swish/commit

Comments and authentication integration

authorJan Wielemaker
Fri Sep 19 16:22:37 2014 +0200
committerJan Wielemaker
Fri Sep 19 16:22:37 2014 +0200
commit1c175b70b4057a170ffa895e524f5fcfa0d0052a
tree37e426f3093f62904c370d26f8d372562f88a39b
parent7952c79c8865d284d06415e07871a3f41c0c4d75
Diff style: patch stat
diff --git a/config-available/swish.pl b/config-available/swish.pl
index 5854e92..4a88aa8 100644
--- a/config-available/swish.pl
+++ b/config-available/swish.pl
@@ -6,14 +6,22 @@
 
 :- multifile user:file_search_path/2.
 
+% tell SWISH where to find its parts.   The last clause allows adding an
+% =examples=  directory  in  the  main   directory  holding  application
+% specific examples.
+
 user:file_search_path(swish_web,      web(.)).
 user:file_search_path(swish_examples, cpacks(swish/examples)).
 user:file_search_path(swish_examples, examples).
 
+% Load swish.  You need this.
 :- use_module(applications(swish)).
+% Load the authentication hook. When loaded, ClioPatria users with admin
+% rights can use SWISH without sandboxing security
+:- use_module(library(swish/cp_authenticate)).
 
 %%      cliopatria:menu_item(-Item, -Label) is nondet.
 %
-%       Add SWISH to the Query menu
+%       Add SWISH to the Query menu.
 
 cliopatria:menu_item(300=query/swish, 'SWISH Prolog shell').
diff --git a/lib/swish/cp_authenticate.pl b/lib/swish/cp_authenticate.pl
index 4daef32..f399dca 100644
--- a/lib/swish/cp_authenticate.pl
+++ b/lib/swish/cp_authenticate.pl
@@ -28,12 +28,11 @@
 */
 
 :- module(swish_authenticate,
-	  [ swish_add_user/3		% +User, +Passwd, +Fields
+	  [
 	  ]).
 :- use_module(library(pengines), []).
 :- use_module(library(lists)).
-:- use_module(library(crypt)).
-:- use_module(library(http/http_authenticate)).
+:- use_module(user(user_db)).
 
 /** <module> SWISH login management
 
@@ -52,41 +51,8 @@ the server will challenge the user.  The   logged  in  user is available
 through pengine_user/1.
 */
 
-:- dynamic
-	password_file_cache/1.
-
-password_file(File) :-
-	password_file_cache(File), !.
-password_file(File) :-
-	absolute_file_name(swish(passwd), File, [access(read)]),
-	asserta(password_file_cache(File)).
-
-pengines:authentication_hook(Request, _Application, User) :-
-	password_file(File),
-	http_authenticate(basic(File), Request, [User|_Fields]), !.
-pengines:authentication_hook(_Request, _Application, _User) :-
-	throw(http_reply(authorise(basic('SWISH user')))).
-
-%%	swish_add_user(+User, +Passwd, +Fields) is det.
-%
-%	Add a new user to the SWISH password file.
-
-swish_add_user(User, Passwd, Fields) :-
-	phrase("$1$", E, _),		% use Unix MD5 hashes
-	crypt(Passwd, E),
-	string_codes(Hash, E),
-
-	Entry = passwd(User, Hash, Fields),
-
-	absolute_file_name(swish(passwd), File,
-			   [access(write)]),
-	(   exists_file(File)
-	->  http_read_passwd_file(File, Data)
-	;   Data = []
-	),
-	(   selectchk(passwd(User, _, _), Data, Entry, NewData)
-	->  true
-	;   append(Data, [Entry], NewData)
-	),
-	http_write_passwd_file(File, NewData).
+pengines:authentication_hook(_Request, _Application, User) :-
+	logged_on(User).
 
+pengines:not_sandboxed(User, _Application) :-
+	catch(check_permission(User, admin(swish)), _, fail).