App-Dochazka-WWW
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
- script: dochazka-www: fix option pass-through to mfile-www
- ext: add MFILE_WWW_DISPLAY_SESSION_DATA to config example
- js: int-lib: fix undefined variable in log messages
- js: dform-init: improve data entry hint
- Dispatch: fix login bypass
- Some progress on create interval "last plus offset" and non-interactive async
dform population features
- js: display supervisor nick in employee profile
0.155 2017-10-20 22:43 CEST
- Dispatch: rename _login_dialog method to validate_user_credentials
- js: daction-init: fix pushable flag in one of the actions
- js: act-lib: use populate pattern for populateActivitiesCache
- js: implement employee profile caching
- js: upon successful masquerade, load full employee profile into cache
- js: move all cache-related code into a new caches.js module
- js: implement populateSchedIntvlsForDate() and populateSIDByDate()
0.156 2017-10-21 12:03 CEST
- build/ops: require App::MFILE::WWW 0.164
- js: fix ACL on schedule lookup/display
ext/WWW_SiteConfig.pm.example view on Meta::CPAN
set( 'MFILE_WWW_LOG_FILE_RESET', 1 );
# MFILE_WWW_BYPASS_LOGIN_DIALOG
# If you are the only one using Dochazka at your site, you can bypass
# the login dialog using this parameter and the next one. Obviously,
# doing so is in violation of every security rule known to man.
set( 'MFILE_WWW_BYPASS_LOGIN_DIALOG', 0 );
# MFILE_WWW_DEFAULT_LOGIN_CREDENTIALS
# If the login dialog is bypassed, App::Dochazka::WWW will attempt to
# log the user in with these credentials. Putting passwords in
# configuration files is extremely foolish and should never be done.
set( 'MFILE_WWW_DEFAULT_LOGIN_CREDENTIALS', {
'nam' => 'root',
'pwd' => 'immutable'
} );
# MFILE_WWW_DISPLAY_SESSION_DATA
# controls whether session data will be displayed on all screens
set( 'MFILE_WWW_DISPLAY_SESSION_DATA', 1 );
lib/App/Dochazka/WWW/Dispatch.pm view on Meta::CPAN
if ( ! $method or ! $path or ! $body ) {
$log->crit( 'POST request received, but missing mandatory attribute(s) - ' .
'here is the entire request body: ' . Dumper( $ajax ) );
return 0;
}
# two possibilities: login/logout attempt or normal AJAX call
if ( $method =~ m/^LOGIN/i ) {
$log->debug( "Incoming login/logout attempt" );
if ( $path =~ m/^login/i ) {
return $self->validate_user_credentials( $body );
} else {
return $self->_logout( $body );
}
}
# - normal AJAX call
$log->debug( "Calling rest_req $method $path on session ID " . $self->session_id );
$session->{'last_seen'} = time;
my $rr = $self->rest_req( {
server => $site->DOCHAZKA_WWW_BACKEND_URI,
method => $method,
path => $path,
req_body => $body,
} );
$log->debug( "rest_req returned: " . Dumper( $rr ) );
my $hr = $rr->{'hr'};
return $self->_prep_ajax_response( $hr, $rr->{'body'} );
}
=head2 validate_user_credentials
Called either from C<process_post> on login AJAX requests originating from the
JavaScript side (i.e. the login screen in login-dialog.js, via login.js), or
directly from C<is_authorized> if the MFILE_WWW_BYPASS_LOGIN_DIALOG mechanism
is activated.
Returns a status object - OK means the login was successful; all other statuses
mean unsuccessful.
=cut
sub validate_user_credentials {
my ( $self, $body ) = @_;
$log->debug( "Entering " . __PACKAGE__ . "::validate_user_credentials()" );
my $r = $self->request;
my $session = $self->session;
my $nick = $body->{'nam'};
my $password = $body->{'pwd'};
my $standalone = $meta->META_WWW_STANDALONE_MODE;
$log->debug( "Employee $nick login attempt" );
$log->debug( "DOCHAZKA_WWW_BACKEND_URI is " . $site->DOCHAZKA_WWW_BACKEND_URI );
view release on metacpan - search on metacpan
( run in 1.147 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )