cafe-grader-web

Commit r850:59871a361239 public

parent | child
Description:
change to encrypted cookies
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r850:59871a361239 - - 2 files changed: 8 inserted, 6 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -12,100 +12,102
12 12 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
13 13 WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore'
14 14 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
15 15
16 16 #report and redirect for unauthorized activities
17 17 def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
18 18 flash[:notice] = notice
19 19 redirect_to login_main_path
20 20 end
21 21
22 22 # Returns the current logged-in user (if any).
23 23 def current_user
24 24 return nil unless session[:user_id]
25 25 @current_user ||= User.find(session[:user_id])
26 26 end
27 27
28 28 def nav_announcement
29 29 @nav_announcement = Announcement.where(on_nav_bar: true)
30 30 end
31 31
32 32 def admin_authorization
33 33 return false unless check_valid_login
34 34 user = User.includes(:roles).find(session[:user_id])
35 35 unless user.admin?
36 36 unauthorized_redirect
37 37 return false
38 38 end
39 39 return true
40 40 end
41 41
42 42 def authorization_by_roles(allowed_roles)
43 43 return false unless check_valid_login
44 44 unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) }
45 45 unauthorized_redirect
46 46 return false
47 47 end
48 48 end
49 49
50 50 def testcase_authorization
51 51 #admin always has privileged
52 52 if @current_user.admin?
53 53 return true
54 54 end
55 55
56 56 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
57 57 end
58 58
59 59 def unique_visitor_id
60 - unless cookies[:uuid]
60 + unless cookies.encrypted[:uuid]
61 61 value = SecureRandom.uuid
62 - cookies[:uuid] = { value: value, expires: 20.year }
62 + cookies.encrypted[:uuid] = { value: value, expires: 20.year }
63 63 end
64 + puts "encrypt " + cookies.encrypted[:uuid]
65 + puts cookies[:uuid]
64 66 end
65 67
66 68 protected
67 69
68 70 #redirect to root (and also force logout)
69 71 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
70 72 def check_valid_login
71 73 #check if logged in
72 74 unless session[:user_id]
73 75 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
74 76 unauthorized_redirect('You need to login but you cannot log in at this time')
75 77 else
76 78 unauthorized_redirect('You need to login')
77 79 end
78 80 return false
79 81 end
80 82
81 83 # check if run in single user mode
82 84 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
83 85 if @current_user==nil || (!@current_user.admin?)
84 86 unauthorized_redirect('You cannot log in at this time')
85 87 return false
86 88 end
87 89 end
88 90
89 91 # check if the user is enabled
90 92 unless @current_user.enabled? || @current_user.admin?
91 93 unauthorized_redirect 'Your account is disabled'
92 94 return false
93 95 end
94 96
95 97 # check if user ip is allowed
96 98 unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
97 99 unless is_request_ip_allowed?
98 100 unauthorized_redirect 'Your IP is not allowed to login at this time.'
99 101 return false
100 102 end
101 103 end
102 104
103 105 if GraderConfiguration.multicontests?
104 106 return true if @current_user.admin?
105 107 begin
106 108 if @current_user.contest_stat(true).forced_logout
107 109 flash[:notice] = 'You have been automatically logged out.'
108 110 redirect_to :controller => 'main', :action => 'index'
109 111 end
110 112 rescue
111 113 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,99 +1,99
1 1 class LoginController < ApplicationController
2 2
3 3 @@authenticators = []
4 4
5 5 def index
6 6 # show login screen
7 7 reset_session
8 8 redirect_to :controller => 'main', :action => 'login'
9 9 end
10 10
11 11 def login
12 12 user = get_authenticated_user(params[:login], params[:password])
13 13 unless user
14 14 flash[:notice] = 'Wrong password'
15 15 redirect_to :controller => 'main', :action => 'login'
16 16 return
17 17 end
18 18
19 19 if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin?
20 20 flash[:notice] = 'You must accept the agreement before logging in'
21 21 redirect_to :controller => 'main', :action => 'login'
22 22 return
23 23 end
24 24
25 25 #store uuid when login
26 26 if user.last_ip.nil?
27 - user.last_ip = cookies[:uuid]
27 + user.last_ip = cookies.encrypted[:uuid]
28 28 else
29 - if user.last_ip != cookies[:uuid]
30 - user.last_ip =cookies[:uuid]
29 + if user.last_ip != cookies.encrypted[:uuid]
30 + user.last_ip =cookies.encrypted[:uuid]
31 31 #log different login
32 32 end
33 33 end
34 34
35 35 #process logging in
36 36 session[:user_id] = user.id
37 37 session[:admin] = user.admin?
38 38
39 39 # clear forced logout flag for multicontests contest change
40 40 if GraderConfiguration.multicontests?
41 41 contest_stat = user.contest_stat
42 42 if contest_stat.respond_to? :forced_logout
43 43 if contest_stat.forced_logout
44 44 contest_stat.forced_logout = false
45 45 contest_stat.save
46 46 end
47 47 end
48 48 end
49 49
50 50 #save login information
51 - Login.create(user_id: user.id, ip_address: cookies[:uuid])
51 + Login.create(user_id: user.id, ip_address: cookies.encrypted[:uuid])
52 52
53 53 redirect_to :controller => 'main', :action => 'list'
54 54 end
55 55
56 56 def site_login
57 57 begin
58 58 site = Site.find(params[:login][:site_id])
59 59 rescue ActiveRecord::RecordNotFound
60 60 site = nil
61 61 end
62 62 if site==nil
63 63 flash[:notice] = 'Wrong site'
64 64 redirect_to :controller => 'main', :action => 'login' and return
65 65 end
66 66 if (site.password) and (site.password == params[:login][:password])
67 67 session[:site_id] = site.id
68 68 redirect_to :controller => 'site', :action => 'index'
69 69 else
70 70 flash[:notice] = 'Wrong site password'
71 71 redirect_to :controller => 'site', :action => 'login'
72 72 end
73 73 end
74 74
75 75 def logout
76 76 redirect_to root_path
77 77 end
78 78
79 79 def self.add_authenticator(authenticator)
80 80 @@authenticators << authenticator
81 81 end
82 82
83 83 protected
84 84
85 85 def get_authenticated_user(login, password)
86 86 if @@authenticators.empty?
87 87 return User.authenticate(login, password)
88 88 else
89 89 user = User.authenticate(login, password)
90 90 @@authenticators.each do |authenticator|
91 91 if not user
92 92 user = authenticator.authenticate(login, password)
93 93 end
94 94 end
95 95 return user
96 96 end
97 97 end
98 98
99 99 end
You need to be logged in to leave comments. Login now