diff --git a/CHANGELOG b/CHANGELOG index acebc26..089cf3b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ Revision history for Lufi 0.03 2018-??-?? - Use Mojo::SQLite instead of ORLite + - Use FiatTux plugins 0.02.2 2017-09-18 - Fix cron tasks bug diff --git a/cpanfile b/cpanfile index 3ab3ad7..18ed30a 100644 --- a/cpanfile +++ b/cpanfile @@ -3,6 +3,8 @@ requires 'Mojolicious', '>= 7.31'; requires 'Mojolicious::Plugin::DebugDumperHelper'; requires 'Mojolicious::Plugin::I18N'; requires 'Mojolicious::Plugin::Mail'; +requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.01', url => 'https://framagit.org/luc/mojolicious-plugin-fiattux-helpers/-/archive/0.01/mojolicious-plugin-fiattux-helpers-0.01.tar.gz'; +requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.01', url => 'https://framagit.org/luc/mojolicious-plugin-fiattux-grantaccess/-/archive/0.01/mojolicious-plugin-fiattux-grantaccess-0.01.tar.gz'; requires 'EV'; requires 'Filesys::DiskUsage'; requires 'Switch'; diff --git a/lib/Lufi.pm b/lib/Lufi.pm index bb7103e..6c70d21 100644 --- a/lib/Lufi.pm +++ b/lib/Lufi.pm @@ -66,82 +66,18 @@ sub startup { # Debug $self->plugin('DebugDumperHelper'); - # Check htpasswd file existence - die 'Unable to read '.$self->config('htpasswd') if (defined($self->config('htpasswd')) && !-r $self->config('htpasswd')); - - # Authentication (if configured) - $self->plugin('authentication' => - { - autoload_user => 1, - session_key => 'Dolomon', - load_user => sub { - my ($c, $username) = @_; - - return $username; - }, - validate_user => sub { - my ($c, $username, $password, $extradata) = @_; - - if (defined($c->config('ldap'))) { - my $ldap = Net::LDAP->new($c->config->{ldap}->{uri}); - my $mesg = $ldap->bind($c->config->{ldap}->{bind_user}.$c->config->{ldap}->{bind_dn}, - password => $c->config->{ldap}->{bind_pwd} - ); - - $mesg->code && die $mesg->error; - - $mesg = $ldap->search( - base => $c->config->{ldap}->{user_tree}, - filter => "(&(uid=$username)".$c->config->{ldap}->{user_filter}.")" - ); - - if ($mesg->code) { - $c->app->log->error($mesg->error); - return undef; - } - - # we filtered out, but did we actually get a non-empty result? - $entry = $mesg->shift_entry; - if (!defined $entry) { - $c->app->log->info("[LDAP authentication failed] - User $username filtered out, IP: ".$c->ip); - return undef; - } - - # Now we know that the user exists, and that he is authorized by the filter - $mesg = $ldap->bind('uid='.$username.$c->config->{ldap}->{bind_dn}, - password => $password - ); - - if ($mesg->code) { - $c->app->log->info("[LDAP authentication failed] login: $username, IP: ".$c->ip); - $c->app->log->error("[LDAP authentication failed] ".$mesg->error); - return undef; - } - - $c->app->log->info("[LDAP authentication successful] login: $username, IP: ".$c->ip); - } elsif (defined($c->config('htpasswd'))) { - my $htpasswd = new Apache::Htpasswd({passwdFile => $c->config->{htpasswd}, - ReadOnly => 1} - ); - if (!$htpasswd->htCheckPassword($username, $password)) { - return undef; - } - $c->app->log->info("[Simple authentication successful] login: $username, IP: ".$c->ip); - } - - return $username; - } - } - ); - if (defined($self->config('ldap')) || defined($self->config('htpasswd'))) { - $self->app->sessions->default_expiration($self->config('session_duration')); - } + # Fiat Tux helpers + $self->plugin('FiatTux::Helpers'); + + # Authentication + $self->plugin('FiatTux::GrantAccess'); # Secrets $self->secrets($self->config('secrets')); # Helpers $self->plugin('Lufi::Plugin::Helpers'); + # Hooks $self->hook( after_dispatch => sub { diff --git a/lufi.conf.template b/lufi.conf.template index 86a779a..a7c6fbc 100644 --- a/lufi.conf.template +++ b/lufi.conf.template @@ -140,12 +140,12 @@ # please note that everybody can still download files # optional, no default #ldap => { - # uri => 'ldaps://ldap.example.org', - # user_tree => 'ou=users,dc=example,dc=org', - # bind_dn => ',ou=users,dc=example,dc=org', - # bind_user => 'uid=ldap_user', - # bind_pwd => 'secr3t', - # user_filter => '!(uid=ldap_user)' + # uri => 'ldaps://ldap.example.org', # server URI + # user_tree => 'ou=users,dc=example,dc=org', # search base DN + # bind_dn => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN + # bind_pwd => 'secr3t', # search bind password + # user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) + # user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) #}, # set `htpasswd` if you want to use an htpasswd file instead of ldap diff --git a/themes/default/lib/Lufi/I18N/ca.po b/themes/default/lib/Lufi/I18N/ca.po index a90ace2..6be53a7 100644 --- a/themes/default/lib/Lufi/I18N/ca.po +++ b/themes/default/lib/Lufi/I18N/ca.po @@ -304,7 +304,7 @@ msgstr "Si us plau contacteu amb l'administrador: %1" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "Si us plau, espereu mentre obtenim el fitxer. Abans que el tingueu disponible primer cal descarregar i desxifrar tots els trossos." -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "" @@ -345,7 +345,7 @@ msgstr "Compartiu fitxers amb total privacitat a %1" msgid "Signin" msgstr "Autenticació" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr "" diff --git a/themes/default/lib/Lufi/I18N/en.po b/themes/default/lib/Lufi/I18N/en.po index faaaf12..11559b9 100644 --- a/themes/default/lib/Lufi/I18N/en.po +++ b/themes/default/lib/Lufi/I18N/en.po @@ -300,7 +300,7 @@ msgstr "" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "" -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "" @@ -341,7 +341,7 @@ msgstr "" msgid "Signin" msgstr "" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr "" diff --git a/themes/default/lib/Lufi/I18N/fr.po b/themes/default/lib/Lufi/I18N/fr.po index 63c74db..5e21644 100644 --- a/themes/default/lib/Lufi/I18N/fr.po +++ b/themes/default/lib/Lufi/I18N/fr.po @@ -302,7 +302,7 @@ msgstr "Veuillez contacter l’administrateur : %1" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "Veuillez patientez pendant la récupération de votre fichier. Nous devons d’abord récupérer et déchiffrer tous les fragments avant que vous puissiez le télécharger." -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "Veuillez vérifier vos identifiants : impossible de vous authentifier." @@ -343,7 +343,7 @@ msgstr "Partagez vos fichiers en toute confidentialité sur %1" msgid "Signin" msgstr "Connexion" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr "Désolé, vous n’êtes pas autorisé à utiliser ce service. Contactez votre administrateur si vous pensez qu’il s’agit d’une erreur." diff --git a/themes/default/lib/Lufi/I18N/it.po b/themes/default/lib/Lufi/I18N/it.po index 1eec9b8..5833ef0 100644 --- a/themes/default/lib/Lufi/I18N/it.po +++ b/themes/default/lib/Lufi/I18N/it.po @@ -302,7 +302,7 @@ msgstr "Contattare l'amministratore : %1" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "Attendere mentre otteniamo il vostro file. Dobbiamo prima scaricare e decifrare tutte le parti prima che possiate averlo." -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "" @@ -347,7 +347,7 @@ msgstr "Condividi tutti i file in totale riservatezza su %1" msgid "Signin" msgstr "Autenticazione" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr "" diff --git a/themes/default/lib/Lufi/I18N/nl.po b/themes/default/lib/Lufi/I18N/nl.po index c00216f..290516b 100644 --- a/themes/default/lib/Lufi/I18N/nl.po +++ b/themes/default/lib/Lufi/I18N/nl.po @@ -289,7 +289,7 @@ msgstr "Neem contact op met administrator: %1" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "Een ogenblik geduld, we pakken je bestand er bij. We moeten alle delen downloaden en decrypten voordat je het kan downloaden." -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "" @@ -334,7 +334,7 @@ msgstr "Deel je bestanden met volledige privacy op %1" msgid "Signin" msgstr "Inloggen" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr "" diff --git a/themes/default/lib/Lufi/I18N/oc.po b/themes/default/lib/Lufi/I18N/oc.po index 18394d7..333a33a 100644 --- a/themes/default/lib/Lufi/I18N/oc.po +++ b/themes/default/lib/Lufi/I18N/oc.po @@ -302,7 +302,7 @@ msgstr "Mercés de contactar l’administrator : %1" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "Mercés d’esperar pendent la recuperacion de vòstre fichièr. Nos cal d’en primièr recuperar e deschifrar totes los fragaments abans que poscatz o telecargar." -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "Mercés de verificar vòstres identificants : impossible de vos autentificar." @@ -343,7 +343,7 @@ msgstr "Partejatz vòstres fichièrs en tota confidencialitat sus %1" msgid "Signin" msgstr "Connexion" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr "O planhèm collèga, sètz pas autorizat a utilizar aqueste servici. Contactatz vòstre administrator sistèma se pensatz que i a un problèma." diff --git a/themes/default/lib/Lufi/I18N/pt.po b/themes/default/lib/Lufi/I18N/pt.po index ce69143..36a7951 100644 --- a/themes/default/lib/Lufi/I18N/pt.po +++ b/themes/default/lib/Lufi/I18N/pt.po @@ -311,7 +311,7 @@ msgstr "Contacte o administrador: %1" msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it." msgstr "Por favor aguarde durante a recuperação do seu ficheiro. Primeiro devemos recuperar e descodificar todos os fragmentos e depois poderá descarregar o ficheiro." -#: lib/Lufi.pm:200 +#: lib/Lufi.pm:136 msgid "Please, check your credentials: unable to authenticate." msgstr "" @@ -352,7 +352,7 @@ msgstr "Partilhe os seus ficheiros com toda a privacidade em %1" msgid "Signin" msgstr "Conexão" -#: lib/Lufi.pm:203 +#: lib/Lufi.pm:139 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix." msgstr ""