Commit 581eaa9b authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Add admin user type

parent 0577106a
......@@ -23,6 +23,7 @@ let secure_logfile = ref None
let data_dir = ref None
let source_file = ref None
let enable_dummy = ref false
let admin_hash = ref ""
let () =
let open Ocsigen_extensions.Configuration in
......@@ -50,6 +51,12 @@ let () =
~obligatory:false
~init:(fun () -> enable_dummy := true)
();
element
~name:"admin"
~obligatory:true
~attributes:[
attribute ~name:"hash" ~obligatory:true (fun s -> admin_hash := s);
] ();
];;
lwt () =
......@@ -203,7 +210,7 @@ let () = Eliom_registration.Html5.register
~service:Services.login_dummy
(fun () () ->
if !enable_dummy then (
let service = Services.create_dummy_login () in
let service = Services.create_string_login ~fallback:Services.login_dummy in
let () = Eliom_registration.Redirection.register
~service
~scope:Eliom_common.default_session_scope
......@@ -220,6 +227,28 @@ let () = Eliom_registration.Html5.register
) else fail_http 404
)
let () = Eliom_registration.Html5.register
~service:Services.login_admin
(fun () () ->
let service = Services.create_string_login ~fallback:Services.login_admin in
let () = Eliom_registration.Redirection.register
~service
~scope:Eliom_common.default_session_scope
(fun () user_name ->
if sha256_hex user_name = !admin_hash then (
let open Web_common in
let user_type = Admin in
Eliom_reference.set Services.user (Some {user_name="admin"; user_type}) >>
Web_common.security_log (fun () ->
"admin successfully logged in"
) >>
Services.get ()
) else forbidden ()
)
in
Templates.dummy_login ~service
)
let next_lf str i =
try Some (String.index_from str i '\n')
with Not_found -> None
......
......@@ -18,6 +18,11 @@ let login_dummy = service
~get_params:unit
()
let login_admin = service
~path:["login-admin"]
~get_params:unit
()
let cas_server = "https://cas.inria.fr"
let cas_login = external_service
......@@ -48,11 +53,11 @@ let logout = service
~get_params:unit
()
let create_dummy_login () =
let create_string_login ~fallback =
Eliom_service.post_coservice
~csrf_safe:true
~csrf_scope:Eliom_common.default_session_scope
~fallback:login_dummy
~fallback
~post_params:Eliom_parameter.(string "username")
()
......
......@@ -3,7 +3,7 @@ open Util
open Serializable_builtin_t
open Serializable_t
type user_type = Dummy | CAS
type user_type = Dummy | CAS | Admin
type user = {
user_name : string;
......@@ -14,10 +14,10 @@ let string_of_user {user_name; user_type} =
match user_type with
| Dummy -> Printf.sprintf "dummy:%s" user_name
| CAS -> user_name
| Admin -> Printf.sprintf "admin:%s" user_name
(* FIXME: use a dedicated user_type *)
let is_admin = function
| Some { user_name = "admin"; user_type = Dummy } -> true
| Some { user_name = _; user_type = Admin } -> true
| _ -> false
type acl =
......
open Serializable_builtin_t
open Serializable_t
type user_type = Dummy | CAS
type user_type = Dummy | CAS | Admin
type user = {
user_name : string;
......
......@@ -31,6 +31,7 @@
</site>
<eliom module="_build/src/web/server.cma">
<enable-dummy/>
<admin hash="97b878ee6f0b3fdec58875e7825e720a0cc0f973d73e415458b5544938d09fe6"/><!-- Ooj8jubi -->
<log file="_RUNDIR_/log/security.log"/>
<data dir="tests/data"/>
</eliom>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment