From 152036fe1c0d497361d7e74ce8c785646f64b7ba Mon Sep 17 00:00:00 2001 From: cch Date: Thu, 5 Dec 2013 13:01:24 +0800 Subject: [PATCH 1/3] fixed the cookie authentication with lua5.2 --- src/cgilua/authentication.lua | 24 ++++++++++++++---------- src/cgilua/cookies.lua | 12 ++++++------ 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/src/cgilua/authentication.lua b/src/cgilua/authentication.lua index de27918..94ec365 100755 --- a/src/cgilua/authentication.lua +++ b/src/cgilua/authentication.lua @@ -88,7 +88,7 @@ function M.username() if configuration.tokenPersistence == "url" then token = M.getToken() elseif configuration.tokenPersistence == "cookie" then - token = cgilua.cookies.get(configuration.tokenName) + token = cookies.get(configuration.tokenName) end if token then authenticatedUserData = md5.decrypt(M.decodeURLbase64(token), configuration.criptKey) @@ -119,9 +119,9 @@ local function setUser(username) local cryptedUserData = cryptUserData() if configuration.tokenPersistence == "url" then M.setToken(cryptedUserData) - cgilua.cookies.delete(configuration.tokenName) -- removes an eventual previous cookie token + cookies.delete(configuration.tokenName) -- removes an eventual previous cookie token elseif configuration.tokenPersistence == "cookie" then - cgilua.cookies.set(configuration.tokenName, cryptedUserData) + cookies.set(configuration.tokenName, cryptedUserData) M.setToken() -- remove an eventual previous token from the URLs end end @@ -130,7 +130,7 @@ end -- User logout, clear everything function M.logout() setUser() - cgilua.cookies.delete(configuration.tokenName) + cookies.delete(configuration.tokenName) M.setToken() cgilua.QUERY.logout = nil end @@ -171,7 +171,7 @@ function M.checkURL(ref, tologout) if configuration.tokenPersistence == "url" then token = M.getToken() elseif configuration.tokenPersistence == "cookie" then - token = cgilua.cookies.get(configuration.tokenName) + token = cookies.get(configuration.tokenName) end -- As HTTP header referer information can violate privacy, @@ -197,11 +197,15 @@ end function M.refURL() local url local baseURL = cgilua.QUERY.ref or configuration.checkURL - if string.find(baseURL, "\?") then - url = string.gsub(baseURL, "\?", "?"..configuration.tokenName.."="..cryptUserData().."&") - else - url = baseURL.."?"..configuration.tokenName.."="..cryptUserData() - end + if configuration.tokenPersistence == 'url' then + if string.find(baseURL, "%?") then + url = string.gsub(baseURL, "%?", "?"..configuration.tokenName.."="..cryptUserData().."&") + else + url = baseURL.."?"..configuration.tokenName.."="..cryptUserData() + end + else + url = baseURL + end return url end diff --git a/src/cgilua/cookies.lua b/src/cgilua/cookies.lua index 17a7323..f6d96bc 100755 --- a/src/cgilua/cookies.lua +++ b/src/cgilua/cookies.lua @@ -14,9 +14,9 @@ local format, gsub, strfind = string.format, string.gsub, string.find local date = os.date local escape, unescape = urlcode.escape, urlcode.unescape -local header = SAPI.Response.header -local write = SAPI.Response.write -local servervariable = SAPI.Request.servervariable +--local header = SAPI.Response.header +--local write = SAPI.Response.write +--local servervariable = SAPI.Request.servervariable local M = {} @@ -54,7 +54,7 @@ end -- @param options Table with the options (optional). function M.set (name, value, options) - header("Set-Cookie", build(name, value, options)) + cgilua.header("Set-Cookie", build(name, value, options)) end @@ -66,7 +66,7 @@ end -- @param options Table with the options (optional). function M.sethtml (name, value, options) - write(format('', + cgilua.put(format('', build(name, value, options))) end @@ -77,7 +77,7 @@ end -- @return String with the value associated with the cookie. function M.get (name) - local cookies = servervariable"HTTP_COOKIE" or "" + local cookies = cgilua.servervariable("HTTP_COOKIE") or "" cookies = ";" .. cookies .. ";" cookies = gsub(cookies, "%s*;%s*", ";") -- remove extra spaces local pattern = ";" .. name .. "=(.-);" From be2cf590c49145b98c2e13dad79a85133d3742e1 Mon Sep 17 00:00:00 2001 From: cch Date: Thu, 5 Dec 2013 18:33:03 +0800 Subject: [PATCH 2/3] fixed the logout issue, which caused by buffered auth user id (wsapi creates lots of cgilua objects bind with the file name) --- src/cgilua/authentication.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cgilua/authentication.lua b/src/cgilua/authentication.lua index 94ec365..2e2f286 100755 --- a/src/cgilua/authentication.lua +++ b/src/cgilua/authentication.lua @@ -211,6 +211,7 @@ end -- Sets the current configuration function M.configure(options, methods) + authenticatedUser = nil configuration = options local method = methods[options.method] or {} From 83ddd3d30b15463528b0b14852cbb6333a81e3d6 Mon Sep 17 00:00:00 2001 From: cch Date: Mon, 6 Jan 2014 11:42:28 +0800 Subject: [PATCH 3/3] fixed the example for lua5.2, do_script take the env from caller --- examples/authentication_conf.lua | 6 +++--- examples/cgilua/config.lua | 9 +++++---- examples/check.lua | 3 ++- examples/login.lp | 5 ++++- examples/test.lp | 2 +- src/cgilua/authentication.lua | 5 +++++ src/cgilua/cgilua.lua | 4 ++-- 7 files changed, 22 insertions(+), 12 deletions(-) diff --git a/examples/authentication_conf.lua b/examples/authentication_conf.lua index 02ef655..df710fe 100755 --- a/examples/authentication_conf.lua +++ b/examples/authentication_conf.lua @@ -6,7 +6,7 @@ -- $Id: authentication_conf.lua,v 1.1 2007/12/05 18:40:17 carregal Exp $ ---------------------------- -require"cgilua.authentication" +cgilua.authentication = require"cgilua.authentication" local options = { -- Authentication method: "simpledatabase", "webserver", "ldap", "test" @@ -14,7 +14,7 @@ local options = { -- How Authentication is stored on the client -- This directive can be "cookie" or "url" - tokenPersistence="url", + tokenPersistence="cookie", -- Name used for the token persitence tokenName = "userhash", @@ -35,7 +35,7 @@ options.simpledatabase = { sourcename="users", dbusername="root", dbpassword="pass", - passwd_hash_function=(require"md5") and md5.sumhexa, -- for MD5 encription + passwd_hash_function=(require"md5") and require("md5").sumhexa, -- for MD5 encription -- passwd_hash_function = function(arg) return arg end , -- for no encription users_table="Users", user_name_field="Name", diff --git a/examples/cgilua/config.lua b/examples/cgilua/config.lua index dc3e599..d0fbb66 100755 --- a/examples/cgilua/config.lua +++ b/examples/cgilua/config.lua @@ -8,7 +8,7 @@ -- cgilua.use_executable_name = true -- Enables CGILua authentication --- cgilua.doif (CGILUA_CONF.."/authentication_conf.lua") +cgilua.doif (CGILUA_CONF.."/../authentication_conf.lua") -- Emulating old behavior loading file "env.lua" from the script's directory --[[ @@ -18,8 +18,7 @@ end) --]] -- Basic configuration for using sessions ---[[ -require"cgilua.session" +cgilua.session = require"cgilua.session" cgilua.session.setsessiondir (CGILUA_TMP) -- The following function must be called by every script that needs session. local already_enabled = false @@ -32,7 +31,9 @@ function cgilua.enablesession () cgilua.session.open () cgilua.addclosefunction (cgilua.session.close) end ---]] + +cgilua.setmaxinput(5 * 1024 * 1024) +cgilua.setmaxfilesize(5 * 1024 * 1024) -- Optional compatibility values -- cgilua.preprocess = cgilua.handlelp diff --git a/examples/check.lua b/examples/check.lua index ba6efc3..5fa928a 100755 --- a/examples/check.lua +++ b/examples/check.lua @@ -1,6 +1,7 @@ -- Checking script example -- Assumes that the login form will use two fields called username and pass +local lp = require 'cgilua.lp' local username = cgilua.POST.username local pass = cgilua.POST.pass local logged, err, logoutURL @@ -21,7 +22,7 @@ else err = err or "" cgilua.htmlheader() - cgilua.lp.include ("login.lp", { + lp.include ("login.lp", { logged = logged, errorMsg = err, username = username, cgilua = cgilua, logoutURL = logoutURL}) end diff --git a/examples/login.lp b/examples/login.lp index c4220f4..d886ddd 100755 --- a/examples/login.lp +++ b/examples/login.lp @@ -4,6 +4,9 @@ + <% + cgilua.enablesession () + %> <% if logged then %>

User <%= username %> logged in

Logout @@ -17,4 +20,4 @@ <% end %> - \ No newline at end of file + diff --git a/examples/test.lp b/examples/test.lp index 517f0f2..319f009 100755 --- a/examples/test.lp +++ b/examples/test.lp @@ -8,7 +8,7 @@ <% - require"cgilua.cookies" + cgilua.cookies = require"cgilua.cookies" if cgilua.POST.user then cgilua.cookies.sethtml("cookie_kepler", cgilua.POST.user) end diff --git a/src/cgilua/authentication.lua b/src/cgilua/authentication.lua index 2e2f286..fc86bf7 100755 --- a/src/cgilua/authentication.lua +++ b/src/cgilua/authentication.lua @@ -53,6 +53,10 @@ function M.currentURL() if query_string ~= "" then query_string = "?"..query_string end + --DIRK: hack + if path_info == "/" then + path_info = "" + end return cgilua.mkabsoluteurl(script_name..path_info..query_string) end @@ -95,6 +99,7 @@ function M.username() -- check if IP in crypted data match with client IP local authenticatedUserIP = authenticatedUserData and string.gsub(authenticatedUserData, ",.*$","") or nil if authenticatedUserIP ~= cgilua.servervariable("REMOTE_ADDR") then + M.logout() return nil end authenticatedUser=authenticatedUserData and string.gsub(authenticatedUserData, "^.*,", "") or nil diff --git a/src/cgilua/cgilua.lua b/src/cgilua/cgilua.lua index bdce5ac..69d3516 100755 --- a/src/cgilua/cgilua.lua +++ b/src/cgilua/cgilua.lua @@ -195,8 +195,8 @@ end -- @param filename String with the name of the file to be processed. -- @return The result of the execution of the file. ---------------------------------------------------------------------------- -function M.doscript (filename) - local env = buildscriptenv() +function M.doscript (filename, env) + local env = env or buildscriptenv() local f, err = loadfile(filename, "bt", env) if not f then error (format ("Cannot execute `%s'. Exiting.\n%s", filename, err))