mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-19 00:01:41 +02:00
8e732d437c
Also ensure authentication is not lost by Digest timeout when navigating between index.html and search results page. This way, running searches with extended features on a remote peer or a password protected peer works with a regular user (with "Extended search" rights). When authenticating on the search page with a user without "Extended search" rights, it appears as authenticated, but has just its usual access to the public search features.
175 lines
7.7 KiB
Java
175 lines
7.7 KiB
Java
//User.java
|
|
//-----------------------
|
|
//part of the AnomicHTTPD caching proxy
|
|
//(C) by Michael Peter Christen; mc@yacy.net
|
|
//first published on http://www.anomic.de
|
|
//Frankfurt, Germany, 2004
|
|
//
|
|
//This File is contributed by Alexander Schier
|
|
//last major change: 12.11.2005
|
|
//
|
|
//This program is free software; you can redistribute it and/or modify
|
|
//it under the terms of the GNU General Public License as published by
|
|
//the Free Software Foundation; either version 2 of the License, or
|
|
//(at your option) any later version.
|
|
//
|
|
//This program is distributed in the hope that it will be useful,
|
|
//but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
//GNU General Public License for more details.
|
|
//
|
|
//You should have received a copy of the GNU General Public License
|
|
//along with this program; if not, write to the Free Software
|
|
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
//You must compile this file with
|
|
//javac -classpath .:../Classes Message.java
|
|
//if the shell's current path is HTROOT
|
|
|
|
import javax.servlet.ServletException;
|
|
import net.yacy.cora.order.Base64Order;
|
|
import net.yacy.cora.order.Digest;
|
|
import net.yacy.cora.protocol.RequestHeader;
|
|
import net.yacy.cora.protocol.ResponseHeader;
|
|
import net.yacy.cora.util.ConcurrentLog;
|
|
import net.yacy.data.UserDB;
|
|
import net.yacy.search.Switchboard;
|
|
import net.yacy.search.SwitchboardConstants;
|
|
import net.yacy.server.serverObjects;
|
|
import net.yacy.server.serverSwitch;
|
|
import net.yacy.server.servletProperties;
|
|
|
|
public class User{
|
|
|
|
public static servletProperties respond(final RequestHeader requestHeader, final serverObjects post, @SuppressWarnings("unused") final serverSwitch env) {
|
|
final servletProperties prop = new servletProperties();
|
|
final Switchboard sb = Switchboard.getSwitchboard();
|
|
UserDB.Entry entry=null;
|
|
|
|
//default values
|
|
prop.put("logged_in", "0");
|
|
prop.put("logged-in_limit", "0");
|
|
prop.put("status", "0");
|
|
prop.put("logged-in_username", "");
|
|
prop.put("logged-in_returnto", "");
|
|
//identified via HTTPPassword
|
|
entry=sb.userDB.proxyAuth(requestHeader);
|
|
if(entry != null){
|
|
prop.put("logged-in_identified-by", "1");
|
|
//try via cookie
|
|
}else{
|
|
entry=sb.userDB.cookieAuth(requestHeader.getCookies());
|
|
prop.put("logged-in_identified-by", "2");
|
|
//try via ip
|
|
if(entry == null){
|
|
final String ip = requestHeader.getRemoteAddr();
|
|
entry = sb.userDB.ipAuth((ip != null ? ip : "xxxxxx"));
|
|
if(entry != null){
|
|
prop.put("logged-in_identified-by", "0");
|
|
}
|
|
}
|
|
}
|
|
|
|
//identified via userDB
|
|
if(entry != null){
|
|
prop.put("logged-in", "1");
|
|
prop.put("logged-in_username", entry.getUserName());
|
|
if(entry.getTimeLimit() > 0){
|
|
prop.put("logged-in_limit", "1");
|
|
final long limit=entry.getTimeLimit();
|
|
final long used=entry.getTimeUsed();
|
|
prop.put("logged-in_limit_timelimit", limit);
|
|
prop.put("logged-in_limit_timeused", used);
|
|
int percent=0;
|
|
if(limit!=0 && used != 0)
|
|
percent=(int)((float)used/(float)limit*100);
|
|
prop.put("logged-in_limit_percent", percent/3);
|
|
prop.put("logged-in_limit_percent2", (100-percent)/3);
|
|
}
|
|
//logged in via static Password
|
|
}else if(sb.verifyAuthentication(requestHeader)){
|
|
prop.put("logged-in", "2");
|
|
//identified via form-login
|
|
} else if (post != null && post.containsKey("username") && post.containsKey("password")) {
|
|
if (post.containsKey("returnto"))
|
|
prop.putHTML("logged-in_returnto", post.get("returnto"));
|
|
final String username=post.get("username");
|
|
final String password=post.get("password");
|
|
prop.putHTML("logged-in_username", username);
|
|
|
|
entry = sb.userDB.passwordAuth(username, password);
|
|
boolean staticAdmin = false;
|
|
if (entry == null) {
|
|
// check for old style admin account
|
|
staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals(
|
|
Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(username + ":" + password)));
|
|
if (!staticAdmin) {
|
|
// check for DIGEST authentication admin account
|
|
final String realm = sb.getConfig(SwitchboardConstants.ADMIN_REALM, "YaCy");
|
|
staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals(
|
|
"MD5:" + Digest.encodeMD5Hex(username + ":" + realm + ":" + password));
|
|
}
|
|
}
|
|
|
|
String cookie="";
|
|
if(entry != null) {
|
|
//set a random token in a cookie
|
|
cookie=sb.userDB.getCookie(entry);
|
|
final ResponseHeader outgoingHeader=new ResponseHeader(200);
|
|
outgoingHeader.setCookie("login", cookie);
|
|
prop.setOutgoingHeader(outgoingHeader);
|
|
|
|
prop.put("logged-in", "1");
|
|
prop.put("logged-in_identified-by", "1");
|
|
prop.putHTML("logged-in_username", username);
|
|
if(post.containsKey("returnto")){
|
|
prop.put(serverObjects.ACTION_LOCATION, post.get("returnto"));
|
|
}
|
|
}
|
|
}
|
|
|
|
if (post != null && entry != null) {
|
|
if (post.containsKey("changepass")) {
|
|
prop.put("status", "1"); //password
|
|
|
|
if (entry.getMD5EncodedUserPwd().startsWith("MD5:") ?
|
|
entry.getMD5EncodedUserPwd().equals("MD5:"+Digest.encodeMD5Hex(entry.getUserName() + ":" + sb.getConfig(SwitchboardConstants.ADMIN_REALM,"YaCy") + ":" + post.get("oldpass", ""))) :
|
|
entry.getMD5EncodedUserPwd().equals(Digest.encodeMD5Hex(entry.getUserName() + ":" + post.get("oldpass", "")))) {
|
|
if (post.get("newpass").equals(post.get("newpass2"))) {
|
|
if (!post.get("newpass", "").equals("")) {
|
|
try {
|
|
entry.setProperty(UserDB.Entry.MD5ENCODED_USERPWD_STRING, "MD5:" + Digest.encodeMD5Hex(entry.getUserName() + ":" + sb.getConfig(SwitchboardConstants.ADMIN_REALM,"YaCy") + ":" + post.get("newpass", "")));
|
|
prop.put("status_password", "0"); //changes
|
|
} catch (final Exception e) {
|
|
ConcurrentLog.logException(e);
|
|
}
|
|
} else {
|
|
prop.put("status_password", "3"); //empty
|
|
}
|
|
} else {
|
|
prop.put("status_password", "2"); //pws do not match
|
|
}
|
|
} else {
|
|
prop.put("status_password", "1"); //old pw wrong
|
|
}
|
|
}
|
|
}
|
|
if(post!=null && post.containsKey("logout")){
|
|
prop.put("logged-in", "0");
|
|
if(entry != null){
|
|
final String ip = requestHeader.getRemoteAddr();
|
|
entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getCookies()));
|
|
}
|
|
try {
|
|
requestHeader.logout(); // servlet container session logout
|
|
} catch (ServletException ex) {}
|
|
if(post.containsKey("returnto")){
|
|
prop.putHTML(serverObjects.ACTION_LOCATION, post.get("returnto"));
|
|
}
|
|
}
|
|
// return rewrite properties
|
|
return prop;
|
|
}
|
|
}
|