local function authenticator(validator, accs)
local auth = luci.http.formvalue("auth", true)
if auth then
- local user = luci.sauth.read(auth)
+ local sdat = luci.sauth.read(auth)
+ user = loadstring(sdat)().user
if user and luci.util.contains(accs, user) then
return user, auth
end
local http = require "luci.http"
local sys = require "luci.sys"
local ltn12 = require "luci.ltn12"
+ local util = require "luci.util"
local loginstat
local server = {}
- server.login = function(user, pass)
- local sid
-
+ server.challenge = function(user, pass)
+ local sid, token, secret
+
if sys.user.checkpasswd(user, pass) then
sid = sys.uniqueid(16)
+ token = sys.uniqueid(16)
+ secret = sys.uniqueid(16)
+
http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
- sauth.write(sid, user)
+ sauth.write(sid, util.get_bytecode({
+ user=user,
+ token=token,
+ secret=secret
+ }))
end
- return sid
+ return sid and {sid=sid, token=token, secret=secret}
+ end
+
+ server.login = function(...)
+ local challenge = server.challenge(...)
+ return challenge and challenge.sid
end
http.prepare_content("application/json")