[webui] Rewrite do_login

openSUSE · Oct 19, 2015 · e21cb84 · e21cb84
1 parent 965ffe0
commit e21cb84
Showing 1 changed file with 24 additions and 34 deletions.
diff --git a/src/api/app/controllers/webui/user_controller.rb b/src/api/app/controllers/webui/user_controller.rb
@@ -33,36 +33,30 @@ def login
   end
 
   def do_login
-    if params[:username].present? && params[:password]
-      logger.debug "Doing form authorization to login user #{params[:username]}"
-
-      session[:login] = params[:username]
-      session[:password] = params[:password]
-      authenticate_form_auth
-
-      begin
-        ActiveXML.api.direct_http "/person/#{session[:login]}/login", method: 'POST'
-        User.current = User.find_by_login!(session[:login])
-      rescue ActiveXML::Transport::UnauthorizedError
-        User.current = nil
-      end
-
-      unless User.current
-        return_to = return_path
-        reset_session
-        set_return_path(return_to)
-        flash.now[:error] = 'Authentication failed'
-        User.current = User.find_nobody!
-        render :template => 'webui/user/login'
-        return
-      end
+    mode = CONFIG['proxy_auth_mode'] || CONFIG['ichain_mode'] || :basic
+    logger.debug "do_login: with #{mode}"
+
+    case mode
+    when :on
+      user = User.find_by(login: request.env['HTTP_X_USERNAME'])
+    when :simulate
+      user = User.find_by(login: CONFIG['proxy_auth_test_user'])
+    when :basic, :off
+      user = User.find_with_credentials(params[:username], params[:password])
+    end
 
-      flash[:success] = 'You are logged in now'
-      session[:login] = User.current.login
-      return redirect_to(return_path)
+    if user.nil? || (user.state == User::STATES['ichainrequest'] || user.state == User::STATES['unconfirmed'])
+      set_return_path(return_path)
+      redirect_to(user_login_path, error: 'Authentication failed')
+      return
     end
-    flash[:error] = 'Authentication failed'
-    redirect_to :action => 'login'
+
+    logger.debug "USER found: #{user.login}"
+    User.current = user
+
+    session[:login] = User.current.login
+    session[:password] = params[:password]
+    redirect_to(return_path)
   end
 
   def show
@@ -210,10 +204,7 @@ def register
       redirect_to :controller => :user, :action => :index
     else
       session[:login] = opts[:login]
-      session[:password] = opts[:password]
-      authenticate_form_auth
-      # set User.current
-      check_user
+      User.current = User.find_by_login(session[:login])
       if Project.where(name: User.current.home_project_name).exists?
         redirect_to project_show_path(User.current.home_project_name)
       else
@@ -231,7 +222,7 @@ def password_dialog
 
   def change_password
     # check the valid of the params
-    if not params[:password] == session[:password]
+    unless User.current.password_equals?(params[:password])
       errmsg = 'The value of current password does not match your current password. Please enter the password and try again.'
     end
     if not params[:new_password] == params[:repeat_password]
@@ -250,7 +241,6 @@ def change_password
     user.update_password params[:new_password]
     user.save!
 
-    session[:password] = params[:new_password]
     flash[:success] = 'Your password has been changed successfully.'
     redirect_to :action => :show, user: User.current
   end