From ddd6149251d51f3ee973c232c09295256af31d7a Mon Sep 17 00:00:00 2001 From: stefanp Date: Tue, 26 Mar 2002 16:10:28 +0000 Subject: [PATCH] added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. --- Global/functions.js | 57 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 6 deletions(-) diff --git a/Global/functions.js b/Global/functions.js index 4655a2d1..348c1eb7 100644 --- a/Global/functions.js +++ b/Global/functions.js @@ -103,7 +103,7 @@ function sortProps(a,b) { * properties of base-app or the particular application. if username or password aren't set * go into stealth-mode and return a 404. if username|password are wrong, prepare response- * object for http-auth and return false. - * @arg application-object + * @arg appObj application object to check against (if adminUsername etc are set in app.properties) */ function checkAuth(appObj) { var ok = false; @@ -113,8 +113,7 @@ function checkAuth(appObj) { var rootPassword = root.getProperty("adminpassword"); if ( rootUsername==null || rootUsername=="" || rootPassword==null || rootPassword=="" ) { - app.__app__.logEvent("adminUsername or adminPassword not set in server.properties!"); - return forceStealth(); + return createAuth(); } var uname = req.getUsername(); @@ -157,11 +156,12 @@ function checkAddress() { /** * response is reset to 401 / authorization required + * @arg realm realm for http-auth */ -function forceAuth(appObj) { - res.status = 401; - res.realm = (appObj==null) ? "helma" : appObj.name; +function forceAuth(realm) { res.reset(); + res.status = 401; + res.realm = (realm!=null) ? realm : "helma"; res.write ("Authorization Required. The server could not verify that you are authorized to access the requested page."); return false; } @@ -176,4 +176,49 @@ function forceStealth() { } +/** + * response is either a html form to enter auth data or input from + * html form is saved to server.properties + * access is only allowed if remote host is in the list of friendly + * ip-adresses in server.properties + */ +function createAuth() { + if ( checkAddress()!=true ) { + // double check + return false; + } + var obj = new Object(); + obj.msg = ""; + + if ( req.data.username!=null && req.data.password!=null && req.data.password2!=null ) { + // we have input from webform + if ( req.data.username=="" ) + obj.msg += "username can't be left empty!
"; + if ( req.data.password=="" ) + obj.msg += "password can't be left empty!
"; + else if ( req.data.password!=req.data.password2 ) + obj.msg += "password and re-typed password don't match!
"; + if ( obj.msg!="" ) { + obj.username = req.data.username; + res.reset(); + renderSkin("pwdform",obj); + return false; + } + var props = root.getProperties(); + props.put("adminUsername", Packages.helma.util.MD5Encoder.encode(req.data.username) ); + props.put("adminPassword", Packages.helma.util.MD5Encoder.encode(req.data.password) ); + props.store( new java.io.FileOutputStream( new java.io.File(root.getHopHome(),"server.properties") ), "# properties saved from application 'manage'" ); + app.__app__.logEvent( req.data.http_remotehost + " saved new adminUsername/adminPassword to server.properties"); + res.redirect ( root.href("main") ); + + } else { + // no input from webform, so print it + res.reset(); + res.skin = "basic"; + res.title = "username & password on " + root.hostname_macro(); + res.head = renderSkinAsString("head"); + res.body = renderSkinAsString("pwdform",obj); + return false; + } +}