X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=94abedfbeead97d3fbc9817c78fdc106cd4706f0;hb=582470a6adda00d5fd5ec218ea28ad44c66ce508;hp=eec2a691271e2e06cd8bb8ccf380a5b814ff5bd0;hpb=1e32899153e9e52aaec1e651e0c33a563b8aaed8;p=citadel.git

diff --git a/webcit/auth.c b/webcit/auth.c
index eec2a6912..94abedfbe 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -1,54 +1,48 @@
 /*
  * $Id$
- */
-/**
  *
- * \defgroup WebcitAuth WebcitAuth; Handles authentication of users to a Citadel server.
- * \ingroup CitadelConfig
+ * WebcitAuth; Handles authentication of users to a Citadel server.
  */
 
-/*@{*/
 #include "webcit.h"
+#include "webserver.h"
 
-
-
-/**
- * \brief  user states
- * the plain text states of a user. filled in at \ function TODO initialize_ax_defs()
- * due to NLS
+/*
+ * Access level definitions.  This is initialized from a function rather than a
+ * static array so that the strings may be localized.
  */
 char *axdefs[7]; 
 
 void initialize_axdefs(void) {
-	axdefs[0] = _("Deleted");       /*!0: an erased user */
-	axdefs[1] = _("New User");      /*!1: a new user */
-	axdefs[2] = _("Problem User");  /*!2: a trouble maker */
-	axdefs[3] = _("Local User");    /*!3: user with normal privileges */
-	axdefs[4] = _("Network User");  /*!4: a user that may access network resources */
-	axdefs[5] = _("Preferred User");/*!5: a moderator */
-	axdefs[6] = _("Aide");          /*!6: chief */
+	axdefs[0] = _("Deleted");       /* an erased user */
+	axdefs[1] = _("New User");      /* a new user */
+	axdefs[2] = _("Problem User");  /* a trouble maker */
+	axdefs[3] = _("Local User");    /* user with normal privileges */
+	axdefs[4] = _("Network User");  /* a user that may access network resources */
+	axdefs[5] = _("Preferred User");/* a moderator */
+	axdefs[6] = _("Aide");          /* chief */
 }
 
 
 
 
-/** 
- * \brief Display the login screen
- * \param mesg The error message if last attempt failed.
+/* 
+ * Display the login screen
+ * mesg = the error message if last attempt failed.
  */
 void display_login(char *mesg)
 {
 	char buf[SIZ];
 
 	output_headers(1, 1, 2, 0, 0, 0);
-	wprintf("<div style=\"position:absolute; top:20px; left:20px; right:20px\">\n");
+	wprintf("<div id=\"login_screen\">\n");
 
-	if (mesg != NULL) if (strlen(mesg) > 0) {
-		stresc(buf, mesg, 0, 0);
-		svprintf("mesg", WCS_STRING, "%s", buf);
+	if (mesg != NULL) if (!IsEmptyStr(mesg)) {
+			stresc(buf, SIZ,  mesg, 0, 0);
+			svprintf(HKEY("MESG"), WCS_STRING, "%s", buf);
 	}
 
-	svprintf("LOGIN_INSTRUCTIONS", WCS_STRING,
+	svprintf(HKEY("LOGIN_INSTRUCTIONS"), WCS_STRING,
 		_("<ul>"
 		"<li><b>If you already have an account on %s</b>, "
 		"enter your user name and password and click &quot;Login.&quot; "
@@ -65,16 +59,38 @@ void display_login(char *mesg)
 		serv_info.serv_humannode
 	);
 
-	svprintf("USERNAME_BOX", WCS_STRING, "%s", _("User name:"));
-	svprintf("PASSWORD_BOX", WCS_STRING, "%s", _("Password:"));
-	svprintf("LANGUAGE_BOX", WCS_STRING, "%s", _("Language:"));
-	svprintf("LOGIN_BUTTON", WCS_STRING, "%s", _("Login"));
-	svprintf("NEWUSER_BUTTON", WCS_STRING, "%s", _("New User"));
-	svprintf("EXIT_BUTTON", WCS_STRING, "%s", _("Exit"));
-	svprintf("hello", WCS_SERVCMD, "MESG hello");
-	svprintf("BOXTITLE", WCS_STRING, _("%s - powered by Citadel"),
+	svput("USERNAME_BOX", WCS_STRING, _("User name:"));
+	svput("PASSWORD_BOX", WCS_STRING, _("Password:"));
+	svput("LANGUAGE_BOX", WCS_STRING, _("Language:"));
+	svput("LOGIN_BUTTON", WCS_STRING, _("Login"));
+	svput("NEWUSER_BUTTON", WCS_STRING, _("New User"));
+	svput("EXIT_BUTTON", WCS_STRING, _("Exit"));
+	svput("HELLO", WCS_SERVCMD, "MESG hello");
+	svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
 		serv_info.serv_humannode);
 	svcallback("DO_LANGUAGE_BOX", offer_languages);
+	if (serv_info.serv_newuser_disabled) {
+		svput("NEWUSER_BUTTON_PRE", WCS_STRING, "<div style=\"display:none;\">");
+		svput("NEWUSER_BUTTON_POST", WCS_STRING, "</div>");
+	}
+	else {
+		svput("NEWUSER_BUTTON_PRE", WCS_STRING, "");
+		svput("NEWUSER_BUTTON_POST", WCS_STRING, "");
+	}
+
+#ifdef TECH_PREVIEW
+		svprintf(HKEY("OFFER_OPENID_LOGIN"), WCS_STRING,
+			"<div align=center>"
+			"<a href=\"display_openid_login\">"
+			"<img src=\"static/openid-small.gif\" border=0 valign=middle>"
+			"%s</a>"
+			"</div>"
+			,
+			"Log in using OpenID"
+		);
+#else
+		svput("OFFER_OPENID_LOGIN", WCS_STRING, "");
+#endif
 
 	do_template("login");
 
@@ -84,16 +100,70 @@ void display_login(char *mesg)
 
 
 
-/** \brief Initialize the session
+/* 
+ * Display the openid-enabled login screen
+ * mesg = the error message if last attempt failed.
+ */
+void display_openid_login(char *mesg)
+{
+	char buf[SIZ];
+
+	output_headers(1, 1, 2, 0, 0, 0);
+	wprintf("<div id=\"login_screen\">\n");
+
+	if (mesg != NULL) if (!IsEmptyStr(mesg)) {
+			stresc(buf, SIZ,  mesg, 0, 0);
+			svprintf(HKEY("MESG"), WCS_STRING, "%s", buf);
+	}
+
+	svprintf(HKEY("LOGIN_INSTRUCTIONS"), WCS_STRING,
+		_("<ul>"
+		"<li>Enter your OpenID URL and click &quot;Login&quot;."
+		"<li>Please log off properly when finished. "
+		"<li>You must use a browser that supports <i>frames</i> and "
+		"<i>cookies</i>. "
+		"<li>Also keep in mind that if your browser is "
+		"configured to block pop-up windows, you will not be able "
+		"to receive any instant messages.<br />"
+		"</ul>")
+	);
+
+	svput("OPENID_BOX", WCS_STRING, _("OpenID URL:"));
+	svput("LANGUAGE_BOX", WCS_STRING, _("Language:"));
+	svput("LOGIN_BUTTON", WCS_STRING, _("Login"));
+	svput("EXIT_BUTTON", WCS_STRING, _("Exit"));
+	svput("HELLO", WCS_SERVCMD, "MESG hello");
+	svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
+		serv_info.serv_humannode);
+	svcallback("DO_LANGUAGE_BOX", offer_languages);
+
+	svprintf(HKEY("OFFER_CONVENTIONAL_LOGIN"), WCS_STRING,
+		"<div align=center>"
+		"<a href=\"display_login\">"
+		"%s</a>"
+		"</div>"
+		,
+		"Log in using a user name and password"
+	);
+
+	do_template("openid_login");
+	wDumpContent(2);
+}
+
+
+
+
+/* Initialize the session
+ *
  * This function needs to get called whenever the session changes from
  * not-logged-in to logged-in, either by an explicit login by the user or
  * by a timed-out session automatically re-establishing with a little help
  * from the browser cookie.  Either way, we need to load access controls and
  * preferences from the server.
  *
- * \param user the username
- * \param pass his password
- * \param serv_response The parameters returned from a Citadel USER or NEWU command
+ * user			the username
+ * pass			his password
+ * serv_response	The parameters returned from a Citadel USER or NEWU command
  */
 void become_logged_in(char *user, char *pass, char *serv_response)
 {
@@ -126,24 +196,23 @@ void become_logged_in(char *user, char *pass, char *serv_response)
 }
 
 
-/** 
- * \brief Login Checks
- * the logics to detect invalid passwords not to get on citservers nerves
+/* 
+ * Perform authentication using a user name and password
  */
 void do_login(void)
 {
 	char buf[SIZ];
 
-	if (strlen(bstr("language")) > 0) {
+	if (havebstr("language")) {
 		set_selected_language(bstr("language"));
 		go_selected_language();
 	}
 
-	if (strlen(bstr("exit_action")) > 0) {
+	if (havebstr("exit_action")) {
 		do_logout();
 		return;
 	}
-	if (strlen(bstr("login_action")) > 0) {
+	if (havebstr("login_action")) {
 		serv_printf("USER %s", bstr("name"));
 		serv_getln(buf, sizeof buf);
 		if (buf[0] == '3') {
@@ -161,8 +230,8 @@ void do_login(void)
 			return;
 		}
 	}
-	if (strlen(bstr("newuser_action")) > 0) {
-		if (strlen(bstr("pass")) == 0) {
+	if (havebstr("newuser_action")) {
+		if (!havebstr("pass")) {
 			display_login(_("Blank passwords are not allowed."));
 			return;
 		}
@@ -189,8 +258,86 @@ void do_login(void)
 
 }
 
-/**
- * \brief display the user a welcome screen. 
+
+/* 
+ * Perform authentication using OpenID
+ * assemble the checkid_setup request and then redirect to the user's identity provider
+ */
+void do_openid_login(void)
+{
+	char buf[4096];
+
+	if (havebstr("language")) {
+		set_selected_language(bstr("language"));
+		go_selected_language();
+	}
+
+	if (havebstr("exit_action")) {
+		do_logout();
+		return;
+	}
+	if (havebstr("login_action")) {
+		snprintf(buf, sizeof buf,
+			"OID1 %s|%s://%s/finish_openid_login|%s://%s",
+			bstr("openid_url"),
+			(is_https ? "https" : "http"), WC->http_host,
+			(is_https ? "https" : "http"), WC->http_host
+		);
+
+		serv_puts(buf);
+		serv_getln(buf, sizeof buf);
+		if (buf[0] == '2') {
+			lprintf(CTDL_DEBUG, "OpenID server contacted; redirecting to %s\n", &buf[4]);
+			http_redirect(&buf[4]);
+			return;
+		}
+		else {
+			display_openid_login(&buf[4]);
+			return;
+		}
+	}
+
+	/* If we get to this point then something failed. */
+	display_openid_login(_("Your password was not accepted."));
+}
+
+/* 
+ * Complete the authentication using OpenID
+ * This function handles the positive or negative assertion from the user's Identity Provider
+ */
+void finish_openid_login(void)
+{
+	if (havebstr("openid.mode")) {
+		if (!strcasecmp(bstr("openid.mode"), "id_res")) {
+
+			display_openid_login("FIXME id accepted but the code isn't finished");
+			//FIXME finish this
+
+		}
+	}
+
+	if (WC->logged_in) {
+		if (WC->need_regi) {
+			display_reg(1);
+		} else {
+			do_welcome();
+		}
+	} else {
+		display_openid_login(_("Your password was not accepted."));
+	}
+
+}
+
+
+
+
+
+
+
+
+/*
+ * display the user a welcome screen.
+ *
  * if this is the first time login, and the web based setup is enabled, 
  * lead the user through the setup routines
  */
@@ -206,9 +353,11 @@ void do_welcome(void)
 	 */
 	if (WC->is_aide) {
 		if (!setup_wizard) {
+			int len;
 			sprintf(wizard_filename, "setupwiz.%s.%s",
 				ctdlhost, ctdlport);
-			for (i=0; i<strlen(wizard_filename); ++i) {
+			len = strlen(wizard_filename);
+			for (i=0; i<len; ++i) {
 				if (	(wizard_filename[i]==' ')
 					|| (wizard_filename[i] == '/')
 				) {
@@ -233,11 +382,11 @@ void do_welcome(void)
 	}
 #endif
 
-	/**
+	/*
 	 * Go to the user's preferred start page
 	 */
 	get_preference("startpage", buf, sizeof buf);
-	if (strlen(buf)==0) {
+	if (IsEmptyStr(buf)) {
 		safestrncpy(buf, "dotskip&room=_BASEROOM_", sizeof buf);
 		set_preference("startpage", buf, 1);
 	}
@@ -248,7 +397,7 @@ void do_welcome(void)
 }
 
 
-/**
+/*
  * Disconnect from the Citadel server, and end this WebCit session
  */
 void end_webcit_session(void) {
@@ -265,7 +414,7 @@ void end_webcit_session(void) {
 	/* close() of citadel socket will be done by do_housekeeping() */
 }
 
-/** 
+/* 
  * execute the logout
  */
 void do_logout(void)
@@ -280,7 +429,11 @@ void do_logout(void)
 	/** Calling output_headers() this way causes the cookies to be un-set */
 	output_headers(1, 1, 0, 1, 0, 0);
 
-	wprintf("<center>");
+	wprintf("<div id=\"logout_screen\">");
+        wprintf("<div class=\"box\">");
+        wprintf("<div class=\"boxlabel\">");
+	wprintf(_("Log off"));
+        wprintf("</div><div class=\"boxcontent\">");	
 	serv_puts("MESG goodbye");
 	serv_getln(buf, sizeof buf);
 
@@ -296,20 +449,24 @@ void do_logout(void)
 			"connected to the Citadel server.  Please report "
 			"this problem to your system administrator.")
 		);
+		wprintf("<a href=\"http://www.citadel.org/doku.php/"
+			"faq:mastering_your_os:net#netstat\">%s</a>", 
+			_("Read More..."));
 	}
 
-	wprintf("<hr /><a href=\".\">");
+	wprintf("<hr /><div class=\"buttons\"> "
+		"<span class=\"button_link\"><a href=\".\">");
 	wprintf(_("Log in again"));
-	wprintf("</A>&nbsp;&nbsp;&nbsp;"
+	wprintf("</a></span>&nbsp;&nbsp;&nbsp;<span class=\"button_link\">"
 		"<a href=\"javascript:window.close();\">");
 	wprintf(_("Close window"));
-	wprintf("</a></center>\n");
+	wprintf("</a></span></div></div></div></div>\n");
 	wDumpContent(2);
 	end_webcit_session();
 }
 
 
-/* *
+/*
  * validate new users
  */
 void validate(void)
@@ -320,16 +477,18 @@ void validate(void)
 	int a;
 
 	output_headers(1, 1, 2, 0, 0, 0);
-	wprintf("<div id=\"banner\">\n"
-		"<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
-		"<SPAN CLASS=\"titlebar\">");
+	wprintf("<div id=\"banner\">\n");
+	wprintf("<h1>");
 	wprintf(_("Validate new users"));
-	wprintf("</SPAN></TD></TR></TABLE>\n</div>\n<div id=\"content\">\n");
+	wprintf("</h1>");
+	wprintf("</div>\n");
+
+	wprintf("<div id=\"content\" class=\"service\">\n");
 
-	/** If the user just submitted a validation, process it... */
+	/* If the user just submitted a validation, process it... */
 	safestrncpy(buf, bstr("user"), sizeof buf);
-	if (strlen(buf) > 0) {
-		if (strlen(bstr("axlevel")) > 0) {
+	if (!IsEmptyStr(buf)) {
+		if (havebstr("axlevel")) {
 			serv_printf("VALI %s|%s", buf, bstr("axlevel"));
 			serv_getln(buf, sizeof buf);
 			if (buf[0] != '2') {
@@ -338,7 +497,7 @@ void validate(void)
 		}
 	}
 
-	/** Now see if any more users require validation. */
+	/* Now see if any more users require validation. */
 	serv_puts("GNUR");
 	serv_getln(buf, sizeof buf);
 	if (buf[0] == '2') {
@@ -355,7 +514,7 @@ void validate(void)
 	}
 
 	wprintf("<div class=\"fix_scrollbar_bug\">"
-		"<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
+		"<table class=\"auth_validate\"><tr><td>\n");
 	wprintf("<center>");
 
 	safestrncpy(user, &buf[4], sizeof user);
@@ -395,7 +554,7 @@ void validate(void)
 	wprintf(_("Select access level for this user:"));
 	wprintf("<br />\n");
 	for (a = 0; a <= 6; ++a) {
-		wprintf("<a href=\"validate&user=");
+		wprintf("<a href=\"validate?nonce=%ld?user=", WC->nonce);
 		urlescputs(user);
 		wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
 			a, axdefs[a]);
@@ -409,11 +568,11 @@ void validate(void)
 
 
 
-/** 
- * \brief Display form for registration.
+/*
+ * Display form for registration.
+ *
  * (Set during_login to 1 if this registration is being performed during
  * new user login and will require chaining to the proper screen.)
- * \param during_login are we just in the login phase?
  */
 void display_reg(int during_login)
 {
@@ -433,10 +592,10 @@ void display_reg(int during_login)
 	}
 
 	if (during_login) {
-		do_edit_vcard(vcard_msgnum, "1", "do_welcome");
+		do_edit_vcard(vcard_msgnum, "1", "do_welcome", USERCONFIGROOM);
 	}
 	else {
-		do_edit_vcard(vcard_msgnum, "1", "display_main_menu");
+		do_edit_vcard(vcard_msgnum, "1", "display_main_menu", USERCONFIGROOM);
 	}
 
 }
@@ -444,35 +603,24 @@ void display_reg(int during_login)
 
 
 
-/** 
+/*
  * display form for changing your password
  */
 void display_changepw(void)
 {
 	char buf[SIZ];
 
-	output_headers(1, 1, 2, 0, 0, 0);
-	wprintf("<div id=\"banner\">\n"
-		"<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
-		"<SPAN CLASS=\"titlebar\">");
-	wprintf(_("Change your password"));
-	wprintf("</SPAN>"
-		"</TD></TR></TABLE>\n"
-		"</div>\n<div id=\"content\">\n"
-	);
+	output_headers(1, 1, 1, 0, 0, 0);
+
+	svput("BOXTITLE", WCS_STRING, _("Change your password"));
+	do_template("beginbox");
 
-	if (strlen(WC->ImportantMessage) > 0) {
-		do_template("beginbox_nt");
-		wprintf("<SPAN CLASS=\"errormsg\">"
-			"%s</SPAN><br />\n", WC->ImportantMessage);
-		do_template("endbox");
+	if (!IsEmptyStr(WC->ImportantMessage)) {
+		wprintf("<span class=\"errormsg\">"
+			"%s</span><br />\n", WC->ImportantMessage);
 		safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
 	}
 
-	wprintf("<div class=\"fix_scrollbar_bug\">"
-		"<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
-
-	wprintf("<CENTER><br />");
 	serv_puts("MESG changepw");
 	serv_getln(buf, sizeof buf);
 	if (buf[0] == '1') {
@@ -480,29 +628,31 @@ void display_changepw(void)
 	}
 
 	wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
-	wprintf("<CENTER>"
-		"<table border=\"0\" cellspacing=\"5\" cellpadding=\"5\" "
-		"BGCOLOR=\"#EEEEEE\">"
-		"<TR><TD>");
+	wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+	wprintf("<table class=\"altern\" ");
+	wprintf("<tr class=\"even\"><td>");
 	wprintf(_("Enter new password:"));
-	wprintf("</TD>\n");
-	wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
-	wprintf("<TR><TD>");
+	wprintf("</td><td>");
+	wprintf("<input type=\"password\" name=\"newpass1\" value=\"\" maxlength=\"20\"></td></tr>\n");
+	wprintf("<tr class=\"odd\"><td>");
 	wprintf(_("Enter it again to confirm:"));
-	wprintf("</TD>\n");
-	wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
+	wprintf("</td><td>");
+	wprintf("<input type=\"password\" name=\"newpass2\" value=\"\" maxlength=\"20\"></td></tr>\n");
+	wprintf("</table>\n");
 
-	wprintf("</TABLE><br />\n");
-	wprintf("<INPUT type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
+	wprintf("<div class=\"buttons\">\n");
+	wprintf("<input type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
 	wprintf("&nbsp;");
-	wprintf("<INPUT type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
-	wprintf("</form></center>\n");
-	wprintf("</td></tr></table></div>\n");
+	wprintf("<input type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
+	wprintf("</div>\n");
+	wprintf("</form>\n");
+
+	do_template("endbox");
 	wDumpContent(1);
 }
 
-/**
- * \brief change password
+/*
+ * change password
  * if passwords match, propagate it to citserver.
  */
 void changepw(void)
@@ -510,7 +660,7 @@ void changepw(void)
 	char buf[SIZ];
 	char newpass1[32], newpass2[32];
 
-	if (strlen(bstr("change_action")) == 0) {
+	if (!havebstr("change_action")) {
 		safestrncpy(WC->ImportantMessage, 
 			_("Cancelled.  Password was not changed."),
 			sizeof WC->ImportantMessage);
@@ -529,7 +679,7 @@ void changepw(void)
 		return;
 	}
 
-	if (strlen(newpass1) == 0) {
+	if (IsEmptyStr(newpass1)) {
 		safestrncpy(WC->ImportantMessage, 
 			_("Blank passwords are not allowed."),
 			sizeof WC->ImportantMessage);
@@ -551,4 +701,8 @@ void changepw(void)
 
 
 
-/** @} */
+void InitModule_AUTH(void)
+{
+	WebcitAddUrlHandler(HKEY("do_welcome"), do_welcome, 0);
+	return ;
+}