1 ! Copyright (c) 2008 Slava Pestov
\r
2 ! See http://factorcode.org/license.txt for BSD license.
\r
3 USING: kernel accessors namespaces sequences math.parser
\r
4 calendar checksums validators urls logging html.forms
\r
5 http http.server http.server.dispatchers
\r
12 furnace.conversations
\r
13 furnace.auth.login.permits ;
\r
14 IN: furnace.auth.login
\r
18 : permit-id-key ( realm -- string )
\r
19 hex-string "__p_" prepend ;
\r
21 : client-permit-id ( realm -- id/f )
\r
22 permit-id-key client-state dup [ string>number ] when ;
\r
24 TUPLE: login-realm < realm timeout domain ;
\r
26 M: login-realm init-realm
\r
27 name>> client-permit-id permit-id set ;
\r
29 M: login-realm logged-in-username
\r
30 drop permit-id get dup [ get-permit-uid ] when ;
\r
32 M: login-realm modify-form ( responder -- xml/f )
\r
33 drop permit-id get realm get name>> permit-id-key hidden-form-field ;
\r
35 : <permit-cookie> ( -- cookie )
\r
36 permit-id get realm get name>> permit-id-key <cookie>
\r
37 "$login-realm" resolve-base-path >>path
\r
39 [ domain>> >>domain ]
\r
40 [ secure>> >>secure ]
\r
43 : put-permit-cookie ( response -- response' )
\r
44 <permit-cookie> put-cookie ;
\r
46 \ put-permit-cookie DEBUG add-input-logging
\r
48 : successful-login ( user -- response )
\r
49 [ username>> make-permit permit-id set ] [ init-user ] bi
\r
50 URL" $realm" end-aside
\r
53 \ successful-login DEBUG add-input-logging
\r
55 : logout ( -- response )
\r
56 permit-id get [ delete-permit ] when*
\r
57 URL" $realm" end-aside ;
\r
62 SYMBOL: capabilities
\r
66 CONSTANT: flashed-variables { description capabilities }
\r
68 : login-failed ( -- * )
\r
69 "invalid username or password" validation-error
\r
72 : <login-action> ( -- action )
\r
75 description cget "description" set-value
\r
76 capabilities cget words>strings "capabilities" set-value
\r
79 { login-realm "login" } >>template
\r
83 { "username" [ v-required ] }
\r
84 { "password" [ v-required ] }
\r
88 "username" value check-login
\r
89 [ successful-login ] [ login-failed ] if*
\r
92 <secure-realm-only> ;
\r
94 : <logout-action> ( -- action )
\r
96 [ logout ] >>submit ;
\r
98 M: login-realm login-required* ( description capabilities login -- response )
\r
100 [ description cset ] [ capabilities cset ] [ secure>> ] tri*
\r
102 url get >secure-url begin-aside
\r
103 URL" $realm/login" >secure-url <continue-conversation>
\r
105 url get begin-aside
\r
106 URL" $realm/login" <continue-conversation>
\r
109 M: login-realm user-registered ( user realm -- response )
\r
110 drop successful-login ;
\r
112 : <login-realm> ( responder name -- realm )
\r
113 login-realm new-realm
\r
114 <login-action> "login" add-responder
\r
115 <logout-action> "logout" add-responder
\r
116 20 minutes >>timeout ;
\r