1 ! Copyright (c) 2008, 2010 Slava Pestov
2 ! See http://factorcode.org/license.txt for BSD license.
3 USING: accessors assocs checksums checksums.sha combinators
4 destructors endian furnace.actions furnace.auth.providers
5 furnace.auth.providers.db furnace.boilerplate
6 furnace.redirection furnace.utilities html.forms http.server
7 http.server.dispatchers http.server.filters io.encodings.string
8 io.encodings.utf8 io.sockets.secure kernel logging namespaces
9 random sequences sets urls ;
12 SYMBOL: logged-in-user
15 logged-in-user get >boolean ;
17 : username ( -- string/f )
18 logged-in-user get dup [ username>> ] when ;
20 GENERIC: init-user-profile ( responder -- )
22 M: object init-user-profile drop ;
24 M: dispatcher init-user-profile
25 default>> init-user-profile ;
27 M: filter-responder init-user-profile
28 responder>> init-user-profile ;
30 : current-profile ( -- assoc ) logged-in-user get profile>> ;
33 logged-in-user get t >>changed? drop ;
35 : uget ( key -- value )
38 : uset ( value key -- )
39 current-profile set-at
42 : uchange ( quot key -- )
43 current-profile swap change-at
48 V{ } clone capabilities set-global
50 : define-capability ( word -- ) capabilities get adjoin ;
52 TUPLE: realm < dispatcher name users checksum secure ;
54 GENERIC: login-required* ( description capabilities realm -- response )
56 GENERIC: user-registered ( user realm -- response )
58 M: object user-registered 2drop URL" $realm" <redirect> ;
60 GENERIC: init-realm ( realm -- )
62 GENERIC: logged-in-username ( realm -- username )
64 : login-required ( description capabilities -- * )
65 realm get login-required* exit-with ;
67 : new-realm ( responder name class -- realm )
73 ssl-supported? >>secure ; inline
75 : users ( -- provider )
78 TUPLE: user-saver user ;
80 C: <user-saver> user-saver
83 user>> dup changed?>> [ users update-user ] [ drop ] if ;
85 : save-user-after ( user -- )
86 <user-saver> &dispose drop ;
88 : init-user ( user -- )
89 [ [ logged-in-user namespaces:set ] [ save-user-after ] bi ] when* ;
91 \ init-user DEBUG add-input-logging
93 M: realm call-responder*
94 dup realm namespaces:set
97 dup logged-in-username
98 dup [ users get-user ] when
103 : encode-password ( string salt -- bytes )
104 [ utf8 encode ] [ 4 >be ] bi* append
105 realm get checksum>> checksum-bytes ;
107 : >>encoded-password ( user string -- user )
108 32 random-bits [ encode-password ] keep
109 [ >>password ] [ >>salt ] bi* ; inline
111 : valid-login? ( password user -- ? )
112 [ salt>> encode-password ] [ password>> ] bi = ;
114 : check-login ( password username -- user/f )
115 users get-user dup [ [ valid-login? ] keep and ] [ 2drop f ] if ;
117 : if-secure-realm ( quot -- )
118 realm get secure>> [ if-secure ] [ call ] if ; inline
120 TUPLE: secure-realm-only < filter-responder ;
122 C: <secure-realm-only> secure-realm-only
124 M: secure-realm-only call-responder*
125 '[ _ _ call-next-method ] if-secure-realm ;
127 TUPLE: protected < filter-responder description capabilities ;
129 : <protected> ( responder -- protected )
133 : have-capabilities? ( capabilities -- ? )
134 realm get secure>> secure-connection? not and [ drop f ] [
136 { [ dup not ] [ 2drop f ] }
137 { [ dup deleted>> 1 = ] [ 2drop f ] }
138 [ capabilities>> subset? ]
142 M: protected call-responder*
143 dup protected namespaces:set
144 dup capabilities>> have-capabilities?
145 [ call-next-method ] [
146 [ drop ] [ [ description>> ] [ capabilities>> ] bi ] bi*
147 realm get login-required*
150 : <auth-boilerplate> ( responder -- responder' )
151 <boilerplate> { realm "boilerplate" } >>template ;
153 : password-mismatch ( -- * )
154 "passwords do not match" validation-error
157 : same-password-twice ( -- )
158 "new-password" value "verify-password" value =
159 [ password-mismatch ] unless ;
161 : user-exists ( -- * )
162 "username taken" validation-error