smeserver/smeserver-manager
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reformat Controller perl code using perltidy

Browse Source
This commit is contained in:
Brian Read
2025-01-14 12:49:31 +00:00
parent 7ff51625c0
commit c1915a722b
38 changed files with 5870 additions and 7437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

353
root/usr/share/smanager/lib/SrvMngr/Controller/Login.pm
View File

@@ -8,266 +8,215 @@ package SrvMngr::Controller::Login;
#
# routes : end
#----------------------------------------------------------------------
# for information
# $r->get('/login')->to('login#main')->name('login');
# $r->post('/login')->to('login#login')->name('signin');
# $r->get('/login2')->to('login#pwdrescue')->name('pwdresc');
# $r->get('/loginc')->to('login#confpwd')->name('resetpwdconf');
# for information
use strict;
use warnings;
use Mojo::Base 'Mojolicious::Controller';
use Locale::gettext;
use esmith::AccountsDB;
use SrvMngr::I18N;
use SrvMngr::Model::Main;
use SrvMngr qw( theme_list init_session );
my $MAX_LOGIN_ATTEMPTS = 3;
my $DURATION_BLOCKED = 30 * 60; # access blocked for 30 min
my $MAX_LOGIN_ATTEMPTS = 3;
my $DURATION_BLOCKED = 30 * 60; # access blocked for 30 min
my $TIMEOUT_FAILED_LOGIN = 1;
my $RESET_DURATION = 2 * 60 * 60; # 2 hours for resetting
my $RESET_DURATION = 2 * 60 * 60; # 2 hours for resetting
our $adb = esmith::AccountsDB->open() or die "Couldn't open DB Accounts\n";
my $allowed_user_re = qr/^\w{5,10}$/;
my %Login_Attempts;
sub main {
my $c = shift;
$c->stash( trt => 'NORM' );
$c->render('login');
}
my $c = shift;
$c->stash(trt => 'NORM');
$c->render('login');
} ## end sub main
sub login {
my $c = shift;
my $trt = $c->param('Trt');
my $c = shift;
my $trt = $c->param('Trt');
# password reset request
if ( $trt eq 'RESET' ) {
my $res = $c->mail_rescue();
if ( $res ne 'OK' ) {
$c->stash( error => $res, trt => $trt );
return $c->render('login');
}
$c->flash( success => $c->l('use_RESET_REGISTERED') );
record_login_attempt($c, 'RESET');
return $c->redirect_to( $c->home_page );
}
if ($trt eq 'RESET') {
my $res = $c->mail_rescue();
if ($res ne 'OK') {
$c->stash(error => $res, trt => $trt);
return $c->render('login');
}
$c->flash(success => $c->l('use_RESET_REGISTERED'));
record_login_attempt($c, 'RESET');
return $c->redirect_to($c->home_page);
} ## end if ($trt eq 'RESET')
# normal loggin
my $name = $c->param('Username');
my $pass = $c->param('Password');
my $from = $c->param('From');
my $name = $c->param('Username');
my $pass = $c->param('Password');
my $from = $c->param('From');
if ( is_denied($c) ) {
$c->stash( error => $c->l('use_TOO_MANY_LOGIN'), trt => 'NORM' );
return $c->render('login');
}
# untaint
unless ( ($name =~ /^([a-z][\-\_\.a-z0-9]*)$/) && ($pass =~ /^([ -~]+)$/) ) {
record_login_attempt($c, 'FAILED');
$c->stash( error => $c->l('use_INVALID_DATA'), trt => 'NORM' );
return $c->render('login');
}
my $alias = SrvMngr::Model::Main->check_adminalias( $c );
if ( $alias ) {
if ( $name eq $alias ) {
$name = 'admin';
} elsif ( $name eq 'admin' ) {
record_login_attempt($c, 'FAILED');
$c->stash( error => $c->l('use_SORRY'), trt => 'NORM' );
return $c->render('login');
if (is_denied($c)) {
$c->stash(error => $c->l('use_TOO_MANY_LOGIN'), trt => 'NORM');
return $c->render('login');
}
}
if (SrvMngr::Model::Main->check_credentials($name, $pass)) {
$c->session(logged_in => 1); # set the logged_in flag
$c->session(username => $name); # keep a copy of the username
# if ( $name eq 'admin' || $adb->is_user_in_group($name, 'AdmiN') ) # for futur use
if ( $name eq 'admin' ) {
$c->session(is_admin => 1);
# untaint
unless (($name =~ /^([a-z][\-\_\.a-z0-9]*)$/) && ($pass =~ /^([ -~]+)$/)) {
record_login_attempt($c, 'FAILED');
$c->stash(error => $c->l('use_INVALID_DATA'), trt => 'NORM');
return $c->render('login');
}
my $alias = SrvMngr::Model::Main->check_adminalias($c);
if ($alias) {
if ($name eq $alias) {
$name = 'admin';
} elsif ($name eq 'admin') {
record_login_attempt($c, 'FAILED');
$c->stash(error => $c->l('use_SORRY'), trt => 'NORM');
return $c->render('login');
}
} ## end if ($alias)
if (SrvMngr::Model::Main->check_credentials($name, $pass)) {
$c->session(logged_in => 1); # set the logged_in flag
$c->session(username => $name); # keep a copy of the username
# if ( $name eq 'admin' || $adb->is_user_in_group($name, 'AdmiN') ) # for futur use
if ($name eq 'admin') {
$c->session(is_admin => 1);
} else {
$c->session(is_admin => 0);
}
$c->session(expiration => 600); # expire this session in 10 minutes
$c->flash(success => $c->l('use_WELCOME'));
record_login_attempt($c, 'SUCCESS');
} else {
$c->session(is_admin => 0);
}
$c->session(expiration => 600); # expire this session in 10 minutes
$c->flash( success => $c->l('use_WELCOME') );
record_login_attempt($c, 'SUCCESS');
} else {
record_login_attempt($c, 'FAILED');
sleep $TIMEOUT_FAILED_LOGIN;
$c->stash( error => $c->l('use_SORRY'), trt => 'NORM' );
return $c->render('login');
}
$from = $c->home_page if ( $from eq 'login' );
$c->redirect_to( $from );
}
record_login_attempt($c, 'FAILED');
sleep $TIMEOUT_FAILED_LOGIN;
$c->stash(error => $c->l('use_SORRY'), trt => 'NORM');
return $c->render('login');
} ## end else [ if (SrvMngr::Model::Main...)]
$from = $c->home_page if ($from eq 'login');
$c->redirect_to($from);
} ## end sub login
sub pwdrescue {
my $c = shift;
$c->stash( trt => 'RESET' );
$c->render('login');
}
my $c = shift;
$c->stash(trt => 'RESET');
$c->render('login');
} ## end sub pwdrescue
sub mail_rescue {
my $c = shift;
my $name = $c->param('Username');
my $from = $c->param('From');
my $res;
$res .= $c->l('use_TOO_MANY_LOGIN') if (is_denied($c));
my $c = shift;
my $name = $c->param('Username');
my $from = $c->param('From');
my $res;
$res .= $c->l('use_TOO_MANY_LOGIN') if ( is_denied($c) );
# untaint
if ( ! $res && $name !~ /^([a-z][\-\_\.a-z0-9]*)$/ ) {
record_login_attempt($c, 'FAILED');
$res .= $c->l('use_ERR_NAME');
}
if ( ! $res && $name eq 'admin' ) {
$res .= $c->l('use_NOT_THAT_OPER');
}
# user exists ?
if ( ! $res ) {
my $acct = $adb->get($name);
if ( ! $acct || $acct->prop('type') ne "user" || $acct->prop('PasswordSet') ne 'yes' ) {
$res .= $c->l('use_NOT_THAT_OPER');
}
# untaint
if (!$res && $name !~ /^([a-z][\-\_\.a-z0-9]*)$/) {
record_login_attempt($c, 'FAILED');
$res .= $c->l('use_ERR_NAME');
}
if (!$res && $name eq 'admin') {
$res .= $c->l('use_NOT_THAT_OPER');
}
# user exists ?
if (!$res) {
my $acct = $adb->get($name);
if (!$acct || $acct->prop('type') ne "user" || $acct->prop('PasswordSet') ne 'yes') {
$res .= $c->l('use_NOT_THAT_OPER');
}
} ## end if (!$res)
return $res if $res;
# send email
my $email = $name .'@'. $c->session->{DomainName};
# send email
my $email = $name . '@' . $c->session->{DomainName};
my $until = time() + $RESET_DURATION;
$c->pwdrst->{$name} = {
email => $email,
date => $until,
confirmed => 0,
};
my $jwt = $c->jwt->claims({ username => $name })->encode;
my $url = $c->url_for('loginc')->to_abs->query(jwt => $jwt);
$c->pwdrst->{$name} = {
email => $email,
date => $until,
confirmed => 0,
};
my $jwt = $c->jwt->claims({username => $name})->encode;
my $url = $c->url_for('loginc')->to_abs->query(jwt => $jwt);
# $c->email( $email, $c->l('use_CONFIRM_RESET'), $c->render_to_string(inline => $c->l('use_GO_TO_URL', $url) ) );
# directly (without minion)
$c->send_email( $email, $c->l('use_CONFIRM_RESET'), $c->render_to_string(inline => $c->l('use_GO_TO_URL', $url) ) );
return 'OK';
}
# $c->email( $email, $c->l('use_CONFIRM_RESET'), $c->render_to_string(inline => $c->l('use_GO_TO_URL', $url) ) );
# directly (without minion)
$c->send_email($email, $c->l('use_CONFIRM_RESET'), $c->render_to_string(inline => $c->l('use_GO_TO_URL', $url)));
return 'OK';
} ## end sub mail_rescue
sub logout {
my $c = shift;
$c->app->log->info($c->log_req);
$c->session( expires => 1 );
$c->flash( success => $c->l('use_BYE') );
$c->flash( error => 'Byegood' );
$c->redirect_to( $c->home_page );
}
my $c = shift;
$c->app->log->info($c->log_req);
$c->session(expires => 1);
$c->flash(success => $c->l('use_BYE'));
$c->flash(error => 'Byegood');
$c->redirect_to($c->home_page);
} ## end sub logout
sub confpwd {
my $c = shift;
my $jwt = $c->param('jwt');
my $name = $c->jwt->decode($jwt)->{username};
my $c = shift;
my $jwt = $c->param('jwt');
my $name = $c->jwt->decode($jwt)->{username};
# request already treated or outdated
if ( $c->pwdrst->{$name}{confirmed} != 0 or $c->pwdrst->{$name}{date} < time() ) {
$c->flash( error => $c->l('use_INVALID_REQUEST'));
return $c->redirect_to( $c->home_page );
}
if ($c->pwdrst->{$name}{confirmed} != 0 or $c->pwdrst->{$name}{date} < time()) {
$c->flash(error => $c->l('use_INVALID_REQUEST'));
return $c->redirect_to($c->home_page);
}
# reset password for this account
$c->pwdrst->{$name}{confirmed} = 1;
$c->flash( success => $c->l('use_OK_FOR_RESET') );
$c->pwdrst->{$name}{confirmed} = 1;
$c->flash(success => $c->l('use_OK_FOR_RESET'));
# call userpassword with encoded name
my $url = $c->url_for('userpasswordr')->to_abs->query(jwt => $jwt);
my $url = $c->url_for('userpasswordr')->to_abs->query(jwt => $jwt);
# warn "confpwd: " . $url . "\n";
return $c->redirect_to( $url );
}
return $c->redirect_to($url);
} ## end sub confpwd
sub record_login_attempt {
my ($c, $result) = @_;
my $user = $c->param('Username');
my $ip_address = $c->tx->remote_address;
my ($c, $result) = @_;
my $user = $c->param('Username');
my $ip_address = $c->tx->remote_address;
if ($result eq 'RESET') {
$c->app->log->info(join "\t", "Password reset requested for : $user at ", $ip_address);
} elsif ($result eq 'SUCCESS') {
$c->app->log->info(join "\t", "Login succeeded: $user", $ip_address);
$Login_Attempts{$ip_address}->{tries} = 0; # reset the number of login attempts
} else {
$c->app->log->info(join "\t", "Login FAILED: $user", $ip_address);
$Login_Attempts{$ip_address}->{tries}++;
if ( $Login_Attempts{$ip_address}->{tries} > $MAX_LOGIN_ATTEMPTS ) {
$Login_Attempts{$ip_address}->{denied_until} = time() + $DURATION_BLOCKED;
}
}
}
if ($result eq 'RESET') {
$c->app->log->info(join "\t", "Password reset requested for : $user at ", $ip_address);
} elsif ($result eq 'SUCCESS') {
$c->app->log->info(join "\t", "Login succeeded: $user", $ip_address);
$Login_Attempts{$ip_address}->{tries} = 0; # reset the number of login attempts
} else {
$c->app->log->info(join "\t", "Login FAILED: $user", $ip_address);
$Login_Attempts{$ip_address}->{tries}++;
if ($Login_Attempts{$ip_address}->{tries} > $MAX_LOGIN_ATTEMPTS) {
$Login_Attempts{$ip_address}->{denied_until} = time() + $DURATION_BLOCKED;
}
} ## end else [ if ($result eq 'RESET')]
} ## end sub record_login_attempt
sub is_denied {
my ($c) = @_;
my $ip_address = $c->tx->remote_address;
return unless exists $Login_Attempts{$ip_address}
my ($c) = @_;
my $ip_address = $c->tx->remote_address;
return
unless exists $Login_Attempts{$ip_address}
&& exists $Login_Attempts{$ip_address}->{denied_until};
return 'Denied'
if $Login_Attempts{$ip_address}->{denied_until} > time();
return 'Denied'
if $Login_Attempts{$ip_address}->{denied_until} > time();
# TIMEOUT has expired, reset attempts
delete $Login_Attempts{$ip_address}->{denied_until};
$Login_Attempts{$ip_address}->{tries} = 0;
return;
}
# TIMEOUT has expired, reset attempts
delete $Login_Attempts{$ip_address}->{denied_until};
$Login_Attempts{$ip_address}->{tries} = 0;
return;
} ## end sub is_denied
1;