swish/commit
Comments and authentication integration
author | Jan Wielemaker |
---|---|
Fri Sep 19 16:22:37 2014 +0200 | |
committer | Jan Wielemaker |
Fri Sep 19 16:22:37 2014 +0200 | |
commit | 1c175b70b4057a170ffa895e524f5fcfa0d0052a |
tree | 37e426f3093f62904c370d26f8d372562f88a39b |
parent | 7952c79c8865d284d06415e07871a3f41c0c4d75 |
Diff style: patch stat
diff --git a/config-available/swish.pl b/config-available/swish.pl index 5854e92..4a88aa8 100644 --- a/config-available/swish.pl +++ b/config-available/swish.pl @@ -6,14 +6,22 @@ :- multifile user:file_search_path/2. +% tell SWISH where to find its parts. The last clause allows adding an +% =examples= directory in the main directory holding application +% specific examples. + user:file_search_path(swish_web, web(.)). user:file_search_path(swish_examples, cpacks(swish/examples)). user:file_search_path(swish_examples, examples). +% Load swish. You need this. :- use_module(applications(swish)). +% Load the authentication hook. When loaded, ClioPatria users with admin +% rights can use SWISH without sandboxing security +:- use_module(library(swish/cp_authenticate)). %% cliopatria:menu_item(-Item, -Label) is nondet. % -% Add SWISH to the Query menu +% Add SWISH to the Query menu. cliopatria:menu_item(300=query/swish, 'SWISH Prolog shell'). diff --git a/lib/swish/cp_authenticate.pl b/lib/swish/cp_authenticate.pl index 4daef32..f399dca 100644 --- a/lib/swish/cp_authenticate.pl +++ b/lib/swish/cp_authenticate.pl @@ -28,12 +28,11 @@ */ :- module(swish_authenticate, - [ swish_add_user/3 % +User, +Passwd, +Fields + [ ]). :- use_module(library(pengines), []). :- use_module(library(lists)). -:- use_module(library(crypt)). -:- use_module(library(http/http_authenticate)). +:- use_module(user(user_db)). /** <module> SWISH login management @@ -52,41 +51,8 @@ the server will challenge the user. The logged in user is available through pengine_user/1. */ -:- dynamic - password_file_cache/1. - -password_file(File) :- - password_file_cache(File), !. -password_file(File) :- - absolute_file_name(swish(passwd), File, [access(read)]), - asserta(password_file_cache(File)). - -pengines:authentication_hook(Request, _Application, User) :- - password_file(File), - http_authenticate(basic(File), Request, [User|_Fields]), !. -pengines:authentication_hook(_Request, _Application, _User) :- - throw(http_reply(authorise(basic('SWISH user')))). - -%% swish_add_user(+User, +Passwd, +Fields) is det. -% -% Add a new user to the SWISH password file. - -swish_add_user(User, Passwd, Fields) :- - phrase("$1$", E, _), % use Unix MD5 hashes - crypt(Passwd, E), - string_codes(Hash, E), - - Entry = passwd(User, Hash, Fields), - - absolute_file_name(swish(passwd), File, - [access(write)]), - ( exists_file(File) - -> http_read_passwd_file(File, Data) - ; Data = [] - ), - ( selectchk(passwd(User, _, _), Data, Entry, NewData) - -> true - ; append(Data, [Entry], NewData) - ), - http_write_passwd_file(File, NewData). +pengines:authentication_hook(_Request, _Application, User) :- + logged_on(User). +pengines:not_sandboxed(User, _Application) :- + catch(check_permission(User, admin(swish)), _, fail).