From 826791abc3a3bb383c2908d7d39618b99ad7665c Mon Sep 17 00:00:00 2001 From: Jeremy Tan Date: Fri, 4 Oct 2013 22:17:38 +0800 Subject: [PATCH] Add user friendly names (right now just usernames) --- server/fastcgi.c | 16 +++---- server/fastcgi.h | 6 ++- server/login.c | 5 +++ testing/MCTXWeb/public_html/index.html | 42 ++++++++++--------- .../MCTXWeb/public_html/static/mctx.gui.js | 34 ++++++++++----- 5 files changed, 64 insertions(+), 39 deletions(-) diff --git a/server/fastcgi.c b/server/fastcgi.c index 57c5b1b..d3e4b28 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -33,7 +33,7 @@ */ static void IdentifyHandler(FCGIContext *context, char *params) { bool ident_sensors = false, ident_actuators = false; - + bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING")); int i; FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T}, @@ -45,8 +45,8 @@ static void IdentifyHandler(FCGIContext *context, char *params) { FCGI_JSONPair("description", "MCTX3420 Server API (2013)"); FCGI_JSONPair("build_date", __DATE__ " " __TIME__); FCGI_JSONLong("api_version", API_VERSION); - FCGI_JSONBool("logged_in", FCGI_HasControl(context, getenv("COOKIE_STRING"))); - FCGI_JSONPair("friendly_name", ""); + FCGI_JSONBool("logged_in", has_control); + FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : ""); //Sensor and actuator information if (ident_sensors) { @@ -384,7 +384,7 @@ void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *des FCGI_BeginJSON(context, status); FCGI_JSONPair("description", description); FCGI_JSONLong("responsenumber", context->response_number); - //FCGI_JSONPair("params", getenv("QUERY_STRING")); + //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff FCGI_JSONPair("host", getenv("SERVER_HOSTNAME")); FCGI_JSONPair("user", getenv("REMOTE_USER")); FCGI_JSONPair("ip", getenv("REMOTE_ADDR")); @@ -480,9 +480,6 @@ void * FCGI_RequestLoop (void *data) if (lastchar > 0 && module[lastchar] == '/') module[lastchar] = 0; - //Escape all special characters - FCGI_EscapeText(params); - //Default to the 'identify' module if none specified if (!*module) strcpy(module, "identify"); @@ -517,11 +514,16 @@ void * FCGI_RequestLoop (void *data) FCGI_RejectJSON(&context, "Please login."); continue; } + if (!FCGI_HasControl(&context, cookie)) { FCGI_RejectJSON(&context, "Invalid control key."); continue; } + + //Escape all special characters. + //Don't escape for login (password may have special chars?) + FCGI_EscapeText(params); } module_handler(&context, params); diff --git a/server/fastcgi.h b/server/fastcgi.h index 365aa6c..269bb94 100644 --- a/server/fastcgi.h +++ b/server/fastcgi.h @@ -42,10 +42,14 @@ typedef struct FCGIValue { /**Contextual information related to FCGI requests*/ typedef struct { - /**The time of last valid user access possessing the control key*/ + /**The time of last valid user access possessing the control key**/ time_t control_timestamp; + /**A SHA-1 hash that is the control key, determining who is logged in**/ char control_key[41]; + /**The IPv4 address of the logged-in user**/ char control_ip[16]; + /**A friendly name for the logged-in user. Max length 30**/ + char friendly_name[31]; /**The name of the current module**/ const char *current_module; /**For debugging purposes?**/ diff --git a/server/login.c b/server/login.c index 4ec89dd..5e2128f 100644 --- a/server/login.c +++ b/server/login.c @@ -220,6 +220,7 @@ void Login_Handler(FCGIContext * context, char * params) if (len >= BUFSIZ) { FCGI_RejectJSON(context, "DN too long! Recompile with increased BUFSIZ"); + return; } authenticated = (Login_LDAP_Bind(g_options.auth_uri, dn, pass) == LDAP_SUCCESS); @@ -247,6 +248,10 @@ void Login_Handler(FCGIContext * context, char * params) { if (FCGI_LockControl(context, false)) { + //Todo: change this to something better than the username if using LDAP. + snprintf(context->friendly_name, 31, "%s", user); + FCGI_EscapeText(context->friendly_name); //Don't break javascript pls + // Give the user a cookie FCGI_AcceptJSON(context, "Logged in", context->control_key); } diff --git a/testing/MCTXWeb/public_html/index.html b/testing/MCTXWeb/public_html/index.html index 7a62aa2..0862180 100644 --- a/testing/MCTXWeb/public_html/index.html +++ b/testing/MCTXWeb/public_html/index.html @@ -14,25 +14,28 @@ @@ -49,7 +52,6 @@ - Welcome, Joe Bloggs! diff --git a/testing/MCTXWeb/public_html/static/mctx.gui.js b/testing/MCTXWeb/public_html/static/mctx.gui.js index 26f6f3c..8c6da7a 100644 --- a/testing/MCTXWeb/public_html/static/mctx.gui.js +++ b/testing/MCTXWeb/public_html/static/mctx.gui.js @@ -60,27 +60,39 @@ function getDate(){ document.write((new Date()).toDateString()); } +/** + * Should be run before the load of any GUI page. + * To hook events to be called after this function runs, + * use the 'always' method, e.g runBeforeLoad().always(function() {my stuff}); + * @param {type} isLoginPage + * @returns The return value of calling $.ajax + */ function runBeforeLoad(isLoginPage) { - $.ajax({ + return $.ajax({ url : mctx.api + "identify" }).done(function (data) { - if (mctx.debug) { - debugLog("Redirect disabled!"); - } else if (data.logged_in && isLoginPage) { + if (data.logged_in && isLoginPage) { + if (mctx.debug) { + debugLog("Redirect disabled!"); + } else { window.location = mctx.location; + } } else if (!data.logged_in && !isLoginPage) { - //Note: this only clears the nameless cookie - document.cookie = ""; - window.location = mctx.location + "login.html"; + if (mctx.debug) { + debugLog("Redirect disabled!"); + } else { + //Note: this only clears the nameless cookie + document.cookie = ""; + window.location = mctx.location + "login.html"; + } } else { mctx.friendlyName = data.friendly_name; - $("#content").css("display", "block"); } }).fail(function (jqHXR) { - if (!isLoginPage) { - window.location = mctx.location + "login.html"; - } else { + if (mctx.debug) { debugLog("Failed to ident server. Is API running?") + } else if (!isLoginPage) { + window.location = mctx.location + "login.html"; } }); } -- 2.20.1