Página Principal Explorar Ajuda
Iniciar Sessão
Troglodyne
/
tCMS
2
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

Fix #128: Remove usage of superfluous user identifier in auth

George S. Baugh há 5 anos atrás
pai
11b5a6f837
commit
b64ad3018c
3 ficheiros alterados com 20 adições e 21 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 14 14
      lib/Trog/Auth.pm
  2. 3 4
      schema/auth.schema
  3. 3 3
      www/server.psgi

+ 14 - 14
lib/Trog/Auth.pm
Ver Ficheiro 

@@ -20,22 +20,22 @@ Throws exceptions in the event the session database cannot be accessed.
 
 
 =head1 FUNCTIONS
 
 
-=head2 session2user(sessid) = (STRING, INT)
 
+=head2 session2user(STRING sessid) = STRING
 
 
-Translate a session UUID into a username and id.
 
+Translate a session UUID into a username.
 
 
-Returns empty strings on no active session.
 
+Returns empty string on no active session.
 
 
 =cut
 
 
 sub session2user ($sessid) {
 
     my $dbh = _dbh();
 
-    my $rows = $dbh->selectall_arrayref("SELECT name,id FROM sess_user WHERE session=?",{ Slice => {} }, $sessid);
 
-    return ('','') unless ref $rows eq 'ARRAY' && @$rows;
 
-    return ($rows->[0]->{name},$rows->[0]->{id});
 
+    my $rows = $dbh->selectall_arrayref("SELECT name FROM sess_user WHERE session=?",{ Slice => {} }, $sessid);
 
+    return '' unless ref $rows eq 'ARRAY' && @$rows;
 
+    return $rows->[0]->{name};
 
 }
 
 
-=head2 acls4user(user_id) = ARRAYREF
 
+=head2 acls4user(STRING username) = ARRAYREF
 
 
 Return the list of ACLs belonging to the user.
 
 The function of ACLs are to allow you to access content tagged 'private' which are also tagged with the ACL name.
 
@@ -44,9 +44,9 @@ The 'admin' ACL is the only special one, as it allows for authoring posts, confi
 
 
 =cut
 
 
-sub acls4user($user_id) {
 
+sub acls4user($username) {
 
     my $dbh = _dbh();
 
-    my $records = $dbh->selectall_arrayref("SELECT acl FROM user_acl WHERE user_id = ?", { Slice => {} }, $user_id);
 
+    my $records = $dbh->selectall_arrayref("SELECT acl FROM user_acl WHERE username = ?", { Slice => {} }, $username);
 
     return () unless ref $records eq 'ARRAY' && @$records;
 
     my @acls = map { $_->{acl} } @$records;
 
     return \@acls;
 
@@ -66,11 +66,11 @@ sub mksession ($user,$pass) {
 
     return '' unless ref $records eq 'ARRAY' && @$records;
 
     my $salt = $records->[0]->{salt};
 
     my $hash = sha256($pass.$salt);
 
-    my $worked = $dbh->selectall_arrayref("SELECT id FROM user WHERE hash=? AND name = ?", { Slice => {} }, $hash, $user);
 
+    my $worked = $dbh->selectall_arrayref("SELECT name FROM user WHERE hash=? AND name = ?", { Slice => {} }, $hash, $user);
 
     return '' unless ref $worked eq 'ARRAY' && @$worked;
 
-    my $uid = $worked->[0]->{id};
 
+    my $uid = $worked->[0]->{name};
 
     my $uuid = create_uuid_as_string(UUID_V1, UUID_NS_DNS);
 
-    $dbh->do("INSERT OR REPLACE INTO session (id,user_id) VALUES (?,?)", undef, $uuid, $uid) or return '';
 
+    $dbh->do("INSERT OR REPLACE INTO session (id,username) VALUES (?,?)", undef, $uuid, $uid) or return '';
 
     return $uuid;
 
 }
 
 
@@ -82,7 +82,7 @@ Delete the provided user's session from the auth db.
 
 
 sub killsession ($user) {
 
     my $dbh = _dbh();
 
-    $dbh->do("DELETE FROM session WHERE user_id IN (SELECT id FROM user WHERE name=?)",undef,$user);
 
+    $dbh->do("DELETE FROM session WHERE username=?",undef,$user);
 
     return 1;
 
 }
 
 
@@ -103,7 +103,7 @@ sub useradd ($user, $pass, $acls) {
 
 
     #XXX this is clearly not normalized with an ACL mapping table, will be an issue with large number of users
 
     foreach my $acl (@$acls) {
 
-        return unless $dbh->do("INSERT OR REPLACE INTO user_acl (user_id,acl) VALUES ((SELECT id FROM user WHERE name=?),?)", undef, $user, $acl);
 
+        return unless $dbh->do("INSERT OR REPLACE INTO user_acl (username,acl) VALUES (?,?)", undef, $user, $acl);
 
     }
 
     return 1;
 
 }

+ 3 - 4
schema/auth.schema
Ver Ficheiro 

@@ -1,5 +1,4 @@
 
 CREATE TABLE IF NOT EXISTS user (
 
-    id   INTEGER PRIMARY KEY AUTOINCREMENT,
 
     name TEXT NOT NULL UNIQUE,
 
     salt TEXT NOT NULL,
 
     hash TEXT NOT NULL
 
@@ -7,14 +6,14 @@ CREATE TABLE IF NOT EXISTS user (
 
 
 CREATE TABLE IF NOT EXISTS session (
 
     id TEXT PRIMARY KEY UNIQUE,
 
-    user_id INTEGER NOT NULL UNIQUE REFERENCES user(id) ON DELETE CASCADE
 
+    username TEXT NOT NULL UNIQUE REFERENCES user(name) ON DELETE CASCADE
 
 );
 
 
 CREATE INDEX IF NOT EXISTS username_idx ON user(name);
 
 
-CREATE VIEW IF NOT EXISTS sess_user AS SELECT user.name AS name, user.id AS id, session.id AS session FROM user JOIN session ON session.user_id=user.id;
 
+CREATE VIEW IF NOT EXISTS sess_user AS SELECT user.name AS name, session.id AS session FROM user JOIN session ON session.username=user.name;
 
 
 CREATE TABLE IF NOT EXISTS user_acl (
 
-    user_id INTEGER NOT NULL UNIQUE REFERENCES user(id) ON DELETE CASCADE,
 
+    username TEXT NOT NULL UNIQUE REFERENCES user(name) ON DELETE CASCADE,
 
     acl TEXT NOT NULL
 
 );

+ 3 - 3
www/server.psgi
Ver Ficheiro 

@@ -77,9 +77,9 @@ my $app = sub {
 
         $cookies = CGI::Cookie->parse($env->{HTTP_COOKIE});
 
     }
 
 
-    my ($active_user,$user_id) = ('','');
 
+    my $active_user = '';
 
     if (exists $cookies->{tcmslogin}) {
 
-         ($active_user,$user_id) = Trog::Auth::session2user($cookies->{tcmslogin}->value);
 
+         $active_user = Trog::Auth::session2user($cookies->{tcmslogin}->value);
 
     }
 
 
     #Disallow any paths that are naughty ( starman auto-removes .. up-traversal)
 
@@ -125,7 +125,7 @@ my $app = sub {
 
     }
 
 
     #Set various things we don't want overridden
 
-    $query->{acls} = Trog::Auth::acls4user($user_id) // [] if $user_id;
 
+    $query->{acls} = Trog::Auth::acls4user($active_user) // [] if $active_user;
 
 
     $query->{user}   = $active_user;
 
     $query->{domain} = $env->{HTTP_HOST};