cafe-grader-web

Commit r884:490fbe2ccf0b public

parent | child
Description:
force log out when password change
Commit status:
[Not Reviewed]
References:
tip algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r884:490fbe2ccf0b - - 2 files changed: 7 inserted, 1 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -93,48 +93,53
93 end
93 end
94
94
95 # check if run in single user mode
95 # check if run in single user mode
96 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
96 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
97 if @current_user==nil || (!@current_user.admin?)
97 if @current_user==nil || (!@current_user.admin?)
98 unauthorized_redirect('You cannot log in at this time')
98 unauthorized_redirect('You cannot log in at this time')
99 return false
99 return false
100 end
100 end
101 end
101 end
102
102
103 # check if the user is enabled
103 # check if the user is enabled
104 unless @current_user.enabled? || @current_user.admin?
104 unless @current_user.enabled? || @current_user.admin?
105 unauthorized_redirect 'Your account is disabled'
105 unauthorized_redirect 'Your account is disabled'
106 return false
106 return false
107 end
107 end
108
108
109 # check if user ip is allowed
109 # check if user ip is allowed
110 unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
110 unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
111 unless is_request_ip_allowed?
111 unless is_request_ip_allowed?
112 unauthorized_redirect 'Your IP is not allowed to login at this time.'
112 unauthorized_redirect 'Your IP is not allowed to login at this time.'
113 return false
113 return false
114 end
114 end
115 end
115 end
116
116
117 + # check if password is changed
118 + if session[:last_password_hash] != @current_user.hashed_password
119 + unauthorized_redirect 'You are forced to log out.'
120 + end
121 +
117 if GraderConfiguration.multicontests?
122 if GraderConfiguration.multicontests?
118 return true if @current_user.admin?
123 return true if @current_user.admin?
119 begin
124 begin
120 if @current_user.contest_stat(true).forced_logout
125 if @current_user.contest_stat(true).forced_logout
121 flash[:notice] = 'You have been automatically logged out.'
126 flash[:notice] = 'You have been automatically logged out.'
122 redirect_to :controller => 'main', :action => 'index'
127 redirect_to :controller => 'main', :action => 'index'
123 end
128 end
124 rescue
129 rescue
125 end
130 end
126 end
131 end
127 return true
132 return true
128 end
133 end
129
134
130 #redirect to root (and also force logout)
135 #redirect to root (and also force logout)
131 #if the user use different ip from the previous connection
136 #if the user use different ip from the previous connection
132 # only applicable when MULTIPLE_IP_LOGIN options is false only
137 # only applicable when MULTIPLE_IP_LOGIN options is false only
133 def authenticate_by_ip_address
138 def authenticate_by_ip_address
134 #this assume that we have already authenticate normally
139 #this assume that we have already authenticate normally
135 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
140 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
136 user = User.find(session[:user_id])
141 user = User.find(session[:user_id])
137 if (!user.admin? && user.last_ip && user.last_ip != unique_visitor_id)
142 if (!user.admin? && user.last_ip && user.last_ip != unique_visitor_id)
138 flash[:notice] = "You cannot use the system from two different places"
143 flash[:notice] = "You cannot use the system from two different places"
139 redirect_to :controller => 'main', :action => 'login'
144 redirect_to :controller => 'main', :action => 'login'
140 return false
145 return false
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,60 +1,61
1 class LoginController < ApplicationController
1 class LoginController < ApplicationController
2
2
3 @@authenticators = []
3 @@authenticators = []
4 -
4 +
5 def index
5 def index
6 # show login screen
6 # show login screen
7 reset_session
7 reset_session
8 redirect_to :controller => 'main', :action => 'login'
8 redirect_to :controller => 'main', :action => 'login'
9 end
9 end
10
10
11 def login
11 def login
12 user = get_authenticated_user(params[:login], params[:password])
12 user = get_authenticated_user(params[:login], params[:password])
13 unless user
13 unless user
14 flash[:notice] = 'Wrong password'
14 flash[:notice] = 'Wrong password'
15 redirect_to :controller => 'main', :action => 'login'
15 redirect_to :controller => 'main', :action => 'login'
16 return
16 return
17 end
17 end
18
18
19 if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin?
19 if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin?
20 flash[:notice] = 'You must accept the agreement before logging in'
20 flash[:notice] = 'You must accept the agreement before logging in'
21 redirect_to :controller => 'main', :action => 'login'
21 redirect_to :controller => 'main', :action => 'login'
22 return
22 return
23 end
23 end
24
24
25 #store uuid when login
25 #store uuid when login
26 if user.last_ip.nil?
26 if user.last_ip.nil?
27 user.last_ip = cookies.encrypted[:uuid]
27 user.last_ip = cookies.encrypted[:uuid]
28 else
28 else
29 if user.last_ip != cookies.encrypted[:uuid]
29 if user.last_ip != cookies.encrypted[:uuid]
30 user.last_ip =cookies.encrypted[:uuid]
30 user.last_ip =cookies.encrypted[:uuid]
31 #log different login
31 #log different login
32 end
32 end
33 end
33 end
34
34
35 #process logging in
35 #process logging in
36 session[:user_id] = user.id
36 session[:user_id] = user.id
37 + session[:last_password_hash] = user.hashed_password
37 session[:admin] = user.admin?
38 session[:admin] = user.admin?
38
39
39 # clear forced logout flag for multicontests contest change
40 # clear forced logout flag for multicontests contest change
40 if GraderConfiguration.multicontests?
41 if GraderConfiguration.multicontests?
41 contest_stat = user.contest_stat
42 contest_stat = user.contest_stat
42 if contest_stat.respond_to? :forced_logout
43 if contest_stat.respond_to? :forced_logout
43 if contest_stat.forced_logout
44 if contest_stat.forced_logout
44 contest_stat.forced_logout = false
45 contest_stat.forced_logout = false
45 contest_stat.save
46 contest_stat.save
46 end
47 end
47 end
48 end
48 end
49 end
49
50
50 #save login information
51 #save login information
51 Login.create(user_id: user.id, ip_address: cookies.encrypted[:uuid])
52 Login.create(user_id: user.id, ip_address: cookies.encrypted[:uuid])
52
53
53 redirect_to :controller => 'main', :action => 'list'
54 redirect_to :controller => 'main', :action => 'list'
54 end
55 end
55
56
56 def site_login
57 def site_login
57 begin
58 begin
58 site = Site.find(params[:login][:site_id])
59 site = Site.find(params[:login][:site_id])
59 rescue ActiveRecord::RecordNotFound
60 rescue ActiveRecord::RecordNotFound
60 site = nil
61 site = nil
You need to be logged in to leave comments. Login now