Rework authentication system

[project/luci.git] / modules / rpc / luasrc / controller / rpc.lua
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua

index 2eef7a0..b989b59 100644 (file)
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -24,10 +24,13 @@ module "luci.controller.rpc"
  function index()
         local function authenticator(validator, accs)
                 local auth = luci.http.formvalue("auth", true)
-               if auth then
-                       local user = luci.sauth.read(auth)
-                       if user and luci.util.contains(accs, user) then
-                               return user, auth
+               if auth then -- if authentication token was given
+                       local sdat = luci.sauth.read(auth)
+                       if sdat then -- if given token is valid
+                               user = luci.sauth.decode(sdat).user
+                               if user and luci.util.contains(accs, user) then
+                                       return user, auth
+                               end
                         end
                 end
                 luci.http.status(403, "Forbidden")
@@ -39,7 +42,6 @@ function index()
         rpc.notemplate = true
         
         entry({"rpc", "uci"}, call("rpc_uci"))
-       entry({"rpc", "uvl"}, call("rpc_uvl"))
         entry({"rpc", "fs"}, call("rpc_fs"))
         entry({"rpc", "sys"}, call("rpc_sys"))
         entry({"rpc", "ipkg"}, call("rpc_ipkg"))
@@ -52,20 +54,33 @@ function rpc_auth()
         local http    = require "luci.http"
         local sys     = require "luci.sys"
         local ltn12   = require "luci.ltn12"
+       local util    = require "luci.util"
         
         local loginstat
         
         local server = {}
-       server.login = function(user, pass)
-               local sid
-               
+       server.challenge = function(user, pass)
+               local sid, token, secret
+
                 if sys.user.checkpasswd(user, pass) then
                         sid = sys.uniqueid(16)
+                       token = sys.uniqueid(16)
+                       secret = sys.uniqueid(16)
+
                         http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
-                       sauth.write(sid, user)
+                       sauth.write(sid, sauth.encode({
+                               user=user,
+                               token=token,
+                               secret=secret
+                       }))
                 end
                 
-               return sid
+               return sid and {sid=sid, token=token, secret=secret}
+       end
+
+       server.login = function(...)
+               local challenge = server.challenge(...)
+               return challenge and challenge.sid
         end
         
         http.prepare_content("application/json")
@@ -86,24 +101,10 @@ function rpc_uci()
         ltn12.pump.all(jsonrpc.handle(uci, http.source()), http.write)
  end
  
-function rpc_uvl()
-       if not pcall(require, "luci.uvl") then
-               luci.http.status(404, "Not Found")
-               return nil
-       end
-       local uvl     = require "luci.jsonrpcbind.uvl"
-       local jsonrpc = require "luci.jsonrpc"
-       local http    = require "luci.http"
-       local ltn12   = require "luci.ltn12"
-
-       http.prepare_content("application/json")
-       ltn12.pump.all(jsonrpc.handle(uvl, http.source()), http.write)
-end
-
  function rpc_fs()
         local util    = require "luci.util"
         local io      = require "io"
-       local fs2     = util.clone(require "luci.fs")
+       local fs2     = util.clone(require "nixio.fs")
         local jsonrpc = require "luci.jsonrpc"
         local http    = require "luci.http"
         local ltn12   = require "luci.ltn12"