initial token-based-api login handler
This commit is contained in:
Oliver Gorwits
@@ -4,6 +4,8 @@ use Dancer ':syntax';
|
|||||||
use Dancer::Plugin::DBIC;
|
use Dancer::Plugin::DBIC;
|
||||||
use Dancer::Plugin::Auth::Extensible;
|
use Dancer::Plugin::Auth::Extensible;
|
||||||
|
|
||||||
|
use MIME::Base64;
|
||||||
|
|
||||||
hook 'before' => sub {
|
hook 'before' => sub {
|
||||||
params->{return_url} ||= ((request->path ne uri_for('/')->path)
|
params->{return_url} ||= ((request->path ne uri_for('/')->path)
|
||||||
? request->uri : uri_for('/inventory')->path);
|
? request->uri : uri_for('/inventory')->path);
|
||||||
@@ -51,10 +53,19 @@ get qr{^/(?:login(?:/denied)?)?} => sub {
|
|||||||
|
|
||||||
# override default login_handler so we can log access in the database
|
# override default login_handler so we can log access in the database
|
||||||
post '/login' => sub {
|
post '/login' => sub {
|
||||||
my $mode = (request->is_ajax ? 'API' : 'Web');
|
my $mode = (request->is_ajax ? 'WebData'
|
||||||
my ($success, $realm) = authenticate_user(
|
: request->header('Authorization') ? 'API'
|
||||||
param('username'), param('password')
|
: 'WebUI');
|
||||||
);
|
|
||||||
|
# get authN data from request (HTTP BasicAuth or URL params)
|
||||||
|
my $authheader = request->header('Authorization');
|
||||||
|
my ($u, $p) = (param('username'), param('password'));
|
||||||
|
if (defined $authheader and $authheader =~ /^Basic (.*)$/) {
|
||||||
|
($u, $p) = split(m/:/, (MIME::Base64::decode($1) || ":"));
|
||||||
|
}
|
||||||
|
|
||||||
|
# test authN
|
||||||
|
my ($success, $realm) = authenticate_user( $u, $p );
|
||||||
|
|
||||||
if ($success) {
|
if ($success) {
|
||||||
my $user = schema('netdisco')->resultset('User')
|
my $user = schema('netdisco')->resultset('User')
|
||||||
@@ -70,10 +81,22 @@ post '/login' => sub {
|
|||||||
event => "Login ($mode)",
|
event => "Login ($mode)",
|
||||||
details => param('return_url'),
|
details => param('return_url'),
|
||||||
});
|
});
|
||||||
|
|
||||||
$user->update({ last_on => \'now()' });
|
$user->update({ last_on => \'now()' });
|
||||||
|
|
||||||
return if request->is_ajax;
|
return if $mode eq 'WebData';
|
||||||
|
|
||||||
|
# if API return a token and record its lifetime
|
||||||
|
if ($mode eq 'API') {
|
||||||
|
if (! $user->token_from or ! $user->token or
|
||||||
|
$user->token_from < (time - setting('api_token_lifetime'))) {
|
||||||
|
$user->update({
|
||||||
|
token_from => time,
|
||||||
|
token => \'md5(random()::text)',
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return 'token:'. $user->token;
|
||||||
|
}
|
||||||
|
|
||||||
redirect param('return_url');
|
redirect param('return_url');
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -86,7 +109,7 @@ post '/login' => sub {
|
|||||||
details => param('return_url'),
|
details => param('return_url'),
|
||||||
});
|
});
|
||||||
|
|
||||||
if (request->is_ajax) {
|
if ($mode ne 'WebUI') {
|
||||||
status('unauthorized');
|
status('unauthorized');
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
@@ -26,6 +26,7 @@ suggest_guest: false
|
|||||||
navbar_autocomplete: true
|
navbar_autocomplete: true
|
||||||
trust_remote_user: false
|
trust_remote_user: false
|
||||||
trust_x_remote_user: false
|
trust_x_remote_user: false
|
||||||
|
api_token_lifetime: 3600
|
||||||
#ldap:
|
#ldap:
|
||||||
# servers: []
|
# servers: []
|
||||||
# user_string: 'MYDOMAIN\%USER%'
|
# user_string: 'MYDOMAIN\%USER%'
|
||||||
|
|||||||
Reference in New Issue
Block a user