rev |
line source |
bsw@725
|
1 local module = request.get_module()
|
bsw@725
|
2 local view = request.get_view()
|
bsw@725
|
3 local action = request.get_action()
|
bsw@725
|
4
|
bsw/jbe@1309
|
5 local auth_needed = true
|
bsw/jbe@1309
|
6
|
bsw/jbe@1309
|
7 if module == 'index' and (
|
bsw@1660
|
8 view == "login"
|
bsw/jbe@1309
|
9 or action == "login"
|
bsw/jbe@1309
|
10 or view == "register"
|
bsw/jbe@1309
|
11 or action == "register"
|
bsw/jbe@1309
|
12 or action == "cancel_register"
|
bsw/jbe@1309
|
13 or view == "about"
|
bsw/jbe@1309
|
14 or view == "reset_password"
|
bsw/jbe@1309
|
15 or action == "reset_password"
|
bsw/jbe@1309
|
16 or view == "send_login"
|
bsw/jbe@1309
|
17 or action == "send_login"
|
bsw/jbe@1309
|
18 or view == "confirm_notify_email"
|
bsw/jbe@1309
|
19 or action == "confirm_notify_email"
|
bsw/jbe@1309
|
20 or view == "menu"
|
bsw/jbe@1309
|
21 or action == "set_lang"
|
bsw/jbe@1309
|
22 or view == "403"
|
bsw/jbe@1309
|
23 or view == "404"
|
bsw/jbe@1309
|
24 or view == "405"
|
bsw/jbe@1309
|
25 ) then
|
bsw/jbe@1309
|
26 auth_needed = false
|
bsw/jbe@1309
|
27 end
|
bsw/jbe@1309
|
28
|
bsw/jbe@1309
|
29 if module == "registration" then
|
bsw/jbe@1309
|
30 auth_needed = false
|
bsw/jbe@1309
|
31 end
|
bsw/jbe@1309
|
32
|
bsw/jbe@1309
|
33 if module == "style" then
|
bsw/jbe@1309
|
34 auth_needed = false
|
bsw/jbe@1309
|
35 end
|
bsw/jbe@1309
|
36
|
bsw/jbe@1309
|
37 if module == "help" then
|
bsw/jbe@1309
|
38 auth_needed = false
|
bsw/jbe@1309
|
39 end
|
bsw/jbe@1309
|
40
|
bsw/jbe@1309
|
41 if module == "oauth2" and (
|
bsw/jbe@1309
|
42 view == "validate"
|
bsw/jbe@1309
|
43 or view == "token"
|
bsw/jbe@1309
|
44 or view == "session"
|
bsw/jbe@1309
|
45 or view == "register"
|
bsw/jbe@1309
|
46 ) then
|
bsw/jbe@1309
|
47 auth_needed = false
|
bsw/jbe@1309
|
48 end
|
bsw/jbe@1309
|
49
|
bsw/jbe@1309
|
50 if module == "oauth2_client" then
|
bsw/jbe@1309
|
51 auth_needed = false
|
bsw/jbe@1309
|
52 end
|
bsw/jbe@1309
|
53
|
bsw/jbe@1309
|
54 if module == "api" then
|
bsw/jbe@1309
|
55 auth_needed = false
|
bsw/jbe@1309
|
56 end
|
bsw/jbe@0
|
57
|
bsw@1544
|
58 if app.session:has_access("anonymous") then
|
bsw@51
|
59
|
bsw@1544
|
60 if
|
bsw@1544
|
61 module == "index" and view == "index"
|
bsw@1544
|
62 or module == "area" and view == "show"
|
bsw@1544
|
63 or module == "unit" and view == "show"
|
bsw@1544
|
64 or module == "issue" and view == "show"
|
bsw@1544
|
65 or module == "issue" and view == "history"
|
bsw@1544
|
66 or module == "initiative" and view == "show"
|
bsw@1544
|
67 or module == "initiative" and view == "history"
|
bsw@1544
|
68 or module == "suggestion" and view == "show"
|
bsw@1544
|
69 or module == "draft" and view == "diff"
|
bsw@1544
|
70 or module == "draft" and view == "show"
|
bsw@1544
|
71 or module == "file" and view == "show.jpg"
|
bsw@1544
|
72 or module == "index" and view == "search"
|
bsw@1820
|
73 or module == "index" and view == "usage_terms" and config.use_terms_public_access == true
|
bsw@1821
|
74 or module == "index" and view == "privacy" and config.privacy_policy_public_access == true
|
bsw@1544
|
75 or module == "help" and view == "introduction"
|
bsw@1544
|
76 or module == "style"
|
bsw@1544
|
77 then
|
bsw@1544
|
78 auth_needed = false
|
bsw@51
|
79 end
|
bsw@51
|
80
|
bsw@1544
|
81 end
|
bsw@1111
|
82
|
bsw@1544
|
83 if app.session:has_access("authors_pseudonymous") then
|
bsw@1544
|
84 if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
|
bsw@1544
|
85 auth_needed = false
|
bsw@1111
|
86 end
|
bsw@1544
|
87 end
|
bsw@1544
|
88
|
bsw@1544
|
89 if app.session:has_access("everything") then
|
bsw@1544
|
90 if module == "member_image" and view == "show" then
|
bsw@1544
|
91 auth_needed = false
|
bsw@1544
|
92 end
|
bsw@1544
|
93 end
|
bsw@1111
|
94
|
bsw@1544
|
95 if app.session:has_access("all_pseudonymous") then
|
bsw@1544
|
96 if module == "vote" and view == "show_incoming"
|
bsw@1544
|
97 or module == "member" and view == "list"
|
bsw@1544
|
98 or module == "interest" and view == "show_incoming"
|
bsw@1544
|
99 or module == "vote" and view == "list" then
|
bsw@1544
|
100 auth_needed = false
|
bsw@813
|
101 end
|
bsw@1544
|
102 end
|
bsw@813
|
103
|
bsw@1544
|
104 if app.session:has_access("everything") then
|
bsw@1544
|
105 if module == "member" and (view == "show" or view == "history") then
|
bsw@1544
|
106 auth_needed = false
|
bsw@1540
|
107 end
|
bsw@1544
|
108 end
|
bsw@75
|
109
|
bsw@1544
|
110 if module == "sitemap" then
|
bsw@1544
|
111 auth_needed = false
|
bsw@1544
|
112 end
|
bsw@1544
|
113
|
bsw@1544
|
114 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
|
bsw@1696
|
115 if app.single_unit_id then
|
bsw@1696
|
116 request.redirect{ module = "unit", view = "show", id = app.single_unit_id }
|
bsw@1544
|
117 else
|
bsw@1544
|
118 request.redirect{ module = "unit", view = "list" }
|
bsw@272
|
119 end
|
bsw@1544
|
120 return
|
bsw@51
|
121 end
|
bsw@51
|
122
|
bsw/jbe@0
|
123 -- if not app.session.user_id then
|
bsw/jbe@0
|
124 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
|
bsw/jbe@0
|
125 -- app.session.user_id = 1
|
bsw/jbe@0
|
126 -- end
|
bsw/jbe@0
|
127
|
bsw@1544
|
128 if auth_needed and app.session.member == nil then
|
bsw/jbe@0
|
129 trace.debug("Not authenticated yet.")
|
bsw/jbe@1309
|
130 local params = json.object()
|
bsw/jbe@1309
|
131 for key, val in pairs(request.get_param_strings()) do
|
bsw/jbe@1309
|
132 if type(val) == "string" then
|
bsw/jbe@1309
|
133 params[key] = val
|
bsw/jbe@1309
|
134 else
|
bsw/jbe@1309
|
135 -- shouldn't happen
|
bsw/jbe@1309
|
136 error("array type params not implemented")
|
bsw/jbe@1309
|
137 end
|
bsw/jbe@1309
|
138 end
|
bsw@1703
|
139 if config.login and config.login.method == "oauth2" then
|
bsw@1703
|
140 request.redirect{
|
bsw@1703
|
141 module = "oauth2_client",
|
bsw@1703
|
142 view = "redirect",
|
bsw@1703
|
143 params = { provider = config.login.provider }
|
bsw@411
|
144 }
|
bsw@1703
|
145 else
|
bsw@1703
|
146 request.redirect{
|
bsw@1703
|
147 module = 'index', view = 'login', params = {
|
bsw@1703
|
148 redirect_module = module,
|
bsw@1703
|
149 redirect_view = view,
|
bsw@1703
|
150 redirect_id = param.get_id(),
|
bsw@1703
|
151 redirect_params = params
|
bsw@1703
|
152 }
|
bsw@1703
|
153 }
|
bsw@1703
|
154 end
|
bsw/jbe@0
|
155 elseif auth_needed and app.session.member.locked then
|
bsw/jbe@0
|
156 trace.debug("Member locked.")
|
bsw/jbe@0
|
157 request.redirect{ module = 'index', view = 'login' }
|
bsw@1541
|
158 else
|
bsw@1544
|
159 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check
|
bsw@988
|
160 and not (module == "admin" or (module == "index" and (
|
bsw@988
|
161 view == "check_delegations"
|
bsw@988
|
162 or action == "check_delegations"
|
bsw@988
|
163 or action == "logout"
|
bsw@988
|
164 or view == "about"
|
bsw@988
|
165 or view == "usage_terms"
|
bsw@988
|
166 or action == "set_lang")
|
bsw@988
|
167 ))
|
bsw@988
|
168 and not (module == "member_image" and view == "show") then
|
bsw@988
|
169 request.redirect{ module = 'index', view = 'check_delegations' }
|
bsw@988
|
170 return
|
bsw@988
|
171 end
|
bsw/jbe@0
|
172 if auth_needed then
|
bsw/jbe@0
|
173 trace.debug("Authentication accepted.")
|
bsw/jbe@0
|
174 else
|
bsw/jbe@0
|
175 trace.debug("No authentication needed.")
|
bsw/jbe@0
|
176 end
|
bsw/jbe@0
|
177
|
bsw/jbe@0
|
178 --db:query("SELECT check_everything()")
|
bsw/jbe@0
|
179
|
bsw/jbe@0
|
180 execute.inner()
|
bsw/jbe@0
|
181 trace.debug("End of authentication filter.")
|
bsw/jbe@0
|
182 end
|
bsw/jbe@0
|
183
|