Better session support and auth logging

author Michael Andreen <harv@ruin.nu>

Tue, 15 Jul 2008 19:42:38 +0000 (21:42 +0200)

committer Michael Andreen <harv@ruin.nu>

Tue, 15 Jul 2008 21:28:43 +0000 (23:28 +0200)
author Michael Andreen <harv@ruin.nu>
Tue, 15 Jul 2008 19:42:38 +0000 (21:42 +0200)
committer Michael Andreen <harv@ruin.nu>
Tue, 15 Jul 2008 21:28:43 +0000 (23:28 +0200)
diff --git a/database/login.sql b/database/login.sql

new file mode 100644 (file)

index 0000000..97de98c
--- /dev/null
+++ b/database/login.sql
@@ -0,0 +1,9 @@
+CREATE TABLE session_log (
+       uid INTEGER NOT NULL REFERENCES users(uid),
+       time TIMESTAMP WITH TIME ZONE NOT NULL,
+       ip INET NOT NULL,
+       country CHAR(2) NOT NULL,
+       session TEXT NOT NULL,
+       remember BOOL NOT NULL,
+       PRIMARY KEY(uid,time,ip)
+);
diff --git a/lib/NDWeb.pm b/lib/NDWeb.pm

index d2f151763f6a3067bcb0e76574c75af01d071215..28191c0465591d97aff89ac1d4458eab603a37b3 100644 (file)
--- a/lib/NDWeb.pm
+++ b/lib/NDWeb.pm
@@ -31,6 +31,8 @@ __PACKAGE__->config->{'Plugin::Authentication'}{'use_session'} = 1;
  __PACKAGE__->config(session => {
         storage => "/tmp/ndweb-$>/sesession",
         directory_umask => 077,
+       expires => 300,
+       verify_address => 1,
  });
  __PACKAGE__->config( cache => {
         backend => {
@@ -58,6 +60,7 @@ __PACKAGE__->setup(qw/
         Authorization::Roles
         Authorization::ACL
         
+       Session::DynamicExpiry
         Session
         Session::Store::File
         Session::State::Cookie
diff --git a/lib/NDWeb/Controller/Root.pm b/lib/NDWeb/Controller/Root.pm

index 8b4240ad9618583f574211a180dc7a53d1a845cc..6421b001b6f3a8eabc69f4347f60c2a4328aed79 100644 (file)
--- a/lib/NDWeb/Controller/Root.pm
+++ b/lib/NDWeb/Controller/Root.pm
@@ -5,6 +5,8 @@ use warnings;
  use parent 'Catalyst::Controller';
  
  use ND::Include;
+use Geo::IP;
+
  
  #
  # Sets the actions in this controller to be registered with no prefix
@@ -40,19 +42,32 @@ sub default : Path {
  
  sub login : Local {
         my ($self, $c) = @_;
+
         if ($c->login){
-               $c->res->redirect($c->uri_for('index'));
+               my $gi = Geo::IP->new(GEOIP_STANDARD);
+               my $country = $gi->country_code_by_addr($c->req->address) || '??';
+
+               my $remember = 0;
+               if ($c->req->param('remember')){
+                       $c->session_time_to_live( 604800 ); # expire in one week.
+                       $remember = 1;
+               }
+               my $log = $c->model->prepare(q{INSERT INTO session_log
+                       (uid,time,ip,country,session,remember)
+                       VALUES ($1,NOW(),$2,$3,$4,$5)
+               });
+               $log->execute($c->user->id,$c->req->address
+                       ,$country,$c->sessionid,$remember);
+
+               $c->res->redirect($c->req->referer);
                 return;
         }
-
-       $c->stash(error => 'Bad password');
-       $c->stash(template => 'index.tt2');
-       $c->forward('index');
  }
  
  sub logout : Local {
         my ($self, $c) = @_;
         $c->logout;
+       $c->delete_session("logout");
         $c->res->redirect($c->uri_for('index'));
  }
  
@@ -124,9 +139,6 @@ sub auto : Private {
  sub access_denied : Private {
         my ($self, $c, $action) = @_;
  
-       $c->log->debug('moo' . $action);
-
-       # Set the error message
         $c->stash->{template} = 'access_denied.tt2';
  
  }
@@ -142,6 +154,16 @@ sub end : ActionClass('RenderView') {
  
         my $dbh = $c ->model;
  
+       if (scalar @{ $c->error } ){
+               if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
+                       $c->stash->{template} = 'access_denied.tt2';
+                       $c->clear_errors;
+               }elsif ($c->error->[0] =~ m/Missing roles: /){
+                       $c->stash->{template} = 'access_denied.tt2';
+                       $c->clear_errors;
+               }
+       }
+
         if ($c->user_exists && $c->res->status == 200){
                 my $fleetupdate = 0;
                 if ($c->check_user_roles(qw/member_menu/)){
diff --git a/root/lib/site/leftbar.tt2 b/root/lib/site/leftbar.tt2

index 0926e5068d42c4fd8256fb3c1a2755f857395955..32d056164d62bfdfb4834840de2ccfc1e224326b 100644 (file)
--- a/root/lib/site/leftbar.tt2
+++ b/root/lib/site/leftbar.tt2
@@ -14,6 +14,7 @@
                 Username: <input type="text" name="user" value="">
                 Password: <input type="password" name="password" value="">
                 <input type="submit" value="Login">
+               Secure computer: <input style="width:1em" type="checkbox" name="remember">
                 </p>
         </form>
         </li>
diff --git a/root/src/login.tt2 b/root/src/login.tt2

new file mode 100644 (file)

index 0000000..f69d2e4
--- /dev/null
+++ b/root/src/login.tt2
@@ -0,0 +1 @@
+<p>Bad username or password</p>
author	Michael Andreen <harv@ruin.nu>
	Tue, 15 Jul 2008 19:42:38 +0000 (21:42 +0200)
committer	Michael Andreen <harv@ruin.nu>
	Tue, 15 Jul 2008 21:28:43 +0000 (23:28 +0200)
database/login.sql	[new file with mode: 0644]	patch \| blob
lib/NDWeb.pm		patch \| blob \| history
lib/NDWeb/Controller/Root.pm		patch \| blob \| history
root/lib/site/leftbar.tt2		patch \| blob \| history
root/src/login.tt2	[new file with mode: 0644]	patch \| blob