baculum: Prevent opening new sessions for each request

diff --git a/gui/baculum/protected/Class/API.php b/gui/baculum/protected/Class/API.php
index 9d109fbb4d575dc43506410b74ca43294fbbba93..b04df4540787a42ac09bebba84f3bb22e35b7d09 100644 (file)
--- a/gui/baculum/protected/Class/API.php
+++ b/gui/baculum/protected/Class/API.php
@@ -39,6 +39,7 @@ class API extends TModule {
                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+               curl_setopt($ch, CURLOPT_COOKIE, 'PHPSESSID=' . md5(session_id()));
                curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
                curl_setopt($ch, CURLOPT_USERPWD, $this->appCfg['baculum']['login'] . ':' . $this->appCfg['baculum']['password']);
                return $ch;

diff --git a/gui/baculum/protected/Class/BaculumAPI.php b/gui/baculum/protected/Class/BaculumAPI.php
index 50d4526cfd904d158605580e38c4b12aca56d5e2..0ed249aede9d6c4d6abb0cafa2c17ba70bebd1e7 100644 (file)
--- a/gui/baculum/protected/Class/BaculumAPI.php
+++ b/gui/baculum/protected/Class/BaculumAPI.php
@@ -53,7 +53,7 @@ abstract class BaculumAPI extends TPage
                $user = isset($_SERVER['HTTP_X_BACULUM_USER']) ? $_SERVER['HTTP_X_BACULUM_USER']: null;
                $pwd = isset($_SERVER['HTTP_X_BACULUM_PWD']) ? $_SERVER['HTTP_X_BACULUM_PWD']: null;
                if(!is_null($user) && !is_null($pwd)) {
-                       $logged = $this->Application->getModule('auth')->login($user, $pwd);
+                       $logged = $this->Application->getModule('users')->loginUser($user, $pwd);
                        if ($logged === true) {
                                $this->user = ($this->User->getIsAdmin() === false) ? $user : null;
                        } else {

diff --git a/gui/baculum/protected/Class/BaculumUser.php b/gui/baculum/protected/Class/BaculumUser.php
index 4cf3a8eaa9425e5fc47bd44f2a0eb7c54af96767..d5116e5b0547c197c7e578a1e4db1180ef0fa5bf 100644 (file)
--- a/gui/baculum/protected/Class/BaculumUser.php
+++ b/gui/baculum/protected/Class/BaculumUser.php
@@ -22,7 +22,7 @@
 
 Prado::using('System.Security.TUser');
 
-class BaculumUser extends TUser {
+class BaculumUser extends TUser implements IUser {
 
        private $_id;
        private $_pwd;
@@ -46,5 +46,9 @@ class BaculumUser extends TUser {
        public function getIsAdmin() {
                return $this->isInRole('admin');
        }
+
+       public function getIsUser() {
+               return $this->isInRole('user');
+       }
 }
 ?>

diff --git a/gui/baculum/protected/Class/BaculumUsersManager.php b/gui/baculum/protected/Class/BaculumUsersManager.php
index f47e0b57e5c5715df378a71146a2b0d709097816..cb7a08862d5e03260f52da6cbc799856cb317971 100644 (file)
--- a/gui/baculum/protected/Class/BaculumUsersManager.php
+++ b/gui/baculum/protected/Class/BaculumUsersManager.php
@@ -50,11 +50,11 @@ class BaculumUsersManager extends TModule implements IUserManager {
 
        public function getUser($username = null) {
                $user = new BaculumUser($this);
+               $user->setIsGuest(false);
                $id = sha1(time());
                $user->setID($id);
                $user->setName($username);
-               $user->setIsGuest(false);
-               if ($username != null) {
+               if (!is_null($username)) {
                        $user->setPwd($this->users[$username]);
                }
                if(is_null($this->config) || $this->config['baculum']['login'] === $username) {
@@ -66,16 +66,36 @@ class BaculumUsersManager extends TModule implements IUserManager {
        }
 
        public function getUserFromCookie($cookie) {
-               return;
+               $data = $cookie->Value;
+               if (!empty($data)) {
+                       $data = $this->Application->SecurityManager->validateData($data);
+                       if ($data != false) {
+                               $data = unserialize($data);
+                               if (is_array($data) && count($data) === 3) {
+                                       list($username, $address, $token) = $data;
+                                       return $this->getUser($username);
+                               }
+                       }
+               }
        }
 
        public function saveUserToCookie($cookie) {
-               return;
+               $address = $this->Application->Request->UserHostAddress;
+               $username = $this->User->getName();
+               $token = $this->User->getID();
+               $data = array($username, $address, $token);
+               $data = serialize($data);
+               $data = $this->Application->SecurityManager->hashData($data);
+               $cookie->setValue($data);
        }
 
-       public function loginUser() {
-               $enc_pwd = $this->Application->getModule('configuration')->getCryptedPassword($_SERVER['PHP_AUTH_PW']);
-               $logged = $this->Application->getModule('auth')->login($_SERVER['PHP_AUTH_USER'], $enc_pwd);
+       public function loginUser($user = null, $pwd = null) {
+               if (is_null($user) && is_null($pwd)) {
+                       $user = $_SERVER['PHP_AUTH_USER'];
+                       $pwd = $this->Application->getModule('configuration')->getCryptedPassword($_SERVER['PHP_AUTH_PW']);
+               }
+               $logged = $this->Application->getModule('auth')->login($user, $pwd, 86400);
+               return $logged;
        }
 }
 ?>