { ["cbi.submit"] = "1" },
+		post = { ["cbi.submit"] = true },
 		config = config,
 		model = model,
 		target = _cbi
@@ -885,6 +946,7 @@ local function _form(self, ...)
 	local maps = luci.cbi.load(self.model, ...)
 	local state = nil
 
+	local i, res
 	for i, res in ipairs(maps) do
 		local cstate = res:parse()
 		if cstate and (not state or cstate < state) then
@@ -903,7 +965,7 @@ end
 function form(model)
 	return {
 		type = "cbi",
-		post = { ["cbi.submit"] = "1" },
+		post = { ["cbi.submit"] = true },
 		model = model,
 		target = _form
 	}