From da77e07d9a4ac17a25796a0b897a03f4853ba341 Mon Sep 17 00:00:00 2001
From: Michael Andreen
Date: Tue, 15 Jul 2008 21:42:38 +0200
Subject: [PATCH] Better session support and auth logging
---
database/login.sql | 9 +++++++++
lib/NDWeb.pm | 3 +++
lib/NDWeb/Controller/Root.pm | 38 ++++++++++++++++++++++++++++--------
root/lib/site/leftbar.tt2 | 1 +
root/src/login.tt2 | 1 +
5 files changed, 44 insertions(+), 8 deletions(-)
create mode 100644 database/login.sql
create mode 100644 root/src/login.tt2
diff --git a/database/login.sql b/database/login.sql
new file mode 100644
index 0000000..97de98c
--- /dev/null
+++ b/database/login.sql
@@ -0,0 +1,9 @@
+CREATE TABLE session_log (
+ uid INTEGER NOT NULL REFERENCES users(uid),
+ time TIMESTAMP WITH TIME ZONE NOT NULL,
+ ip INET NOT NULL,
+ country CHAR(2) NOT NULL,
+ session TEXT NOT NULL,
+ remember BOOL NOT NULL,
+ PRIMARY KEY(uid,time,ip)
+);
diff --git a/lib/NDWeb.pm b/lib/NDWeb.pm
index d2f1517..28191c0 100644
--- a/lib/NDWeb.pm
+++ b/lib/NDWeb.pm
@@ -31,6 +31,8 @@ __PACKAGE__->config->{'Plugin::Authentication'}{'use_session'} = 1;
__PACKAGE__->config(session => {
storage => "/tmp/ndweb-$>/sesession",
directory_umask => 077,
+ expires => 300,
+ verify_address => 1,
});
__PACKAGE__->config( cache => {
backend => {
@@ -58,6 +60,7 @@ __PACKAGE__->setup(qw/
Authorization::Roles
Authorization::ACL
+ Session::DynamicExpiry
Session
Session::Store::File
Session::State::Cookie
diff --git a/lib/NDWeb/Controller/Root.pm b/lib/NDWeb/Controller/Root.pm
index 8b4240a..6421b00 100644
--- a/lib/NDWeb/Controller/Root.pm
+++ b/lib/NDWeb/Controller/Root.pm
@@ -5,6 +5,8 @@ use warnings;
use parent 'Catalyst::Controller';
use ND::Include;
+use Geo::IP;
+
#
# Sets the actions in this controller to be registered with no prefix
@@ -40,19 +42,32 @@ sub default : Path {
sub login : Local {
my ($self, $c) = @_;
+
if ($c->login){
- $c->res->redirect($c->uri_for('index'));
+ my $gi = Geo::IP->new(GEOIP_STANDARD);
+ my $country = $gi->country_code_by_addr($c->req->address) || '??';
+
+ my $remember = 0;
+ if ($c->req->param('remember')){
+ $c->session_time_to_live( 604800 ); # expire in one week.
+ $remember = 1;
+ }
+ my $log = $c->model->prepare(q{INSERT INTO session_log
+ (uid,time,ip,country,session,remember)
+ VALUES ($1,NOW(),$2,$3,$4,$5)
+ });
+ $log->execute($c->user->id,$c->req->address
+ ,$country,$c->sessionid,$remember);
+
+ $c->res->redirect($c->req->referer);
return;
}
-
- $c->stash(error => 'Bad password');
- $c->stash(template => 'index.tt2');
- $c->forward('index');
}
sub logout : Local {
my ($self, $c) = @_;
$c->logout;
+ $c->delete_session("logout");
$c->res->redirect($c->uri_for('index'));
}
@@ -124,9 +139,6 @@ sub auto : Private {
sub access_denied : Private {
my ($self, $c, $action) = @_;
- $c->log->debug('moo' . $action);
-
- # Set the error message
$c->stash->{template} = 'access_denied.tt2';
}
@@ -142,6 +154,16 @@ sub end : ActionClass('RenderView') {
my $dbh = $c ->model;
+ if (scalar @{ $c->error } ){
+ if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
+ $c->stash->{template} = 'access_denied.tt2';
+ $c->clear_errors;
+ }elsif ($c->error->[0] =~ m/Missing roles: /){
+ $c->stash->{template} = 'access_denied.tt2';
+ $c->clear_errors;
+ }
+ }
+
if ($c->user_exists && $c->res->status == 200){
my $fleetupdate = 0;
if ($c->check_user_roles(qw/member_menu/)){
diff --git a/root/lib/site/leftbar.tt2 b/root/lib/site/leftbar.tt2
index 0926e50..32d0561 100644
--- a/root/lib/site/leftbar.tt2
+++ b/root/lib/site/leftbar.tt2
@@ -14,6 +14,7 @@
Username:
Password:
+ Secure computer:
diff --git a/root/src/login.tt2 b/root/src/login.tt2
new file mode 100644
index 0000000..f69d2e4
--- /dev/null
+++ b/root/src/login.tt2
@@ -0,0 +1 @@
+Bad username or password
--
2.39.2