luci-0.8: merge complete trunk

[project/luci.git] / modules / rpc / luasrc / controller / rpc.lua

diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index 2eef7a0..e0aeb3b 100644 (file)
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -25,7 +25,8 @@ function index()
        local function authenticator(validator, accs)
                local auth = luci.http.formvalue("auth", true)
                if auth then
-                       local user = luci.sauth.read(auth)
+                       local sdat = luci.sauth.read(auth)
+                       user = loadstring(sdat)().user
                        if user and luci.util.contains(accs, user) then
                                return user, auth
                        end
@@ -52,20 +53,33 @@ function rpc_auth()
        local http    = require "luci.http"
        local sys     = require "luci.sys"
        local ltn12   = require "luci.ltn12"
+       local util    = require "luci.util"
        
        local loginstat
        
        local server = {}
-       server.login = function(user, pass)
-               local sid
-               
+       server.challenge = function(user, pass)
+               local sid, token, secret
+
                if sys.user.checkpasswd(user, pass) then
                        sid = sys.uniqueid(16)
+                       token = sys.uniqueid(16)
+                       secret = sys.uniqueid(16)
+
                        http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
-                       sauth.write(sid, user)
+                       sauth.write(sid, util.get_bytecode({
+                               user=user,
+                               token=token,
+                               secret=secret
+                       }))
                end
                
-               return sid
+               return sid and {sid=sid, token=token, secret=secret}
+       end
+
+       server.login = function(...)
+               local challenge = server.challenge(...)
+               return challenge and challenge.sid
        end
        
        http.prepare_content("application/json")