Fossil SCM

Enhance the functionality of the Login Group feature to allow administrators to enable Login Group self-registration.

andybradford 2016-10-14 06:15 UTC trunk
Commit d70f52788462a57c84ad8e47f85030f24700efcd
Parent 47beb495c4c15c2…
3 files changed +4 +59 -1 +1 -23
~ src/db.c ~ src/login.c ~ src/setup.c
M src/db.c
+4
--- src/db.c
+++ src/db.c
@@ -2617,10 +2617,11 @@
26172617
 { "pgp-command", 0, 40, 0, 0, "gpg --clearsign -o " },
26182618
 { "proxy", 0, 32, 0, 0, "off" },
26192619
 { "relative-paths", 0, 0, 0, 0, "on" },
26202620
 { "repo-cksum", 0, 0, 0, 0, "on" },
26212621
 { "self-register", 0, 0, 0, 0, "off" },
2622
+ { "register-group", 0, 0, 0, 0, "off" },
26222623
 { "ssh-command", 0, 40, 0, 0, "" },
26232624
 { "ssl-ca-location", 0, 40, 0, 0, "" },
26242625
 { "ssl-identity", 0, 40, 0, 0, "" },
26252626
 #ifdef FOSSIL_ENABLE_TCL
26262627
 { "tcl", 0, 0, 0, 0, "off" },
@@ -2856,10 +2857,13 @@
28562857
 **
28572858
 ** self-register Allow users to register themselves through the HTTP UI.
28582859
 ** This is useful if you want to see other names than
28592860
 ** "Anonymous" in e.g. ticketing system. On the other hand
28602861
 ** users can not be deleted. Default: off.
2862
+**
2863
+** register-group Apply the self-registration also to the login group if
2864
+** the repository is in a login group.
28612865
 **
28622866
 ** ssh-command Command used to talk to a remote machine with
28632867
 ** the "ssh://" protocol.
28642868
 **
28652869
 ** ssl-ca-location The full pathname to a file containing PEM encoded
28662870
--- src/db.c
+++ src/db.c
@@ -2617,10 +2617,11 @@
2617 { "pgp-command", 0, 40, 0, 0, "gpg --clearsign -o " },
2618 { "proxy", 0, 32, 0, 0, "off" },
2619 { "relative-paths", 0, 0, 0, 0, "on" },
2620 { "repo-cksum", 0, 0, 0, 0, "on" },
2621 { "self-register", 0, 0, 0, 0, "off" },
 
2622 { "ssh-command", 0, 40, 0, 0, "" },
2623 { "ssl-ca-location", 0, 40, 0, 0, "" },
2624 { "ssl-identity", 0, 40, 0, 0, "" },
2625 #ifdef FOSSIL_ENABLE_TCL
2626 { "tcl", 0, 0, 0, 0, "off" },
@@ -2856,10 +2857,13 @@
2856 **
2857 ** self-register Allow users to register themselves through the HTTP UI.
2858 ** This is useful if you want to see other names than
2859 ** "Anonymous" in e.g. ticketing system. On the other hand
2860 ** users can not be deleted. Default: off.
 
 
 
2861 **
2862 ** ssh-command Command used to talk to a remote machine with
2863 ** the "ssh://" protocol.
2864 **
2865 ** ssl-ca-location The full pathname to a file containing PEM encoded
2866
--- src/db.c
+++ src/db.c
@@ -2617,10 +2617,11 @@
2617 { "pgp-command", 0, 40, 0, 0, "gpg --clearsign -o " },
2618 { "proxy", 0, 32, 0, 0, "off" },
2619 { "relative-paths", 0, 0, 0, 0, "on" },
2620 { "repo-cksum", 0, 0, 0, 0, "on" },
2621 { "self-register", 0, 0, 0, 0, "off" },
2622 { "register-group", 0, 0, 0, 0, "off" },
2623 { "ssh-command", 0, 40, 0, 0, "" },
2624 { "ssl-ca-location", 0, 40, 0, 0, "" },
2625 { "ssl-identity", 0, 40, 0, 0, "" },
2626 #ifdef FOSSIL_ENABLE_TCL
2627 { "tcl", 0, 0, 0, 0, "off" },
@@ -2856,10 +2857,13 @@
2857 **
2858 ** self-register Allow users to register themselves through the HTTP UI.
2859 ** This is useful if you want to see other names than
2860 ** "Anonymous" in e.g. ticketing system. On the other hand
2861 ** users can not be deleted. Default: off.
2862 **
2863 ** register-group Apply the self-registration also to the login group if
2864 ** the repository is in a login group.
2865 **
2866 ** ssh-command Command used to talk to a remote machine with
2867 ** the "ssh://" protocol.
2868 **
2869 ** ssl-ca-location The full pathname to a file containing PEM encoded
2870
M src/login.c
+59 -1
--- src/login.c
+++ src/login.c
@@ -1392,23 +1392,40 @@
13921392
 @ <p><span class="loginError">
13931393
 @ %s(zUsername) already exists.
13941394
 @ </span></p>
13951395
 }else{
13961396
 char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
1397
+ char *zErr = 0;
13971398
 int uid;
13981399
 db_multi_exec(
13991400
 "INSERT INTO user(login,pw,cap,info,mtime)"
14001401
 "VALUES(%B,%Q,%B,%B,strftime('%%s','now'))",
14011402
 &login, zPw, &caps, &contact
14021403
 );
1404
+ admin_log( "Registered user [%q] with capabilities [%q].",
1405
+ blob_str(&login), blob_str(&caps) );
1406
+ if( login_group_name() && db_get_boolean("register-group", 0) ){
1407
+ login_group_apply(0, blob_str(&login), blob_str(&passwd),
1408
+ blob_str(&contact), blob_str(&caps), &zErr);
1409
+ admin_log( "Registered user [%q] in all login groups "
1410
+ "with capabilities [%q].",
1411
+ blob_str(&login), blob_str(&caps) );
1412
+ }
14031413
 free(zPw);
14041414
1415
+ if( zErr ){
1416
+ style_header("User Register Error");
1417
+ admin_log( "Error registering user '%q': %s'.", login, zErr );
1418
+ @ <p><span class="loginError">%s(zErr)</span></p>
1419
+ style_footer();
1420
+ fossil_free(zErr);
1421
+ return;
1422
+ }
14051423
 /* The user is registered, now just log him in. */
14061424
 uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername);
14071425
 login_set_user_cookie( zUsername, uid, NULL );
14081426
 redirect_to_g();
1409
-
14101427
 }
14111428
 }
14121429
 }
14131430
14141431
 /* Prepare the captcha. */
@@ -1696,5 +1713,46 @@
16961713
 "DELETE FROM config "
16971714
 " WHERE name GLOB 'peer-*'"
16981715
 " OR name GLOB 'login-group-*';"
16991716
 );
17001717
 }
1718
+
1719
+/*
1720
+** Apply user changes to the login group
1721
+**
1722
+** This routine will apply login information to repositories that are part
1723
+** of a login group. If there is an error, memory will be allocated and an
1724
+** error string pointed to by pzErr which can be freed with fossil_free().
1725
+**
1726
+*/
1727
+void login_group_apply(
1728
+ const char *zOldLogin, /* Old login name when changing login */
1729
+ const char *zLogin, /* Login name to create or change */
1730
+ const char *zPw, /* Password as shared secret */
1731
+ const char *zInfo, /* Contact information for login */
1732
+ const char *zCap, /* Capabilities to assign to login */
1733
+ char **pzErr /* Variable in which error will be returned */
1734
+) {
1735
+ Blob sql;
1736
+ blob_zero(&sql);
1737
+ if( zOldLogin==0 ){
1738
+ blob_appendf(&sql,
1739
+ "INSERT INTO user(login)"
1740
+ " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);",
1741
+ zLogin, zLogin
1742
+ );
1743
+ zOldLogin = zLogin;
1744
+ }
1745
+ blob_appendf(&sql,
1746
+ "UPDATE user SET login=%Q,"
1747
+ " pw=coalesce(shared_secret(%Q,%Q,"
1748
+ "(SELECT value FROM config WHERE name='project-code')),pw),"
1749
+ " info=%Q,"
1750
+ " cap=%Q,"
1751
+ " mtime=now()"
1752
+ " WHERE login=%Q;",
1753
+ zLogin, zPw, zLogin, zInfo, zCap,
1754
+ zOldLogin
1755
+ );
1756
+ login_group_sql(blob_str(&sql), "<li> ", " </li>\n", pzErr);
1757
+ blob_reset(&sql);
1758
+}
17011759
--- src/login.c
+++ src/login.c
@@ -1392,23 +1392,40 @@
1392 @ <p><span class="loginError">
1393 @ %s(zUsername) already exists.
1394 @ </span></p>
1395 }else{
1396 char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
 
1397 int uid;
1398 db_multi_exec(
1399 "INSERT INTO user(login,pw,cap,info,mtime)"
1400 "VALUES(%B,%Q,%B,%B,strftime('%%s','now'))",
1401 &login, zPw, &caps, &contact
1402 );
 
 
 
 
 
 
 
 
 
1403 free(zPw);
1404
 
 
 
 
 
 
 
 
1405 /* The user is registered, now just log him in. */
1406 uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername);
1407 login_set_user_cookie( zUsername, uid, NULL );
1408 redirect_to_g();
1409
1410 }
1411 }
1412 }
1413
1414 /* Prepare the captcha. */
@@ -1696,5 +1713,46 @@
1696 "DELETE FROM config "
1697 " WHERE name GLOB 'peer-*'"
1698 " OR name GLOB 'login-group-*';"
1699 );
1700 }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1701
--- src/login.c
+++ src/login.c
@@ -1392,23 +1392,40 @@
1392 @ <p><span class="loginError">
1393 @ %s(zUsername) already exists.
1394 @ </span></p>
1395 }else{
1396 char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
1397 char *zErr = 0;
1398 int uid;
1399 db_multi_exec(
1400 "INSERT INTO user(login,pw,cap,info,mtime)"
1401 "VALUES(%B,%Q,%B,%B,strftime('%%s','now'))",
1402 &login, zPw, &caps, &contact
1403 );
1404 admin_log( "Registered user [%q] with capabilities [%q].",
1405 blob_str(&login), blob_str(&caps) );
1406 if( login_group_name() && db_get_boolean("register-group", 0) ){
1407 login_group_apply(0, blob_str(&login), blob_str(&passwd),
1408 blob_str(&contact), blob_str(&caps), &zErr);
1409 admin_log( "Registered user [%q] in all login groups "
1410 "with capabilities [%q].",
1411 blob_str(&login), blob_str(&caps) );
1412 }
1413 free(zPw);
1414
1415 if( zErr ){
1416 style_header("User Register Error");
1417 admin_log( "Error registering user '%q': %s'.", login, zErr );
1418 @ <p><span class="loginError">%s(zErr)</span></p>
1419 style_footer();
1420 fossil_free(zErr);
1421 return;
1422 }
1423 /* The user is registered, now just log him in. */
1424 uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername);
1425 login_set_user_cookie( zUsername, uid, NULL );
1426 redirect_to_g();
 
1427 }
1428 }
1429 }
1430
1431 /* Prepare the captcha. */
@@ -1696,5 +1713,46 @@
1713 "DELETE FROM config "
1714 " WHERE name GLOB 'peer-*'"
1715 " OR name GLOB 'login-group-*';"
1716 );
1717 }
1718
1719 /*
1720 ** Apply user changes to the login group
1721 **
1722 ** This routine will apply login information to repositories that are part
1723 ** of a login group. If there is an error, memory will be allocated and an
1724 ** error string pointed to by pzErr which can be freed with fossil_free().
1725 **
1726 */
1727 void login_group_apply(
1728 const char *zOldLogin, /* Old login name when changing login */
1729 const char *zLogin, /* Login name to create or change */
1730 const char *zPw, /* Password as shared secret */
1731 const char *zInfo, /* Contact information for login */
1732 const char *zCap, /* Capabilities to assign to login */
1733 char **pzErr /* Variable in which error will be returned */
1734 ) {
1735 Blob sql;
1736 blob_zero(&sql);
1737 if( zOldLogin==0 ){
1738 blob_appendf(&sql,
1739 "INSERT INTO user(login)"
1740 " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);",
1741 zLogin, zLogin
1742 );
1743 zOldLogin = zLogin;
1744 }
1745 blob_appendf(&sql,
1746 "UPDATE user SET login=%Q,"
1747 " pw=coalesce(shared_secret(%Q,%Q,"
1748 "(SELECT value FROM config WHERE name='project-code')),pw),"
1749 " info=%Q,"
1750 " cap=%Q,"
1751 " mtime=now()"
1752 " WHERE login=%Q;",
1753 zLogin, zPw, zLogin, zInfo, zCap,
1754 zOldLogin
1755 );
1756 login_group_sql(blob_str(&sql), "<li> ", " </li>\n", pzErr);
1757 blob_reset(&sql);
1758 }
1759
M src/setup.c
+1 -23
--- src/setup.c
+++ src/setup.c
@@ -457,34 +457,12 @@
457457
 uid, zLogin, P("info"), zPw, zCap
458458
 );
459459
 admin_log( "Updated user [%q] with capabilities [%q].",
460460
 zLogin, zCap );
461461
 if( atoi(PD("all","0"))>0 ){
462
- Blob sql;
463462
 char *zErr = 0;
464
- blob_zero(&sql);
465
- if( zOldLogin==0 ){
466
- blob_appendf(&sql,
467
- "INSERT INTO user(login)"
468
- " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);",
469
- zLogin, zLogin
470
- );
471
- zOldLogin = zLogin;
472
- }
473
- blob_appendf(&sql,
474
- "UPDATE user SET login=%Q,"
475
- " pw=coalesce(shared_secret(%Q,%Q,"
476
- "(SELECT value FROM config WHERE name='project-code')),pw),"
477
- " info=%Q,"
478
- " cap=%Q,"
479
- " mtime=now()"
480
- " WHERE login=%Q;",
481
- zLogin, P("pw"), zLogin, P("info"), zCap,
482
- zOldLogin
483
- );
484
- login_group_sql(blob_str(&sql), "<li> ", " </li>\n", &zErr);
485
- blob_reset(&sql);
463
+ login_group_apply(zOldLogin, zLogin, P("pw"), P("info"), zCap, &zErr);
486464
 admin_log( "Updated user [%q] in all login groups "
487465
 "with capabilities [%q].",
488466
 zLogin, zCap );
489467
 if( zErr ){
490468
 style_header("User Change Error");
491469
--- src/setup.c
+++ src/setup.c
@@ -457,34 +457,12 @@
457 uid, zLogin, P("info"), zPw, zCap
458 );
459 admin_log( "Updated user [%q] with capabilities [%q].",
460 zLogin, zCap );
461 if( atoi(PD("all","0"))>0 ){
462 Blob sql;
463 char *zErr = 0;
464 blob_zero(&sql);
465 if( zOldLogin==0 ){
466 blob_appendf(&sql,
467 "INSERT INTO user(login)"
468 " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);",
469 zLogin, zLogin
470 );
471 zOldLogin = zLogin;
472 }
473 blob_appendf(&sql,
474 "UPDATE user SET login=%Q,"
475 " pw=coalesce(shared_secret(%Q,%Q,"
476 "(SELECT value FROM config WHERE name='project-code')),pw),"
477 " info=%Q,"
478 " cap=%Q,"
479 " mtime=now()"
480 " WHERE login=%Q;",
481 zLogin, P("pw"), zLogin, P("info"), zCap,
482 zOldLogin
483 );
484 login_group_sql(blob_str(&sql), "<li> ", " </li>\n", &zErr);
485 blob_reset(&sql);
486 admin_log( "Updated user [%q] in all login groups "
487 "with capabilities [%q].",
488 zLogin, zCap );
489 if( zErr ){
490 style_header("User Change Error");
491
--- src/setup.c
+++ src/setup.c
@@ -457,34 +457,12 @@
457 uid, zLogin, P("info"), zPw, zCap
458 );
459 admin_log( "Updated user [%q] with capabilities [%q].",
460 zLogin, zCap );
461 if( atoi(PD("all","0"))>0 ){
 
462 char *zErr = 0;
463 login_group_apply(zOldLogin, zLogin, P("pw"), P("info"), zCap, &zErr);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
464 admin_log( "Updated user [%q] in all login groups "
465 "with capabilities [%q].",
466 zLogin, zCap );
467 if( zErr ){
468 style_header("User Change Error");
469

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button