2020-10-29 Fred Gleason <fredg@paravelsystems.com>

* Added an 'RDFormPost::authenticate()' method. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-04-12 15:52:29 +02:00 · 2020-10-29 16:05:09 -04:00 · 2020-10-29 16:05:09 -04:00 · 169e0e9baa
commit 169e0e9baa
parent 7daa4fc419
4 changed files with 82 additions and 60 deletions
--- a/2
+++ b/2
@ -20512,3 +20512,5 @@
 	the system shell.
 2020-10-27 Fred Gleason <fredg@paravelsystems.com>
 	* Removed the runuser(1) dependency.
+2020-10-29 Fred Gleason <fredg@paravelsystems.com>
+	* Added an 'RDFormPost::authenticate()' method.
--- a/lib/rdformpost.cpp
+++ b/lib/rdformpost.cpp
@ -25,8 +25,10 @@
 #include <fcntl.h>
 #include <unistd.h>

+#include "rdapplication.h"
 #include "rdconf.h"
 #include "rddatetime.h"
+#include "rdescape_string.h"
 #include "rdweb.h"

 #include <rdformpost.h>
@ -317,6 +319,77 @@ bool RDFormPost::isFile(const QString &name)
 }


+bool RDFormPost::authenticate(bool *used_ticket)
+{
+  QString ticket;
+  QString sql;
+  RDSqlQuery *q;
+  QString name;
+  QString passwd;
+
+  //
+  // First, attempt ticket authentication
+  //
+  if(used_ticket!=NULL) {
+    *used_ticket=false;
+  }
+  if(getValue("TICKET",&ticket)) {
+    sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+
+      "(TICKET=\""+RDEscapeString(ticket)+"\")&&"+
+      "(IPV4_ADDRESS=\""+clientAddress().toString()+"\")&&"+
+      "(EXPIRATION_DATETIME>now())";
+    q=new RDSqlQuery(sql);
+    if(q->first()) {
+      rda->user()->setName(q->value(0).toString());
+      delete q;
+      if(used_ticket!=NULL) {
+	*used_ticket=true;
+      }
+      return true;
+    }
+    delete q;
+  }
+
+  //
+  // Next, check the whitelist
+  //
+  if(!getValue("LOGIN_NAME",&name)) {
+    rda->logAuthenticationFailure(clientAddress());
+    return false;
+  }
+  if(!getValue("PASSWORD",&passwd)) {
+    rda->logAuthenticationFailure(clientAddress(),name);
+    return false;
+  }
+  rda->user()->setName(name);
+  if(!rda->user()->exists()) {
+    rda->logAuthenticationFailure(clientAddress(),name);
+    return false;
+  }
+  if((clientAddress().toIPv4Address()>>24)==127) {  // Localhost
+    return true;
+  }
+  sql=QString("select NAME from STATIONS where ")+
+    "IPV4_ADDRESS=\""+clientAddress().toString()+"\"";
+  q=new RDSqlQuery(sql);
+  if(q->first()) {
+    delete q;
+    return true;
+  }
+  delete q;
+
+  //
+  // Finally, try password
+  //
+  if(!rda->user()->checkPassword(passwd,false)) {
+    rda->logAuthenticationFailure(clientAddress(),name);
+    return false;
+  }
+
+  return true;
+}
+
+
 QString RDFormPost::tempDir() const
 {
  return post_tempdir->path();
--- a/lib/rdformpost.h
+++ b/lib/rdformpost.h
@ -28,6 +28,7 @@
 #include <QVariant>
 #include <QHostAddress>

+#include <rdconfig.h>
 #include <rdtempdirectory.h>

 class RDFormPost
@ -53,6 +54,7 @@ class RDFormPost
  bool getValue(const QString &name,QTime *time,bool *ok=NULL);
  bool getValue(const QString &name,bool *state,bool *ok=NULL);
  bool isFile(const QString &name);
+  bool authenticate(bool *used_ticket=NULL);
  QString tempDir() const;
  unsigned headerContentLength() const;
  QString headerContentType() const;
--- a/web/rdxport/rdxport.cpp
+++ b/web/rdxport/rdxport.cpp
@ -389,69 +389,14 @@ void Xport::ripcConnectedData(bool state)

 bool Xport::Authenticate()
 {
-  QString ticket;
-  QString sql;
-  RDSqlQuery *q;
-  QString name;
-  QString passwd;
+  bool used_ticket=false;
+  bool ok=xport_post->authenticate(&used_ticket);

-  //
-  // First, attempt ticket authentication
-  //
-  if(xport_post->getValue("TICKET",&ticket)) {
-    sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+
-      "(TICKET=\""+RDEscapeString(ticket)+"\")&&"+
-      "(IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\")&&"+
-      "(EXPIRATION_DATETIME>now())";
-    q=new RDSqlQuery(sql);
-    if(q->first()) {
-      rda->user()->setName(q->value(0).toString());
-      delete q;
-      return true;
-    }
-    delete q;
+  if(ok&&(!used_ticket)) {
+    TryCreateTicket(rda->user()->name());
  }

-  //
-  // Next, check the whitelist
-  //
-  if(!xport_post->getValue("LOGIN_NAME",&name)) {
-    rda->logAuthenticationFailure(xport_post->clientAddress());
-    return false;
-  }
-  if(!xport_post->getValue("PASSWORD",&passwd)) {
-    rda->logAuthenticationFailure(xport_post->clientAddress(),name);
-    return false;
-  }
-  rda->user()->setName(name);
-  if(!rda->user()->exists()) {
-    rda->logAuthenticationFailure(xport_post->clientAddress(),name);
-    return false;
-  }
-  if((xport_post->clientAddress().toIPv4Address()>>24)==127) {  // Localhost
-    TryCreateTicket(name);
-    return true;
-  }
-  sql=QString("select NAME from STATIONS where ")+
-    "IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\"";
-  q=new RDSqlQuery(sql);
-  if(q->first()) {
-    delete q;
-    TryCreateTicket(name);
-    return true;
-  }
-  delete q;
-
-  //
-  // Finally, try password
-  //
-  if(!rda->user()->checkPassword(passwd,false)) {
-    rda->logAuthenticationFailure(xport_post->clientAddress(),name);
-    return false;
-  }
-  TryCreateTicket(name);
-
-  return true;
+  return ok;
 }