91 lines
3.7 KiB
JavaScript
91 lines
3.7 KiB
JavaScript
if (!global.helma) {
|
|
global.helma = {};
|
|
}
|
|
|
|
/**
|
|
* Performs basic admin level access checking for the specifed realm
|
|
* @param String realm for which access should be checked and bootstrapped
|
|
* @return true if access id verified, otherwise renders login form with bootstrapping instructions
|
|
*/
|
|
helma.auth = function(realm) {
|
|
|
|
// helper function, checks if the client host matches an allowed host pattern,
|
|
// hostnames are converted, wildcards are only allowed in ip-addresses
|
|
var hostIsAllowed = function() {
|
|
if (!getProperty(realm+'AccessAllowed'))
|
|
return true;
|
|
else if (getProperty(realm+'AccessAllowed') == 'false')
|
|
return false;
|
|
var filter = new Packages.helma.util.InetAddressFilter();
|
|
var str = getProperty(realm+'AccessAllowed');
|
|
if (str != null && str != "") {
|
|
var arr = str.split(",");
|
|
for (var i in arr) {
|
|
str = new java.lang.String(arr[i]);
|
|
try {
|
|
filter.addAddress(str.trim());
|
|
} catch (a) {
|
|
try {
|
|
str = java.net.InetAddress.getByName(str.trim()).getHostAddress();
|
|
filter.addAddress(str);
|
|
} catch (b) {
|
|
app.log("error using address " + arr[i] + ": " + b);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return filter.matches(java.net.InetAddress.getByName(req.data.http_remotehost));
|
|
}
|
|
|
|
// Check if current session is authenticated for this realm
|
|
if (session.data[realm+'Authenticated'] && hostIsAllowed())
|
|
return true;
|
|
|
|
// Otherwise, guide to properly configure access authentication for this realm
|
|
res.data.fontface = 'Trebuchet MS, Verdana, sans-serif';
|
|
res.data.href = path[path.length-1].href(req.action);
|
|
var pw = getProperty('adminAccess');
|
|
var param = {};
|
|
var accessAllowed = true;
|
|
if (req.data.username && req.data.password) {
|
|
if (pw && hostIsAllowed()) {
|
|
if (pw == Packages.org.apache.commons.codec.digest.DigestUtils.md5Hex(req.data.username + "-" + req.data.password)) {
|
|
session.data[realm+'Authenticated'] = true;
|
|
res.redirect(res.data.href);
|
|
} else {
|
|
param.message = 'Sorry, wrong password!';
|
|
}
|
|
} else {
|
|
param.message = 'Currently, '+ realm + ' access is not allowed!<br />';
|
|
if (!pw) param.message += '\
|
|
The adminAccess property is not set.<br />\
|
|
Before proceeding, add the following line to your app.properties or server.properties file:\
|
|
<br /><br />adminAccess='
|
|
+ Packages.org.apache.commons.codec.digest.DigestUtils.md5Hex(req.data.username + "-" + req.data.password);
|
|
else param.message += 'The '+ realm +'AccessAllowed property does not match your host.<br />\
|
|
Before proceeding, remove this property from your app.properties or server.properties file \
|
|
or include your host as follows:<br /><br />'
|
|
+ realm +'AccessAllowed=' + req.data.http_remotehost;
|
|
}
|
|
}
|
|
res.data.header = 'Authentication for '+ realm +' access';
|
|
renderSkin('helma.auth.login', param);
|
|
return false;
|
|
}
|
|
helma.dontEnum('auth');
|
|
|
|
/**
|
|
* Invalidates a previously authenticated realm
|
|
* @param String realm for which an authentication should be invalidated
|
|
* @return true if an authenticated realm was invalidated, otherwise false
|
|
*/
|
|
helma.invalidate = function(realm) {
|
|
if (session.data[realm+'Authenticated']) {
|
|
delete session.data[realm+'Authenticated'];
|
|
return true;
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
}
|
|
helma.dontEnum('invalidate');
|