Commit e916ccc6 authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Remove legacy login admin

For now, it is no longer possible to log in as an admin...
parent 2433d9ce
......@@ -39,7 +39,6 @@
<enable-password db="demo/data/password_db.csv"/>
<source file="../belenios.tar.gz"/>
<main-election uuid="6d122f00-2650-4de8-87de-30037a21f943"/>
<admin hash="97b878ee6f0b3fdec58875e7825e720a0cc0f973d73e415458b5544938d09fe6"/><!-- Ooj8jubi -->
<log file="_RUNDIR_/log/security.log"/>
<data dir="demo/data"/>
</eliom>
......
......@@ -41,12 +41,6 @@ let user = Eliom_reference.eref
~scope:Eliom_common.default_session_scope
None
let create_string_login ~fallback ~post_params =
Eliom_service.post_coservice
~csrf_safe:true
~csrf_scope:Eliom_common.default_session_scope
~fallback ~post_params ()
(* TODO: make the authentication system more flexible *)
module Make (X : EMPTY) = struct
......@@ -77,7 +71,7 @@ let get_default_auth_system () =
| [] -> fail_http 404
| (name, _) :: _ -> Lwt.return name
module Register (C : AUTH_CONFIG) (S : ALL_SERVICES) (T : TEMPLATES) = struct
module Register (S : ALL_SERVICES) = struct
let () = Eliom_registration.Redirection.register ~service:S.login
(fun service () ->
......@@ -106,40 +100,4 @@ module Register (C : AUTH_CONFIG) (S : ALL_SERVICES) (T : TEMPLATES) = struct
| _ -> S.get ()
)
module DefaultLogout : CONT_SERVICE = struct
let cont = S.get
end
let login_admin = Eliom_service.service
~path:["login-admin"]
~get_params:Eliom_parameter.unit
()
let () = Eliom_registration.Html5.register
~service:login_admin
(fun () () ->
let service = create_string_login
~fallback:login_admin
~post_params:Eliom_parameter.(string "password")
in
let () = Eliom_registration.Redirection.register
~service
~scope:Eliom_common.default_session_scope
(fun () user_name ->
if sha256_hex user_name = C.admin_hash then (
let user_type = "password" in
let user_logout = (module DefaultLogout : CONT_SERVICE) in
let user_user = {user_type; user_name} in
let user_admin = true in
Eliom_reference.set user (Some {user_admin; user_user; user_logout}) >>
security_log (fun () ->
"admin successfully logged in"
) >>
S.get ()
) else forbidden ()
)
in
T.string_login ~service ~kind:`Admin
)
end
......@@ -39,4 +39,4 @@ val get_auth_systems : unit -> string list
val register_auth_system : string -> (module AUTH_SYSTEM) -> unit
module Make (X : EMPTY) : AUTH_SERVICES
module Register (C : AUTH_CONFIG) (S : ALL_SERVICES) (T : TEMPLATES) : EMPTY
module Register (S : ALL_SERVICES) : EMPTY
......@@ -53,7 +53,6 @@ let enable_dummy = ref false
let password_db_fname = ref None
let enable_cas = ref false
let cas_server = ref "https://cas.example.org"
let admin_hash = ref ""
let main_election = ref None
let rewrite_src = ref None
let rewrite_dst = ref None
......@@ -106,12 +105,6 @@ let () =
~attributes:[
attribute ~name:"server" ~obligatory:true (fun s -> cas_server := s);
] ();
element
~name:"admin"
~obligatory:true
~attributes:[
attribute ~name:"hash" ~obligatory:true (fun s -> admin_hash := s);
] ();
element
~name:"main-election"
~obligatory:false
......@@ -356,11 +349,10 @@ module C = struct
let cas_server = !cas_server
let password_db = password_db
let enable_dummy = !enable_dummy
let admin_hash = !admin_hash
let rewrite_prefix = rewrite_prefix
end
module A = Auth_common.Register (C) (S) (T)
module A = Auth_common.Register (S)
let () =
if C.enable_dummy then let module X = Auth_dummy.Register (S) (T) in ()
......@@ -391,7 +383,6 @@ let () =
let can_read x u = x.Web_election.can_read
let can_vote x u = x.Web_election.can_vote
let can_admin x u = u.Auth_common.user_admin
let () = Eliom_registration.File.register
~service:S.source_code
......
......@@ -122,7 +122,6 @@ module type AUTH_CONFIG = sig
val cas_server : string
val enable_cas : bool
val enable_dummy : bool
val admin_hash : string
val rewrite_prefix : string -> string
open Util
val password_db : (SMap.key * SMap.key) SMap.t option
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment