Fossil SCM
started adding login group support to /json/user/save, but it is incomplete and #if'd out.
Commit
69d0dbf2f2cc7c79a3b464b14972e4a7fbae9500
Parent
2cbe686c30ddf66…
1 file changed
+40
-4
+40
-4
| --- src/json_user.c | ||
| +++ src/json_user.c | ||
| @@ -272,11 +272,11 @@ | ||
| 272 | 272 | /* |
| 273 | 273 | Potential todo: do not allow a setup user to remove 's' from |
| 274 | 274 | himself, to avoid locking himself out? |
| 275 | 275 | */ |
| 276 | 276 | |
| 277 | - blob_append(&sql, "UPDATE USER SET",-1 ); | |
| 277 | + blob_append(&sql, "UPDATE user SET",-1 ); | |
| 278 | 278 | blob_append(&sql, " mtime=cast(strftime('%s') AS INTEGER)", -1); |
| 279 | 279 | |
| 280 | 280 | if((uid>0) && zNameNew){ |
| 281 | 281 | /* Check for name change... */ |
| 282 | 282 | if( (!g.perm.Admin && !g.perm.Setup) |
| @@ -298,17 +298,25 @@ | ||
| 298 | 298 | |
| 299 | 299 | if( zCap ){ |
| 300 | 300 | blob_appendf(&sql, ", cap=%Q", zCap); |
| 301 | 301 | ++gotFields; |
| 302 | 302 | } |
| 303 | - | |
| 303 | +#define TRY_LOGIN_GROUP 0 /* login group support is not yet implemented. */ | |
| 304 | 304 | if( zPW ){ |
| 305 | +#if !TRY_LOGIN_GROUP | |
| 305 | 306 | char * zPWHash = NULL; |
| 306 | 307 | ++gotFields; |
| 307 | 308 | zPWHash = sha1_shared_secret(zPW, zNameNew ? zNameNew : zName, NULL); |
| 308 | 309 | blob_appendf(&sql, ", pw=%Q", zPWHash); |
| 309 | 310 | free(zPWHash); |
| 311 | +#else | |
| 312 | + ++gotFields; | |
| 313 | + blob_appendf(&sql, ", pw=coalesce(shared_secret(%Q,%Q," | |
| 314 | + "(SELECT value FROM config WHERE name='project-code')))", | |
| 315 | + zPW, zNameNew ? zNameNew : zName); | |
| 316 | + /* shared_secret() func is undefined? */ | |
| 317 | +#endif | |
| 310 | 318 | } |
| 311 | 319 | |
| 312 | 320 | if( zInfo ){ |
| 313 | 321 | blob_appendf(&sql, ", info=%Q", zInfo); |
| 314 | 322 | ++gotFields; |
| @@ -324,20 +332,48 @@ | ||
| 324 | 332 | json_set_err( FSL_JSON_E_MISSING_ARGS, |
| 325 | 333 | "Required user data are missing."); |
| 326 | 334 | goto error; |
| 327 | 335 | } |
| 328 | 336 | assert(uid>0); |
| 337 | +#if !TRY_LOGIN_GROUP | |
| 329 | 338 | blob_appendf(&sql, " WHERE uid=%d", uid); |
| 330 | - free( zNameFree ); | |
| 339 | +#else /* need name for login group support :/ */ | |
| 340 | + blob_appendf(&sql, " WHERE login=%Q", zName); | |
| 341 | +#endif | |
| 331 | 342 | #if 0 |
| 332 | 343 | puts(blob_str(&sql)); |
| 333 | 344 | cson_output_FILE( cson_object_value(pUser), stdout, NULL ); |
| 334 | 345 | #endif |
| 335 | 346 | db_prepare(&q, "%s", blob_str(&sql)); |
| 336 | - blob_reset(&sql); | |
| 337 | 347 | db_exec(&q); |
| 338 | 348 | db_finalize(&q); |
| 349 | +#if TRY_LOGIN_GROUP | |
| 350 | + if( zPW || forceLogout ){ | |
| 351 | + Blob groupSql = empty_blob; | |
| 352 | + char * zErr = NULL; | |
| 353 | + blob_appendf(&groupSql, | |
| 354 | + "INSERT INTO user(login)" | |
| 355 | + " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);", | |
| 356 | + zName, zName | |
| 357 | + ); | |
| 358 | + blob_append(&groupSql, blob_str(&sql), blob_size(&sql)); | |
| 359 | + login_group_sql(blob_str(&groupSql), NULL, NULL, &zErr); | |
| 360 | + blob_reset(&groupSql); | |
| 361 | + if( zErr ){ | |
| 362 | + json_set_err( FSL_JSON_E_UNKNOWN, | |
| 363 | + "Repo-group update at least partially failed: %s", | |
| 364 | + zErr); | |
| 365 | + free(zErr); | |
| 366 | + goto error; | |
| 367 | + } | |
| 368 | + } | |
| 369 | +#endif /* TRY_LOGIN_GROUP */ | |
| 370 | + | |
| 371 | +#undef TRY_LOGIN_GROUP | |
| 372 | + | |
| 373 | + free( zNameFree ); | |
| 374 | + blob_reset(&sql); | |
| 339 | 375 | return 0; |
| 340 | 376 | |
| 341 | 377 | error: |
| 342 | 378 | assert(0 != g.json.resultCode); |
| 343 | 379 | free(zNameFree); |
| 344 | 380 |
| --- src/json_user.c | |
| +++ src/json_user.c | |
| @@ -272,11 +272,11 @@ | |
| 272 | /* |
| 273 | Potential todo: do not allow a setup user to remove 's' from |
| 274 | himself, to avoid locking himself out? |
| 275 | */ |
| 276 | |
| 277 | blob_append(&sql, "UPDATE USER SET",-1 ); |
| 278 | blob_append(&sql, " mtime=cast(strftime('%s') AS INTEGER)", -1); |
| 279 | |
| 280 | if((uid>0) && zNameNew){ |
| 281 | /* Check for name change... */ |
| 282 | if( (!g.perm.Admin && !g.perm.Setup) |
| @@ -298,17 +298,25 @@ | |
| 298 | |
| 299 | if( zCap ){ |
| 300 | blob_appendf(&sql, ", cap=%Q", zCap); |
| 301 | ++gotFields; |
| 302 | } |
| 303 | |
| 304 | if( zPW ){ |
| 305 | char * zPWHash = NULL; |
| 306 | ++gotFields; |
| 307 | zPWHash = sha1_shared_secret(zPW, zNameNew ? zNameNew : zName, NULL); |
| 308 | blob_appendf(&sql, ", pw=%Q", zPWHash); |
| 309 | free(zPWHash); |
| 310 | } |
| 311 | |
| 312 | if( zInfo ){ |
| 313 | blob_appendf(&sql, ", info=%Q", zInfo); |
| 314 | ++gotFields; |
| @@ -324,20 +332,48 @@ | |
| 324 | json_set_err( FSL_JSON_E_MISSING_ARGS, |
| 325 | "Required user data are missing."); |
| 326 | goto error; |
| 327 | } |
| 328 | assert(uid>0); |
| 329 | blob_appendf(&sql, " WHERE uid=%d", uid); |
| 330 | free( zNameFree ); |
| 331 | #if 0 |
| 332 | puts(blob_str(&sql)); |
| 333 | cson_output_FILE( cson_object_value(pUser), stdout, NULL ); |
| 334 | #endif |
| 335 | db_prepare(&q, "%s", blob_str(&sql)); |
| 336 | blob_reset(&sql); |
| 337 | db_exec(&q); |
| 338 | db_finalize(&q); |
| 339 | return 0; |
| 340 | |
| 341 | error: |
| 342 | assert(0 != g.json.resultCode); |
| 343 | free(zNameFree); |
| 344 |
| --- src/json_user.c | |
| +++ src/json_user.c | |
| @@ -272,11 +272,11 @@ | |
| 272 | /* |
| 273 | Potential todo: do not allow a setup user to remove 's' from |
| 274 | himself, to avoid locking himself out? |
| 275 | */ |
| 276 | |
| 277 | blob_append(&sql, "UPDATE user SET",-1 ); |
| 278 | blob_append(&sql, " mtime=cast(strftime('%s') AS INTEGER)", -1); |
| 279 | |
| 280 | if((uid>0) && zNameNew){ |
| 281 | /* Check for name change... */ |
| 282 | if( (!g.perm.Admin && !g.perm.Setup) |
| @@ -298,17 +298,25 @@ | |
| 298 | |
| 299 | if( zCap ){ |
| 300 | blob_appendf(&sql, ", cap=%Q", zCap); |
| 301 | ++gotFields; |
| 302 | } |
| 303 | #define TRY_LOGIN_GROUP 0 /* login group support is not yet implemented. */ |
| 304 | if( zPW ){ |
| 305 | #if !TRY_LOGIN_GROUP |
| 306 | char * zPWHash = NULL; |
| 307 | ++gotFields; |
| 308 | zPWHash = sha1_shared_secret(zPW, zNameNew ? zNameNew : zName, NULL); |
| 309 | blob_appendf(&sql, ", pw=%Q", zPWHash); |
| 310 | free(zPWHash); |
| 311 | #else |
| 312 | ++gotFields; |
| 313 | blob_appendf(&sql, ", pw=coalesce(shared_secret(%Q,%Q," |
| 314 | "(SELECT value FROM config WHERE name='project-code')))", |
| 315 | zPW, zNameNew ? zNameNew : zName); |
| 316 | /* shared_secret() func is undefined? */ |
| 317 | #endif |
| 318 | } |
| 319 | |
| 320 | if( zInfo ){ |
| 321 | blob_appendf(&sql, ", info=%Q", zInfo); |
| 322 | ++gotFields; |
| @@ -324,20 +332,48 @@ | |
| 332 | json_set_err( FSL_JSON_E_MISSING_ARGS, |
| 333 | "Required user data are missing."); |
| 334 | goto error; |
| 335 | } |
| 336 | assert(uid>0); |
| 337 | #if !TRY_LOGIN_GROUP |
| 338 | blob_appendf(&sql, " WHERE uid=%d", uid); |
| 339 | #else /* need name for login group support :/ */ |
| 340 | blob_appendf(&sql, " WHERE login=%Q", zName); |
| 341 | #endif |
| 342 | #if 0 |
| 343 | puts(blob_str(&sql)); |
| 344 | cson_output_FILE( cson_object_value(pUser), stdout, NULL ); |
| 345 | #endif |
| 346 | db_prepare(&q, "%s", blob_str(&sql)); |
| 347 | db_exec(&q); |
| 348 | db_finalize(&q); |
| 349 | #if TRY_LOGIN_GROUP |
| 350 | if( zPW || forceLogout ){ |
| 351 | Blob groupSql = empty_blob; |
| 352 | char * zErr = NULL; |
| 353 | blob_appendf(&groupSql, |
| 354 | "INSERT INTO user(login)" |
| 355 | " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);", |
| 356 | zName, zName |
| 357 | ); |
| 358 | blob_append(&groupSql, blob_str(&sql), blob_size(&sql)); |
| 359 | login_group_sql(blob_str(&groupSql), NULL, NULL, &zErr); |
| 360 | blob_reset(&groupSql); |
| 361 | if( zErr ){ |
| 362 | json_set_err( FSL_JSON_E_UNKNOWN, |
| 363 | "Repo-group update at least partially failed: %s", |
| 364 | zErr); |
| 365 | free(zErr); |
| 366 | goto error; |
| 367 | } |
| 368 | } |
| 369 | #endif /* TRY_LOGIN_GROUP */ |
| 370 | |
| 371 | #undef TRY_LOGIN_GROUP |
| 372 | |
| 373 | free( zNameFree ); |
| 374 | blob_reset(&sql); |
| 375 | return 0; |
| 376 | |
| 377 | error: |
| 378 | assert(0 != g.json.resultCode); |
| 379 | free(zNameFree); |
| 380 |