liquid_feedback_frontend

annotate app/main/_filter/21_auth.lua @ 1821:7978d87b3552

find changesets by author, revision, files, or words in the commit message
Fixed wrong config variable
author bsw
date Wed Jan 26 01:44:32 2022 +0100 (2022-01-26)
parents 2e5b303ea68e
children d1ef89bd250c
rev   line source
bsw@725 1 local module = request.get_module()
bsw@725 2 local view = request.get_view()
bsw@725 3 local action = request.get_action()
bsw@725 4
bsw/jbe@1309 5 local auth_needed = true
bsw/jbe@1309 6
bsw/jbe@1309 7 if module == 'index' and (
bsw@1660 8 view == "login"
bsw/jbe@1309 9 or action == "login"
bsw/jbe@1309 10 or view == "register"
bsw/jbe@1309 11 or action == "register"
bsw/jbe@1309 12 or action == "cancel_register"
bsw/jbe@1309 13 or view == "about"
bsw/jbe@1309 14 or view == "reset_password"
bsw/jbe@1309 15 or action == "reset_password"
bsw/jbe@1309 16 or view == "send_login"
bsw/jbe@1309 17 or action == "send_login"
bsw/jbe@1309 18 or view == "confirm_notify_email"
bsw/jbe@1309 19 or action == "confirm_notify_email"
bsw/jbe@1309 20 or view == "menu"
bsw/jbe@1309 21 or action == "set_lang"
bsw/jbe@1309 22 or view == "403"
bsw/jbe@1309 23 or view == "404"
bsw/jbe@1309 24 or view == "405"
bsw/jbe@1309 25 ) then
bsw/jbe@1309 26 auth_needed = false
bsw/jbe@1309 27 end
bsw/jbe@1309 28
bsw/jbe@1309 29 if module == "registration" then
bsw/jbe@1309 30 auth_needed = false
bsw/jbe@1309 31 end
bsw/jbe@1309 32
bsw/jbe@1309 33 if module == "style" then
bsw/jbe@1309 34 auth_needed = false
bsw/jbe@1309 35 end
bsw/jbe@1309 36
bsw/jbe@1309 37 if module == "help" then
bsw/jbe@1309 38 auth_needed = false
bsw/jbe@1309 39 end
bsw/jbe@1309 40
bsw/jbe@1309 41 if module == "oauth2" and (
bsw/jbe@1309 42 view == "validate"
bsw/jbe@1309 43 or view == "token"
bsw/jbe@1309 44 or view == "session"
bsw/jbe@1309 45 or view == "register"
bsw/jbe@1309 46 ) then
bsw/jbe@1309 47 auth_needed = false
bsw/jbe@1309 48 end
bsw/jbe@1309 49
bsw/jbe@1309 50 if module == "oauth2_client" then
bsw/jbe@1309 51 auth_needed = false
bsw/jbe@1309 52 end
bsw/jbe@1309 53
bsw/jbe@1309 54 if module == "api" then
bsw/jbe@1309 55 auth_needed = false
bsw/jbe@1309 56 end
bsw/jbe@0 57
bsw@1544 58 if app.session:has_access("anonymous") then
bsw@51 59
bsw@1544 60 if
bsw@1544 61 module == "index" and view == "index"
bsw@1544 62 or module == "area" and view == "show"
bsw@1544 63 or module == "unit" and view == "show"
bsw@1544 64 or module == "issue" and view == "show"
bsw@1544 65 or module == "issue" and view == "history"
bsw@1544 66 or module == "initiative" and view == "show"
bsw@1544 67 or module == "initiative" and view == "history"
bsw@1544 68 or module == "suggestion" and view == "show"
bsw@1544 69 or module == "draft" and view == "diff"
bsw@1544 70 or module == "draft" and view == "show"
bsw@1544 71 or module == "file" and view == "show.jpg"
bsw@1544 72 or module == "index" and view == "search"
bsw@1820 73 or module == "index" and view == "usage_terms" and config.use_terms_public_access == true
bsw@1821 74 or module == "index" and view == "privacy" and config.privacy_policy_public_access == true
bsw@1544 75 or module == "help" and view == "introduction"
bsw@1544 76 or module == "style"
bsw@1544 77 then
bsw@1544 78 auth_needed = false
bsw@51 79 end
bsw@51 80
bsw@1544 81 end
bsw@1111 82
bsw@1544 83 if app.session:has_access("authors_pseudonymous") then
bsw@1544 84 if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
bsw@1544 85 auth_needed = false
bsw@1111 86 end
bsw@1544 87 end
bsw@1544 88
bsw@1544 89 if app.session:has_access("everything") then
bsw@1544 90 if module == "member_image" and view == "show" then
bsw@1544 91 auth_needed = false
bsw@1544 92 end
bsw@1544 93 end
bsw@1111 94
bsw@1544 95 if app.session:has_access("all_pseudonymous") then
bsw@1544 96 if module == "vote" and view == "show_incoming"
bsw@1544 97 or module == "member" and view == "list"
bsw@1544 98 or module == "interest" and view == "show_incoming"
bsw@1544 99 or module == "vote" and view == "list" then
bsw@1544 100 auth_needed = false
bsw@813 101 end
bsw@1544 102 end
bsw@813 103
bsw@1544 104 if app.session:has_access("everything") then
bsw@1544 105 if module == "member" and (view == "show" or view == "history") then
bsw@1544 106 auth_needed = false
bsw@1540 107 end
bsw@1544 108 end
bsw@75 109
bsw@1544 110 if module == "sitemap" then
bsw@1544 111 auth_needed = false
bsw@1544 112 end
bsw@1544 113
bsw@1544 114 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
bsw@1696 115 if app.single_unit_id then
bsw@1696 116 request.redirect{ module = "unit", view = "show", id = app.single_unit_id }
bsw@1544 117 else
bsw@1544 118 request.redirect{ module = "unit", view = "list" }
bsw@272 119 end
bsw@1544 120 return
bsw@51 121 end
bsw@51 122
bsw/jbe@0 123 -- if not app.session.user_id then
bsw/jbe@0 124 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
bsw/jbe@0 125 -- app.session.user_id = 1
bsw/jbe@0 126 -- end
bsw/jbe@0 127
bsw@1544 128 if auth_needed and app.session.member == nil then
bsw/jbe@0 129 trace.debug("Not authenticated yet.")
bsw/jbe@1309 130 local params = json.object()
bsw/jbe@1309 131 for key, val in pairs(request.get_param_strings()) do
bsw/jbe@1309 132 if type(val) == "string" then
bsw/jbe@1309 133 params[key] = val
bsw/jbe@1309 134 else
bsw/jbe@1309 135 -- shouldn't happen
bsw/jbe@1309 136 error("array type params not implemented")
bsw/jbe@1309 137 end
bsw/jbe@1309 138 end
bsw@1703 139 if config.login and config.login.method == "oauth2" then
bsw@1703 140 request.redirect{
bsw@1703 141 module = "oauth2_client",
bsw@1703 142 view = "redirect",
bsw@1703 143 params = { provider = config.login.provider }
bsw@411 144 }
bsw@1703 145 else
bsw@1703 146 request.redirect{
bsw@1703 147 module = 'index', view = 'login', params = {
bsw@1703 148 redirect_module = module,
bsw@1703 149 redirect_view = view,
bsw@1703 150 redirect_id = param.get_id(),
bsw@1703 151 redirect_params = params
bsw@1703 152 }
bsw@1703 153 }
bsw@1703 154 end
bsw/jbe@0 155 elseif auth_needed and app.session.member.locked then
bsw/jbe@0 156 trace.debug("Member locked.")
bsw/jbe@0 157 request.redirect{ module = 'index', view = 'login' }
bsw@1541 158 else
bsw@1544 159 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check
bsw@988 160 and not (module == "admin" or (module == "index" and (
bsw@988 161 view == "check_delegations"
bsw@988 162 or action == "check_delegations"
bsw@988 163 or action == "logout"
bsw@988 164 or view == "about"
bsw@988 165 or view == "usage_terms"
bsw@988 166 or action == "set_lang")
bsw@988 167 ))
bsw@988 168 and not (module == "member_image" and view == "show") then
bsw@988 169 request.redirect{ module = 'index', view = 'check_delegations' }
bsw@988 170 return
bsw@988 171 end
bsw/jbe@0 172 if auth_needed then
bsw/jbe@0 173 trace.debug("Authentication accepted.")
bsw/jbe@0 174 else
bsw/jbe@0 175 trace.debug("No authentication needed.")
bsw/jbe@0 176 end
bsw/jbe@0 177
bsw/jbe@0 178 --db:query("SELECT check_everything()")
bsw/jbe@0 179
bsw/jbe@0 180 execute.inner()
bsw/jbe@0 181 trace.debug("End of authentication filter.")
bsw/jbe@0 182 end
bsw/jbe@0 183

Impressum / About Us