Fossil SCM
Add the 'verifyLogin' command to TH1.
Commit
a470d60355cd71cc070cd943091fc6a1c8ed03a4fadba71294d43ea8b284ac43
Parent
3ed3fa3dda9c6d6…
3 files changed
+28
+2
-1
+9
+28
| --- src/th_main.c | ||
| +++ src/th_main.c | ||
| @@ -529,10 +529,37 @@ | ||
| 529 | 529 | return Th_WrongNumArgs(interp, "verifyCsrf"); |
| 530 | 530 | } |
| 531 | 531 | login_verify_csrf_secret(); |
| 532 | 532 | return TH_OK; |
| 533 | 533 | } |
| 534 | + | |
| 535 | +/* | |
| 536 | +** TH1 command: verifyLogin | |
| 537 | +** | |
| 538 | +** Returns non-zero if the specified user name and password represent a | |
| 539 | +** valid login for the repository. | |
| 540 | +*/ | |
| 541 | +static int verifyLoginCmd( | |
| 542 | + Th_Interp *interp, | |
| 543 | + void *p, | |
| 544 | + int argc, | |
| 545 | + const char **argv, | |
| 546 | + int *argl | |
| 547 | +){ | |
| 548 | + const char *zUser; | |
| 549 | + const char *zPass; | |
| 550 | + int uid; | |
| 551 | + if( argc!=3 ){ | |
| 552 | + return Th_WrongNumArgs(interp, "verifyLogin userName password"); | |
| 553 | + } | |
| 554 | + zUser = argv[1]; | |
| 555 | + zPass = argv[2]; | |
| 556 | + uid = login_search_uid(&zUser, zPass); | |
| 557 | + Th_SetResultInt(interp, uid!=0); | |
| 558 | + if( uid==0 ) sqlite3_sleep(100); | |
| 559 | + return TH_OK; | |
| 560 | +} | |
| 534 | 561 | |
| 535 | 562 | /* |
| 536 | 563 | ** TH1 command: markdown STRING |
| 537 | 564 | ** |
| 538 | 565 | ** Renders the input string as markdown. The result is a two-element list. |
| @@ -2111,10 +2138,11 @@ | ||
| 2111 | 2138 | {"trace", traceCmd, 0}, |
| 2112 | 2139 | {"stime", stimeCmd, 0}, |
| 2113 | 2140 | {"unversioned", unversionedCmd, 0}, |
| 2114 | 2141 | {"utime", utimeCmd, 0}, |
| 2115 | 2142 | {"verifyCsrf", verifyCsrfCmd, 0}, |
| 2143 | + {"verifyLogin", verifyLoginCmd, 0}, | |
| 2116 | 2144 | {"wiki", wikiCmd, (void*)&aFlags[0]}, |
| 2117 | 2145 | {0, 0, 0} |
| 2118 | 2146 | }; |
| 2119 | 2147 | if( g.thTrace ){ |
| 2120 | 2148 | Th_Trace("th1-init 0x%x => 0x%x<br />\n", g.th1Flags, flags); |
| 2121 | 2149 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -529,10 +529,37 @@ | |
| 529 | return Th_WrongNumArgs(interp, "verifyCsrf"); |
| 530 | } |
| 531 | login_verify_csrf_secret(); |
| 532 | return TH_OK; |
| 533 | } |
| 534 | |
| 535 | /* |
| 536 | ** TH1 command: markdown STRING |
| 537 | ** |
| 538 | ** Renders the input string as markdown. The result is a two-element list. |
| @@ -2111,10 +2138,11 @@ | |
| 2111 | {"trace", traceCmd, 0}, |
| 2112 | {"stime", stimeCmd, 0}, |
| 2113 | {"unversioned", unversionedCmd, 0}, |
| 2114 | {"utime", utimeCmd, 0}, |
| 2115 | {"verifyCsrf", verifyCsrfCmd, 0}, |
| 2116 | {"wiki", wikiCmd, (void*)&aFlags[0]}, |
| 2117 | {0, 0, 0} |
| 2118 | }; |
| 2119 | if( g.thTrace ){ |
| 2120 | Th_Trace("th1-init 0x%x => 0x%x<br />\n", g.th1Flags, flags); |
| 2121 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -529,10 +529,37 @@ | |
| 529 | return Th_WrongNumArgs(interp, "verifyCsrf"); |
| 530 | } |
| 531 | login_verify_csrf_secret(); |
| 532 | return TH_OK; |
| 533 | } |
| 534 | |
| 535 | /* |
| 536 | ** TH1 command: verifyLogin |
| 537 | ** |
| 538 | ** Returns non-zero if the specified user name and password represent a |
| 539 | ** valid login for the repository. |
| 540 | */ |
| 541 | static int verifyLoginCmd( |
| 542 | Th_Interp *interp, |
| 543 | void *p, |
| 544 | int argc, |
| 545 | const char **argv, |
| 546 | int *argl |
| 547 | ){ |
| 548 | const char *zUser; |
| 549 | const char *zPass; |
| 550 | int uid; |
| 551 | if( argc!=3 ){ |
| 552 | return Th_WrongNumArgs(interp, "verifyLogin userName password"); |
| 553 | } |
| 554 | zUser = argv[1]; |
| 555 | zPass = argv[2]; |
| 556 | uid = login_search_uid(&zUser, zPass); |
| 557 | Th_SetResultInt(interp, uid!=0); |
| 558 | if( uid==0 ) sqlite3_sleep(100); |
| 559 | return TH_OK; |
| 560 | } |
| 561 | |
| 562 | /* |
| 563 | ** TH1 command: markdown STRING |
| 564 | ** |
| 565 | ** Renders the input string as markdown. The result is a two-element list. |
| @@ -2111,10 +2138,11 @@ | |
| 2138 | {"trace", traceCmd, 0}, |
| 2139 | {"stime", stimeCmd, 0}, |
| 2140 | {"unversioned", unversionedCmd, 0}, |
| 2141 | {"utime", utimeCmd, 0}, |
| 2142 | {"verifyCsrf", verifyCsrfCmd, 0}, |
| 2143 | {"verifyLogin", verifyLoginCmd, 0}, |
| 2144 | {"wiki", wikiCmd, (void*)&aFlags[0]}, |
| 2145 | {0, 0, 0} |
| 2146 | }; |
| 2147 | if( g.thTrace ){ |
| 2148 | Th_Trace("th1-init 0x%x => 0x%x<br />\n", g.th1Flags, flags); |
| 2149 |
+2
-1
| --- test/th1.test | ||
| +++ test/th1.test | ||
| @@ -1041,11 +1041,12 @@ | ||
| 1041 | 1041 | encode64 error expr for getParameter glob_match globalState hascap \ |
| 1042 | 1042 | hasfeature html htmlize http httpize if info insertCsrf lindex linecount \ |
| 1043 | 1043 | list llength lsearch markdown nonce proc puts query randhex redirect\ |
| 1044 | 1044 | regexp reinitialize rename render repository return searchable set\ |
| 1045 | 1045 | setParameter setting stime string styleFooter styleHeader styleScript\ |
| 1046 | - tclReady trace unset unversioned uplevel upvar utime verifyCsrf wiki} | |
| 1046 | + tclReady trace unset unversioned uplevel upvar utime verifyCsrf\ | |
| 1047 | + verifyLogin wiki} | |
| 1047 | 1048 | set tcl_commands {tclEval tclExpr tclInvoke tclIsSafe tclMakeSafe} |
| 1048 | 1049 | if {$th1Tcl} { |
| 1049 | 1050 | test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands $tcl_commands"]} |
| 1050 | 1051 | } else { |
| 1051 | 1052 | test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands"]} |
| 1052 | 1053 |
| --- test/th1.test | |
| +++ test/th1.test | |
| @@ -1041,11 +1041,12 @@ | |
| 1041 | encode64 error expr for getParameter glob_match globalState hascap \ |
| 1042 | hasfeature html htmlize http httpize if info insertCsrf lindex linecount \ |
| 1043 | list llength lsearch markdown nonce proc puts query randhex redirect\ |
| 1044 | regexp reinitialize rename render repository return searchable set\ |
| 1045 | setParameter setting stime string styleFooter styleHeader styleScript\ |
| 1046 | tclReady trace unset unversioned uplevel upvar utime verifyCsrf wiki} |
| 1047 | set tcl_commands {tclEval tclExpr tclInvoke tclIsSafe tclMakeSafe} |
| 1048 | if {$th1Tcl} { |
| 1049 | test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands $tcl_commands"]} |
| 1050 | } else { |
| 1051 | test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands"]} |
| 1052 |
| --- test/th1.test | |
| +++ test/th1.test | |
| @@ -1041,11 +1041,12 @@ | |
| 1041 | encode64 error expr for getParameter glob_match globalState hascap \ |
| 1042 | hasfeature html htmlize http httpize if info insertCsrf lindex linecount \ |
| 1043 | list llength lsearch markdown nonce proc puts query randhex redirect\ |
| 1044 | regexp reinitialize rename render repository return searchable set\ |
| 1045 | setParameter setting stime string styleFooter styleHeader styleScript\ |
| 1046 | tclReady trace unset unversioned uplevel upvar utime verifyCsrf\ |
| 1047 | verifyLogin wiki} |
| 1048 | set tcl_commands {tclEval tclExpr tclInvoke tclIsSafe tclMakeSafe} |
| 1049 | if {$th1Tcl} { |
| 1050 | test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands $tcl_commands"]} |
| 1051 | } else { |
| 1052 | test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands"]} |
| 1053 |
+9
| --- www/th1.md | ||
| +++ www/th1.md | ||
| @@ -215,10 +215,11 @@ | ||
| 215 | 215 | * trace |
| 216 | 216 | * unversioned content |
| 217 | 217 | * unversioned list |
| 218 | 218 | * utime |
| 219 | 219 | * verifyCsrf |
| 220 | + * verifyLogin | |
| 220 | 221 | * wiki |
| 221 | 222 | |
| 222 | 223 | Each of the commands above is documented by a block comment above their |
| 223 | 224 | implementation in the th\_main.c or th\_tcl.c source files. |
| 224 | 225 | |
| @@ -733,10 +734,18 @@ | ||
| 733 | 734 | Before using the results of a form, first call this command to verify |
| 734 | 735 | that this Anti-CSRF token is present and is valid. If the Anti-CSRF token |
| 735 | 736 | is missing or is incorrect, that indicates a cross-site scripting attack. |
| 736 | 737 | If the event of an attack is detected, an error message is generated and |
| 737 | 738 | all further processing is aborted. |
| 739 | + | |
| 740 | +<a name="verifyLogin"></a>TH1 verifyLogin Command | |
| 741 | +------------------------------------------------- | |
| 742 | + | |
| 743 | + * verifyLogin | |
| 744 | + | |
| 745 | +Returns non-zero if the specified user name and password represent a | |
| 746 | +valid login for the repository. | |
| 738 | 747 | |
| 739 | 748 | <a name="wiki"></a>TH1 wiki Command |
| 740 | 749 | ----------------------------------- |
| 741 | 750 | |
| 742 | 751 | * wiki STRING |
| 743 | 752 |
| --- www/th1.md | |
| +++ www/th1.md | |
| @@ -215,10 +215,11 @@ | |
| 215 | * trace |
| 216 | * unversioned content |
| 217 | * unversioned list |
| 218 | * utime |
| 219 | * verifyCsrf |
| 220 | * wiki |
| 221 | |
| 222 | Each of the commands above is documented by a block comment above their |
| 223 | implementation in the th\_main.c or th\_tcl.c source files. |
| 224 | |
| @@ -733,10 +734,18 @@ | |
| 733 | Before using the results of a form, first call this command to verify |
| 734 | that this Anti-CSRF token is present and is valid. If the Anti-CSRF token |
| 735 | is missing or is incorrect, that indicates a cross-site scripting attack. |
| 736 | If the event of an attack is detected, an error message is generated and |
| 737 | all further processing is aborted. |
| 738 | |
| 739 | <a name="wiki"></a>TH1 wiki Command |
| 740 | ----------------------------------- |
| 741 | |
| 742 | * wiki STRING |
| 743 |
| --- www/th1.md | |
| +++ www/th1.md | |
| @@ -215,10 +215,11 @@ | |
| 215 | * trace |
| 216 | * unversioned content |
| 217 | * unversioned list |
| 218 | * utime |
| 219 | * verifyCsrf |
| 220 | * verifyLogin |
| 221 | * wiki |
| 222 | |
| 223 | Each of the commands above is documented by a block comment above their |
| 224 | implementation in the th\_main.c or th\_tcl.c source files. |
| 225 | |
| @@ -733,10 +734,18 @@ | |
| 734 | Before using the results of a form, first call this command to verify |
| 735 | that this Anti-CSRF token is present and is valid. If the Anti-CSRF token |
| 736 | is missing or is incorrect, that indicates a cross-site scripting attack. |
| 737 | If the event of an attack is detected, an error message is generated and |
| 738 | all further processing is aborted. |
| 739 | |
| 740 | <a name="verifyLogin"></a>TH1 verifyLogin Command |
| 741 | ------------------------------------------------- |
| 742 | |
| 743 | * verifyLogin |
| 744 | |
| 745 | Returns non-zero if the specified user name and password represent a |
| 746 | valid login for the repository. |
| 747 | |
| 748 | <a name="wiki"></a>TH1 wiki Command |
| 749 | ----------------------------------- |
| 750 | |
| 751 | * wiki STRING |
| 752 |