Fossil SCM
Added some code for dumbing-down only the different login errors (missing name, missing pw, or no match found). Defaults to dumbed-down mode.
Commit
388c9888afe93db29790f65580d6b1e0a2e6835a
Parent
b0885e864c3a4f9…
2 files changed
+28
-11
+8
-1
+28
-11
| --- src/json.c | ||
| +++ src/json.c | ||
| @@ -43,18 +43,19 @@ | ||
| 43 | 43 | ** |
| 44 | 44 | */ |
| 45 | 45 | enum FossilJsonCodes { |
| 46 | 46 | |
| 47 | 47 | FSL_JSON_E_GENERIC = 1000, |
| 48 | -FSL_JSON_E_INVALID_REQUEST = FSL_JSON_E_GENERIC + 1, | |
| 49 | -FSL_JSON_E_UNKNOWN_COMMAND = FSL_JSON_E_GENERIC + 2, | |
| 50 | -FSL_JSON_E_UNKNOWN = FSL_JSON_E_GENERIC + 3, | |
| 51 | -FSL_JSON_E_RESOURCE_NOT_FOUND = FSL_JSON_E_GENERIC + 4, | |
| 52 | -FSL_JSON_E_TIMEOUT = FSL_JSON_E_GENERIC + 5, | |
| 53 | -FSL_JSON_E_ASSERT = FSL_JSON_E_GENERIC + 6, | |
| 54 | -FSL_JSON_E_ALLOC = FSL_JSON_E_GENERIC + 7, | |
| 55 | -FSL_JSON_E_NYI = FSL_JSON_E_GENERIC + 8, | |
| 48 | +FSL_JSON_E_GENERIC_SUB1 = FSL_JSON_E_GENERIC + 100, | |
| 49 | +FSL_JSON_E_INVALID_REQUEST = FSL_JSON_E_GENERIC_SUB1 + 1, | |
| 50 | +FSL_JSON_E_UNKNOWN_COMMAND = FSL_JSON_E_GENERIC_SUB1 + 2, | |
| 51 | +FSL_JSON_E_UNKNOWN = FSL_JSON_E_GENERIC_SUB1 + 3, | |
| 52 | +FSL_JSON_E_RESOURCE_NOT_FOUND = FSL_JSON_E_GENERIC_SUB1 + 4, | |
| 53 | +FSL_JSON_E_TIMEOUT = FSL_JSON_E_GENERIC_SUB1 + 5, | |
| 54 | +FSL_JSON_E_ASSERT = FSL_JSON_E_GENERIC_SUB1 + 6, | |
| 55 | +FSL_JSON_E_ALLOC = FSL_JSON_E_GENERIC_SUB1 + 7, | |
| 56 | +FSL_JSON_E_NYI = FSL_JSON_E_GENERIC_SUB1 + 8, | |
| 56 | 57 | |
| 57 | 58 | FSL_JSON_E_AUTH = 2000, |
| 58 | 59 | FSL_JSON_E_MISSING_AUTH = FSL_JSON_E_AUTH + 2, |
| 59 | 60 | FSL_JSON_E_DENIED = FSL_JSON_E_AUTH + 3, |
| 60 | 61 | FSL_JSON_E_WRONG_MODE = FSL_JSON_E_AUTH + 4, |
| @@ -557,10 +558,13 @@ | ||
| 557 | 558 | SET("fossil"); |
| 558 | 559 | |
| 559 | 560 | {/* "timestamp" */ |
| 560 | 561 | cson_int_t jsTime; |
| 561 | 562 | #if 1 |
| 563 | + /* Ge Weijers has pointed out that time(0) commonly returns | |
| 564 | + GMT, but is not required to by the standard. | |
| 565 | + */ | |
| 562 | 566 | time_t const t = (time_t)time(0); |
| 563 | 567 | struct tm gt = *gmtime(&t); |
| 564 | 568 | gt.tm_isdst = -1; |
| 565 | 569 | jsTime = (cson_int_t)mktime(>); |
| 566 | 570 | #else |
| @@ -765,10 +769,17 @@ | ||
| 765 | 769 | ** (no cookie). In theory that works but we don't yet have |
| 766 | 770 | ** a non-browser client to play with. |
| 767 | 771 | ** |
| 768 | 772 | */ |
| 769 | 773 | cson_value * json_page_login(void){ |
| 774 | + static char preciseErrors = | |
| 775 | +#if 0 | |
| 776 | + g.json.errorDetailParanoia ? 0 : 1 | |
| 777 | +#else | |
| 778 | + 0 | |
| 779 | +#endif | |
| 780 | + ; | |
| 770 | 781 | /* |
| 771 | 782 | FIXME: we want to check the GET/POST args in this order: |
| 772 | 783 | |
| 773 | 784 | - GET: name, n, password, p |
| 774 | 785 | - POST: name, password |
| @@ -787,11 +798,13 @@ | ||
| 787 | 798 | if( !name ){ |
| 788 | 799 | name = PD("n",NULL); |
| 789 | 800 | if( !name ){ |
| 790 | 801 | name = PD("name",NULL); |
| 791 | 802 | if( !name ){ |
| 792 | - g.json.resultCode = FSL_JSON_E_LOGIN_FAILED_NONAME; | |
| 803 | + g.json.resultCode = preciseErrors | |
| 804 | + ? FSL_JSON_E_LOGIN_FAILED_NONAME | |
| 805 | + : FSL_JSON_E_LOGIN_FAILED; | |
| 793 | 806 | return NULL; |
| 794 | 807 | } |
| 795 | 808 | } |
| 796 | 809 | } |
| 797 | 810 | |
| @@ -801,11 +814,13 @@ | ||
| 801 | 814 | if( !pw ){ |
| 802 | 815 | pw = PD("password",NULL); |
| 803 | 816 | } |
| 804 | 817 | } |
| 805 | 818 | if(!pw){ |
| 806 | - g.json.resultCode = FSL_JSON_E_LOGIN_FAILED_NOPW; | |
| 819 | + g.json.resultCode = preciseErrors | |
| 820 | + ? FSL_JSON_E_LOGIN_FAILED_NOPW | |
| 821 | + : FSL_JSON_E_LOGIN_FAILED; | |
| 807 | 822 | return NULL; |
| 808 | 823 | }else{ |
| 809 | 824 | cson_value * payload = NULL; |
| 810 | 825 | int uid = 0; |
| 811 | 826 | #if 0 |
| @@ -818,11 +833,13 @@ | ||
| 818 | 833 | cson_object_set( o, "p", cson_value_new_string(pw,strlen(pw))); |
| 819 | 834 | return payload; |
| 820 | 835 | #else |
| 821 | 836 | uid = login_search_uid( name, pw ); |
| 822 | 837 | if( !uid ){ |
| 823 | - g.json.resultCode = FSL_JSON_E_LOGIN_FAILED_NOTFOUND; | |
| 838 | + g.json.resultCode = preciseErrors | |
| 839 | + ? FSL_JSON_E_LOGIN_FAILED_NOTFOUND | |
| 840 | + : FSL_JSON_E_LOGIN_FAILED; | |
| 824 | 841 | }else{ |
| 825 | 842 | char * cookie = NULL; |
| 826 | 843 | login_set_user_cookie(name, uid, &cookie); |
| 827 | 844 | payload = cson_value_new_string( cookie, strlen(cookie) ); |
| 828 | 845 | free(cookie); |
| 829 | 846 |
| --- src/json.c | |
| +++ src/json.c | |
| @@ -43,18 +43,19 @@ | |
| 43 | ** |
| 44 | */ |
| 45 | enum FossilJsonCodes { |
| 46 | |
| 47 | FSL_JSON_E_GENERIC = 1000, |
| 48 | FSL_JSON_E_INVALID_REQUEST = FSL_JSON_E_GENERIC + 1, |
| 49 | FSL_JSON_E_UNKNOWN_COMMAND = FSL_JSON_E_GENERIC + 2, |
| 50 | FSL_JSON_E_UNKNOWN = FSL_JSON_E_GENERIC + 3, |
| 51 | FSL_JSON_E_RESOURCE_NOT_FOUND = FSL_JSON_E_GENERIC + 4, |
| 52 | FSL_JSON_E_TIMEOUT = FSL_JSON_E_GENERIC + 5, |
| 53 | FSL_JSON_E_ASSERT = FSL_JSON_E_GENERIC + 6, |
| 54 | FSL_JSON_E_ALLOC = FSL_JSON_E_GENERIC + 7, |
| 55 | FSL_JSON_E_NYI = FSL_JSON_E_GENERIC + 8, |
| 56 | |
| 57 | FSL_JSON_E_AUTH = 2000, |
| 58 | FSL_JSON_E_MISSING_AUTH = FSL_JSON_E_AUTH + 2, |
| 59 | FSL_JSON_E_DENIED = FSL_JSON_E_AUTH + 3, |
| 60 | FSL_JSON_E_WRONG_MODE = FSL_JSON_E_AUTH + 4, |
| @@ -557,10 +558,13 @@ | |
| 557 | SET("fossil"); |
| 558 | |
| 559 | {/* "timestamp" */ |
| 560 | cson_int_t jsTime; |
| 561 | #if 1 |
| 562 | time_t const t = (time_t)time(0); |
| 563 | struct tm gt = *gmtime(&t); |
| 564 | gt.tm_isdst = -1; |
| 565 | jsTime = (cson_int_t)mktime(>); |
| 566 | #else |
| @@ -765,10 +769,17 @@ | |
| 765 | ** (no cookie). In theory that works but we don't yet have |
| 766 | ** a non-browser client to play with. |
| 767 | ** |
| 768 | */ |
| 769 | cson_value * json_page_login(void){ |
| 770 | /* |
| 771 | FIXME: we want to check the GET/POST args in this order: |
| 772 | |
| 773 | - GET: name, n, password, p |
| 774 | - POST: name, password |
| @@ -787,11 +798,13 @@ | |
| 787 | if( !name ){ |
| 788 | name = PD("n",NULL); |
| 789 | if( !name ){ |
| 790 | name = PD("name",NULL); |
| 791 | if( !name ){ |
| 792 | g.json.resultCode = FSL_JSON_E_LOGIN_FAILED_NONAME; |
| 793 | return NULL; |
| 794 | } |
| 795 | } |
| 796 | } |
| 797 | |
| @@ -801,11 +814,13 @@ | |
| 801 | if( !pw ){ |
| 802 | pw = PD("password",NULL); |
| 803 | } |
| 804 | } |
| 805 | if(!pw){ |
| 806 | g.json.resultCode = FSL_JSON_E_LOGIN_FAILED_NOPW; |
| 807 | return NULL; |
| 808 | }else{ |
| 809 | cson_value * payload = NULL; |
| 810 | int uid = 0; |
| 811 | #if 0 |
| @@ -818,11 +833,13 @@ | |
| 818 | cson_object_set( o, "p", cson_value_new_string(pw,strlen(pw))); |
| 819 | return payload; |
| 820 | #else |
| 821 | uid = login_search_uid( name, pw ); |
| 822 | if( !uid ){ |
| 823 | g.json.resultCode = FSL_JSON_E_LOGIN_FAILED_NOTFOUND; |
| 824 | }else{ |
| 825 | char * cookie = NULL; |
| 826 | login_set_user_cookie(name, uid, &cookie); |
| 827 | payload = cson_value_new_string( cookie, strlen(cookie) ); |
| 828 | free(cookie); |
| 829 |
| --- src/json.c | |
| +++ src/json.c | |
| @@ -43,18 +43,19 @@ | |
| 43 | ** |
| 44 | */ |
| 45 | enum FossilJsonCodes { |
| 46 | |
| 47 | FSL_JSON_E_GENERIC = 1000, |
| 48 | FSL_JSON_E_GENERIC_SUB1 = FSL_JSON_E_GENERIC + 100, |
| 49 | FSL_JSON_E_INVALID_REQUEST = FSL_JSON_E_GENERIC_SUB1 + 1, |
| 50 | FSL_JSON_E_UNKNOWN_COMMAND = FSL_JSON_E_GENERIC_SUB1 + 2, |
| 51 | FSL_JSON_E_UNKNOWN = FSL_JSON_E_GENERIC_SUB1 + 3, |
| 52 | FSL_JSON_E_RESOURCE_NOT_FOUND = FSL_JSON_E_GENERIC_SUB1 + 4, |
| 53 | FSL_JSON_E_TIMEOUT = FSL_JSON_E_GENERIC_SUB1 + 5, |
| 54 | FSL_JSON_E_ASSERT = FSL_JSON_E_GENERIC_SUB1 + 6, |
| 55 | FSL_JSON_E_ALLOC = FSL_JSON_E_GENERIC_SUB1 + 7, |
| 56 | FSL_JSON_E_NYI = FSL_JSON_E_GENERIC_SUB1 + 8, |
| 57 | |
| 58 | FSL_JSON_E_AUTH = 2000, |
| 59 | FSL_JSON_E_MISSING_AUTH = FSL_JSON_E_AUTH + 2, |
| 60 | FSL_JSON_E_DENIED = FSL_JSON_E_AUTH + 3, |
| 61 | FSL_JSON_E_WRONG_MODE = FSL_JSON_E_AUTH + 4, |
| @@ -557,10 +558,13 @@ | |
| 558 | SET("fossil"); |
| 559 | |
| 560 | {/* "timestamp" */ |
| 561 | cson_int_t jsTime; |
| 562 | #if 1 |
| 563 | /* Ge Weijers has pointed out that time(0) commonly returns |
| 564 | GMT, but is not required to by the standard. |
| 565 | */ |
| 566 | time_t const t = (time_t)time(0); |
| 567 | struct tm gt = *gmtime(&t); |
| 568 | gt.tm_isdst = -1; |
| 569 | jsTime = (cson_int_t)mktime(>); |
| 570 | #else |
| @@ -765,10 +769,17 @@ | |
| 769 | ** (no cookie). In theory that works but we don't yet have |
| 770 | ** a non-browser client to play with. |
| 771 | ** |
| 772 | */ |
| 773 | cson_value * json_page_login(void){ |
| 774 | static char preciseErrors = |
| 775 | #if 0 |
| 776 | g.json.errorDetailParanoia ? 0 : 1 |
| 777 | #else |
| 778 | 0 |
| 779 | #endif |
| 780 | ; |
| 781 | /* |
| 782 | FIXME: we want to check the GET/POST args in this order: |
| 783 | |
| 784 | - GET: name, n, password, p |
| 785 | - POST: name, password |
| @@ -787,11 +798,13 @@ | |
| 798 | if( !name ){ |
| 799 | name = PD("n",NULL); |
| 800 | if( !name ){ |
| 801 | name = PD("name",NULL); |
| 802 | if( !name ){ |
| 803 | g.json.resultCode = preciseErrors |
| 804 | ? FSL_JSON_E_LOGIN_FAILED_NONAME |
| 805 | : FSL_JSON_E_LOGIN_FAILED; |
| 806 | return NULL; |
| 807 | } |
| 808 | } |
| 809 | } |
| 810 | |
| @@ -801,11 +814,13 @@ | |
| 814 | if( !pw ){ |
| 815 | pw = PD("password",NULL); |
| 816 | } |
| 817 | } |
| 818 | if(!pw){ |
| 819 | g.json.resultCode = preciseErrors |
| 820 | ? FSL_JSON_E_LOGIN_FAILED_NOPW |
| 821 | : FSL_JSON_E_LOGIN_FAILED; |
| 822 | return NULL; |
| 823 | }else{ |
| 824 | cson_value * payload = NULL; |
| 825 | int uid = 0; |
| 826 | #if 0 |
| @@ -818,11 +833,13 @@ | |
| 833 | cson_object_set( o, "p", cson_value_new_string(pw,strlen(pw))); |
| 834 | return payload; |
| 835 | #else |
| 836 | uid = login_search_uid( name, pw ); |
| 837 | if( !uid ){ |
| 838 | g.json.resultCode = preciseErrors |
| 839 | ? FSL_JSON_E_LOGIN_FAILED_NOTFOUND |
| 840 | : FSL_JSON_E_LOGIN_FAILED; |
| 841 | }else{ |
| 842 | char * cookie = NULL; |
| 843 | login_set_user_cookie(name, uid, &cookie); |
| 844 | payload = cson_value_new_string( cookie, strlen(cookie) ); |
| 845 | free(cookie); |
| 846 |
+8
-1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -279,11 +279,18 @@ | ||
| 279 | 279 | sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0); |
| 280 | 280 | memset(&g, 0, sizeof(g)); |
| 281 | 281 | g.now = time(0); |
| 282 | 282 | g.argc = argc; |
| 283 | 283 | g.argv = argv; |
| 284 | - g.json.errorDetailParanoia = 0 /* FIXME: make configurable */; | |
| 284 | +#if defined(NDEBUG) | |
| 285 | + g.json.errorDetailParanoia = 2 /* FIXME: make configurable | |
| 286 | + One problem we have here is that this | |
| 287 | + code is needed before the db is opened, | |
| 288 | + so we can't sql for it.*/; | |
| 289 | +#else | |
| 290 | + g.json.errorDetailParanoia = 0; | |
| 291 | +#endif | |
| 285 | 292 | g.json.cgiCx = cson_cgi_cx_empty; |
| 286 | 293 | g.json.outOpt = cson_output_opt_empty; |
| 287 | 294 | g.json.outOpt.addNewline = 1; |
| 288 | 295 | g.json.outOpt.indentation = 1 /* FIXME: make configurable */; |
| 289 | 296 | for(i=0; i<argc; i++) g.argv[i] = fossil_mbcs_to_utf8(argv[i]); |
| 290 | 297 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -279,11 +279,18 @@ | |
| 279 | sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0); |
| 280 | memset(&g, 0, sizeof(g)); |
| 281 | g.now = time(0); |
| 282 | g.argc = argc; |
| 283 | g.argv = argv; |
| 284 | g.json.errorDetailParanoia = 0 /* FIXME: make configurable */; |
| 285 | g.json.cgiCx = cson_cgi_cx_empty; |
| 286 | g.json.outOpt = cson_output_opt_empty; |
| 287 | g.json.outOpt.addNewline = 1; |
| 288 | g.json.outOpt.indentation = 1 /* FIXME: make configurable */; |
| 289 | for(i=0; i<argc; i++) g.argv[i] = fossil_mbcs_to_utf8(argv[i]); |
| 290 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -279,11 +279,18 @@ | |
| 279 | sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0); |
| 280 | memset(&g, 0, sizeof(g)); |
| 281 | g.now = time(0); |
| 282 | g.argc = argc; |
| 283 | g.argv = argv; |
| 284 | #if defined(NDEBUG) |
| 285 | g.json.errorDetailParanoia = 2 /* FIXME: make configurable |
| 286 | One problem we have here is that this |
| 287 | code is needed before the db is opened, |
| 288 | so we can't sql for it.*/; |
| 289 | #else |
| 290 | g.json.errorDetailParanoia = 0; |
| 291 | #endif |
| 292 | g.json.cgiCx = cson_cgi_cx_empty; |
| 293 | g.json.outOpt = cson_output_opt_empty; |
| 294 | g.json.outOpt.addNewline = 1; |
| 295 | g.json.outOpt.indentation = 1 /* FIXME: make configurable */; |
| 296 | for(i=0; i<argc; i++) g.argv[i] = fossil_mbcs_to_utf8(argv[i]); |
| 297 |