App-MFILE-WWW
view release on metacpan or search on metacpan
0.004 2014-08-13 03:37 CEST
- bin/dochazka-www: bring in server startup script from App-Dochazka-REST
and adapt to our needs
- config/WWW_Config.pm: add some config params
- WWW.pm: bring in initialization routine from App-Dochazka-REST, adapt it, and
call it from dochazka-www
- Resource.pm: eliminate large chunks of App-Dochazka-REST code that we don't
need here; add debug messages; think through how requests will be validated
by writing comments
- looking good overall -- the server starts and displays placeholder
credentials dialog
0.005 2014-08-13 08:36 CEST
- change distro sharedir from 'config/' to 'share/', move config/ into it
- make a new 'comp/' subdir under share/, for Mason components
- make a new 'auth.mc' top-level Mason component for the credentials dialog
- WWW.pm: instantiate Mason interpreter and export it as $Mason singleton;
load our distro sharedir instead of App-Dochazka-REST's; replace
placeholder auth dialog with one constructed by Mason on the fly from
the template stored in 'share/comp/auth.mc'
0.006 2014-08-13 13:17 CEST
- Resource: add 'service_available' method for purpose of logging incoming
HTTP requests, as it is the first method Web::Machine calls
- dochazka-cli: serve files in 'js/' and 'css/' directories statically using
Plack::Middleware::Static
0.016 2014-08-15 17:47 CEST
- use jQuery 2.0 instead of 1.1.1
- jettisoned idea of having the JS code open a connection to the REST
server via Ajax calls -- instead, will store a LWP::UserAgent object
in the session data
0.017 2014-08-16 10:15 CEST
- lots of trial-and-error work to get login dialog to authenticate against REST
server with LWP::UserAgent object in session data
- current state: login dialog displays and user can enter credentials; each
time the form is submitted, the credentials are authenticated to the REST
server and the REST server's response is displayed
0.018 2014-08-18 10:06 CEST
- fix bug "messages not getting loaded properly due to typo in name of
WWW_Message_en.conf file"
- rename 'auth.mi' to more descriptive 'login_dialog.mi'
- WWW.pm: add some POD detailing the request-response cycle
- Resource.pm: eliminate resource_exists and integrate _validate_session into
is_authorized; improve session recognition; clarify that all POST requests
are treated as form submits and handled in 'process_post', which will not
simple menus are defined in js/dochazka/004simpleMenu1.js, which overwrites
the MFILE.simpleMenu object; eliminate MFILE.listOfAllSimpleMenus array since
this information can easily be derived from the MFILE.simpleMenu object
0.064 2014-09-03 12:21 CEST
- js/: separating general ('MFILE') from specific ('DOCHAZKA') code,
implementing privilege history submenu (WIP)
0.065 2014-09-03 13:58 CEST
- Resource.pm, WWW_Config.pm: implement DOCHAZKA_WWW_BYPASS_LOGIN_DIALOG
site configuration parameter so we don't have to type in credentials
a gazillion times a day
0.066 2014-09-03 16:40 CEST
- js/: get crazy idea to add a "Run unit tests" entry to the main menu,
start implementing it
0.067 2014-09-03 17:34 CEST
- js/: move "specific" simple forms code to /js/dochazka, eliminate
MFILE.listOfAllSimpleForms because it is trivial to derive the list
from the MFILE.simpleForm object; add "Run unit tests" entry to main
- core: library function for displaying error messages
- core: improve display of empty table/rowselect in html.js
- core: display drowselect navigation only if rows > 1
0.153 2017-02-25 09:30 CET
- Refrain from making a new Plack::Session object
- doc: tweak log messages
- Resource.pm: implement session and session_id methods
- script: store sessions in a dedicated directory in /tmp
- Display session data on all screens
- login: do not trigger page reload when bad credentials
- Dispatch.pm: remove dead code
- Control display of session data by config parameter
- doc: better description of MFILE_APPNAME config param
- Control display of session data via configuration parameter
0.154 2017-02-27 15:40 CET
- build/ops: require recent versions of dependencies
- Cleanup session data display
- html.js: handle null entriesWrite array
- Implement a special divider dform entry, including rendering
lib/App/MFILE/WWW/Dispatch.pm view on Meta::CPAN
if ( ! $method or ! $path or ! $body ) {
$log->crit( 'POST request received, but missing mandatory attribute(s) - ' .
'here is the entire request body: ' . Dumper( $ajax ) );
return 0;
}
# POST is used only for login/logout ATM
if ( $method =~ m/^LOGIN/i ) {
$log->debug( "Incoming login/logout attempt" );
if ( $path =~ m/^login/i ) {
return $self->validate_user_credentials( $body );
} else {
return $self->_logout( $body );
}
}
$log->crit( "Asked to perform an AJAX call, but feature is not implemented!" );
return 0;
}
=head2 validate_user_credentials
Called from C<process_post> to process login requests (special AJAX requests)
originating from the JavaScript side (i.e. the login screen in
login-dialog.js, via login.js).
Returns a status object - OK means the login was successful; all other statuses
mean unsuccessful.
=cut
sub validate_user_credentials {
my ( $self, $body ) = @_;
$log->debug( "Entering " . __PACKAGE__ . "::validate_user_credentials()" );
my $r = $self->request;
my $session = $r->{'env'}->{'psgix.session'};
my $nick = $body->{'nam'};
my $password = $body->{'pwd'};
my $standalone = $meta->META_WWW_STANDALONE_MODE;
$log->debug( "Employee $nick login attempt" );
my ( $code, $message, $body_json );
lib/App/MFILE/WWW/Resource.pm view on Meta::CPAN
if ( $r->method eq 'POST' and
$self->context->{'request_body'} and
$self->context->{'request_body'}->{'method'} and
$self->context->{'request_body'}->{'method'} =~ m/^LOGIN/i ) {
$log->debug( "is_authorized: Login attempt - pass it on" );
return 1;
}
# bypass login dialog?
if ( $site->MFILE_WWW_BYPASS_LOGIN_DIALOG ) {
$log->warn( "Bypassing login dialog! Using default credentials" );
#
# since the credentials are set in the configuration file, we only
# need to check them once - the result of this check is placed in
# META_LOGIN_BYPASS_STATE
#
if ( not defined $meta->META_LOGIN_BYPASS_STATE ) {
$meta->set('META_LOGIN_BYPASS_STATE', 0);
$session->{'ip_addr'} = $remote_addr;
$session->{'last_seen'} = time;
my $bypass_status = $self->validate_user_credentials( {
'nam' => $site->MFILE_WWW_DEFAULT_LOGIN_CREDENTIALS->{'nam'},
'pwd' => $site->MFILE_WWW_DEFAULT_LOGIN_CREDENTIALS->{'pwd'},
} );
if ( $bypass_status->level() eq 'OK' ) {
$meta->set('META_LOGIN_BYPASS_STATE', 1);
}
}
return $meta->META_LOGIN_BYPASS_STATE;
}
lib/App/MFILE/WWW/Resource.pm view on Meta::CPAN
$r .= '</script>';
return $r;
}
=head2 login_status
Once the username and password are known (either from C<process_post> via the
login AJAX request generated by the login dialog, or from the site
configuration via the MFILE_WWW_BYPASS_LOGIN_DIALOG mechanism), the
C<validate_user_credentials> method is called. That method is implemented by
the derived application, so it can validate user credentials however it likes.
The C<validate_user_credentials> method is then expected to call this method -
C<login_status> - to generate a status object from the results of the user
credentials validation.
Now, C<App::MFILE::WWW> does expect the C<validate_user_credentials> method to
provide the results of user credentials validation in a peculiar format,
hinging on the argument C<$code>, where a value of 200 indicates successful
validation and any other value indicates a failure.
=cut
sub login_status {
my ( $self, $code, $message, $body_json ) = @_;
my $status;
share/config/WWW_Config.pm view on Meta::CPAN
# MFILE_WWW_LOG_FILE_RESET
# should the logfile be deleted/wiped/unlinked/reset before each use
set( 'MFILE_WWW_LOG_FILE_RESET', 1 );
# MFILE_URI_MAX_LENGTH
# see lib/App/MFILE/WWW/Resource.pm
set( 'MFILE_URI_MAX_LENGTH', 1000 );
# MFILE_WWW_BYPASS_LOGIN_DIALOG
# bypass the login dialog and use default login credentials (see next
# param)
set( 'MFILE_WWW_BYPASS_LOGIN_DIALOG', 1 );
# MFILE_WWW_DEFAULT_LOGIN_CREDENTIALS
# when bypassing login dialog, use these credentials
set( 'MFILE_WWW_DEFAULT_LOGIN_CREDENTIALS', {
'nam' => 'root',
'pwd' => 'root'
} );
# MFILE_WWW_STANDALONE_CREDENTIALS_DATABASE
set( 'MFILE_WWW_STANDALONE_CREDENTIALS_DATABASE', [
{
'nam' => 'root',
'pwd' => 'root',
share/config/WWW_Config.pm view on Meta::CPAN
{
'nam' => 'demo',
'pwd' => 'demo',
'eid' => 2,
'priv' => 'passerby',
},
] );
# MFILE_WWW_LOGIN_DIALOG_CHALLENGE_TEXT
# text displayed in the login dialog
set( 'MFILE_WWW_LOGIN_DIALOG_CHALLENGE_TEXT', 'Enter your Innerweb credentials, or demo/demo' );
# MFILE_WWW_LOGIN_DIALOG_MAXLENGTH_USERNAME
# see share/comp/auth.mi
set( 'MFILE_WWW_LOGIN_DIALOG_MAXLENGTH_USERNAME', 20 );
# MFILE_WWW_LOGIN_DIALOG_MAXLENGTH_PASSWORD
# see share/comp/auth.mi
set( 'MFILE_WWW_LOGIN_DIALOG_MAXLENGTH_PASSWORD', 40 );
# MFILE_WWW_SESSION_EXPIRATION_TIME
( run in 0.346 second using v1.01-cache-2.11-cpan-4d50c553e7e )