From da77e07d9a4ac17a25796a0b897a03f4853ba341 Mon Sep 17 00:00:00 2001 From: Michael Andreen Date: Tue, 15 Jul 2008 21:42:38 +0200 Subject: [PATCH] Better session support and auth logging --- database/login.sql | 9 +++++++++ lib/NDWeb.pm | 3 +++ lib/NDWeb/Controller/Root.pm | 38 ++++++++++++++++++++++++++++-------- root/lib/site/leftbar.tt2 | 1 + root/src/login.tt2 | 1 + 5 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 database/login.sql create mode 100644 root/src/login.tt2 diff --git a/database/login.sql b/database/login.sql new file mode 100644 index 0000000..97de98c --- /dev/null +++ b/database/login.sql @@ -0,0 +1,9 @@ +CREATE TABLE session_log ( + uid INTEGER NOT NULL REFERENCES users(uid), + time TIMESTAMP WITH TIME ZONE NOT NULL, + ip INET NOT NULL, + country CHAR(2) NOT NULL, + session TEXT NOT NULL, + remember BOOL NOT NULL, + PRIMARY KEY(uid,time,ip) +); diff --git a/lib/NDWeb.pm b/lib/NDWeb.pm index d2f1517..28191c0 100644 --- a/lib/NDWeb.pm +++ b/lib/NDWeb.pm @@ -31,6 +31,8 @@ __PACKAGE__->config->{'Plugin::Authentication'}{'use_session'} = 1; __PACKAGE__->config(session => { storage => "/tmp/ndweb-$>/sesession", directory_umask => 077, + expires => 300, + verify_address => 1, }); __PACKAGE__->config( cache => { backend => { @@ -58,6 +60,7 @@ __PACKAGE__->setup(qw/ Authorization::Roles Authorization::ACL + Session::DynamicExpiry Session Session::Store::File Session::State::Cookie diff --git a/lib/NDWeb/Controller/Root.pm b/lib/NDWeb/Controller/Root.pm index 8b4240a..6421b00 100644 --- a/lib/NDWeb/Controller/Root.pm +++ b/lib/NDWeb/Controller/Root.pm @@ -5,6 +5,8 @@ use warnings; use parent 'Catalyst::Controller'; use ND::Include; +use Geo::IP; + # # Sets the actions in this controller to be registered with no prefix @@ -40,19 +42,32 @@ sub default : Path { sub login : Local { my ($self, $c) = @_; + if ($c->login){ - $c->res->redirect($c->uri_for('index')); + my $gi = Geo::IP->new(GEOIP_STANDARD); + my $country = $gi->country_code_by_addr($c->req->address) || '??'; + + my $remember = 0; + if ($c->req->param('remember')){ + $c->session_time_to_live( 604800 ); # expire in one week. + $remember = 1; + } + my $log = $c->model->prepare(q{INSERT INTO session_log + (uid,time,ip,country,session,remember) + VALUES ($1,NOW(),$2,$3,$4,$5) + }); + $log->execute($c->user->id,$c->req->address + ,$country,$c->sessionid,$remember); + + $c->res->redirect($c->req->referer); return; } - - $c->stash(error => 'Bad password'); - $c->stash(template => 'index.tt2'); - $c->forward('index'); } sub logout : Local { my ($self, $c) = @_; $c->logout; + $c->delete_session("logout"); $c->res->redirect($c->uri_for('index')); } @@ -124,9 +139,6 @@ sub auto : Private { sub access_denied : Private { my ($self, $c, $action) = @_; - $c->log->debug('moo' . $action); - - # Set the error message $c->stash->{template} = 'access_denied.tt2'; } @@ -142,6 +154,16 @@ sub end : ActionClass('RenderView') { my $dbh = $c ->model; + if (scalar @{ $c->error } ){ + if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){ + $c->stash->{template} = 'access_denied.tt2'; + $c->clear_errors; + }elsif ($c->error->[0] =~ m/Missing roles: /){ + $c->stash->{template} = 'access_denied.tt2'; + $c->clear_errors; + } + } + if ($c->user_exists && $c->res->status == 200){ my $fleetupdate = 0; if ($c->check_user_roles(qw/member_menu/)){ diff --git a/root/lib/site/leftbar.tt2 b/root/lib/site/leftbar.tt2 index 0926e50..32d0561 100644 --- a/root/lib/site/leftbar.tt2 +++ b/root/lib/site/leftbar.tt2 @@ -14,6 +14,7 @@ Username: Password: + Secure computer:

diff --git a/root/src/login.tt2 b/root/src/login.tt2 new file mode 100644 index 0000000..f69d2e4 --- /dev/null +++ b/root/src/login.tt2 @@ -0,0 +1 @@ +

Bad username or password

-- 2.39.2