diff --git a/Makefile.PL b/Makefile.PL index 5317b0d..dc511cf 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -4,13 +4,13 @@ use warnings; use ExtUtils::MakeMaker; WriteMakefile( - NAME => 'Lrrr', - VERSION_FROM => 'lib/Lrrr.pm', - PREREQ_PM => { - 'Mojolicious' => '5.57', + NAME => 'Lrrr', + VERSION_FROM => 'lib/Lrrr.pm', + PREREQ_PM => { + 'Mojolicious' => '5.57', 'Mojolicious::Plugin::Authentication' => 0, - 'Mojolicious::Commands' => 0, - 'Mango' => 0 + 'Mojolicious::Commands' => 0, + 'Mango' => 0 }, - test => {TESTS => 't/*.t'} + test => { TESTS => 't/*.t' } ); diff --git a/lib/Lrrr.pm b/lib/Lrrr.pm index a66f605..5c893b0 100644 --- a/lib/Lrrr.pm +++ b/lib/Lrrr.pm @@ -14,31 +14,38 @@ use Mojolicious::Plugin::Bcrypt; sub startup { my $self = shift; - my $mongo_uri = $ENV{'MONGOLAB_URI'}; #'mongodb://:@/'; + my $mongo_uri = + $ENV{'MONGOLAB_URI'}; #'mongodb://:@/'; $self->helper( mango => sub { state $mango = Mango->new($mongo_uri) } ); # auth $self->plugin( bcrypt => { cost => 6 } ); - $self->plugin( authentication => { - autoload_user => 1, - load_user => sub { return Lrrr::Authentication->load_user(@_); }, - validate_user => sub { return Lrrr::Authentication->validate_user(@_); } - }); - $self->plugin( authorization => { + $self->plugin( + authentication => { + autoload_user => 1, + load_user => sub { return Lrrr::Authentication->load_user(@_); }, + validate_user => sub { return Lrrr::Authentication->validate_user(@_); } + } + ); + $self->plugin( + authorization => { has_priv => sub { return Lrrr::Authorization->has_priv(@_); }, is_role => sub { return Lrrr::Authorization->is_role(@_); }, user_privs => sub { return Lrrr::Authorization->user_privs(@_) }, user_role => sub { return Lrrr::Authorization->user_role(@_) } - }); + } + ); # Router my $r = $self->routes; # Normal route to controller - $r->get('/' => sub { - $self = shift; - $self->render('home'); - }); + $r->get( + '/' => sub { + $self = shift; + $self->render('home'); + } + ); $r->any('/login')->to( controller => 'login', action => 'login' ); @@ -46,15 +53,20 @@ sub startup { $r->any('/register')->to( controller => 'register', action => 'register' ); - $r->get('/user' => sub { - $self = shift; - $self->render('user'); - }); + $r->get( + '/user' => sub { + $self = shift; + $self->render('user'); + } + ); - $r->get('/hidden' => sub { - $self = shift; - $self->render( text => ($self->is_user_authenticated) ? 'secrets!' : 'go away!' ); - }); + $r->get( + '/hidden' => sub { + $self = shift; + $self->render( + text => ( $self->is_user_authenticated ) ? 'secrets!' : 'go away!' ); + } + ); return; } diff --git a/lib/Lrrr/Authentication.pm b/lib/Lrrr/Authentication.pm index 6097e04..c2241f8 100644 --- a/lib/Lrrr/Authentication.pm +++ b/lib/Lrrr/Authentication.pm @@ -4,26 +4,29 @@ use strict; use warnings; sub load_user { - my ($class, $app, $username) = @_; + my ( $class, $app, $username ) = @_; my $collection = $app->mango->db->collection('users'); - my $user = $collection->find_one( {username => $username} ); + my $user = $collection->find_one( { username => $username } ); - return { - 'username' => $user->{username} - } if ( defined $user->{username} ); + return { 'username' => $user->{username} } + if ( defined $user->{username} ); return; } sub validate_user { - my ($class, $app, $username, $password, $extas) = @_; + my ( $class, $app, $username, $password, $extas ) = @_; my $collection = $app->mango->db->collection('users'); - my $user = $collection->find_one( {username => $username} ); + my $user = $collection->find_one( { username => $username } ); - $app->session( 'role' => ( defined $user->{role} ) ? $user->{role} : 'guest' ); + $app->session( + 'role' => ( defined $user->{role} ) ? $user->{role} : 'guest' ); - return $user->{username} if ( defined $user->{username} && defined $user->{password} && $app->bcrypt_validate($password, $user->{password}) ); + return $user->{username} + if ( defined $user->{username} + && defined $user->{password} + && $app->bcrypt_validate( $password, $user->{password} ) ); return; } diff --git a/lib/Lrrr/Authorization.pm b/lib/Lrrr/Authorization.pm index 633cb89..736cf9e 100644 --- a/lib/Lrrr/Authorization.pm +++ b/lib/Lrrr/Authorization.pm @@ -5,7 +5,7 @@ use warnings; my %roles = ( admin => { create_user => 1, delete_user => 1 }, - guest => { foo => 1 } + guest => { foo => 1 } ); sub has_priv { diff --git a/lib/Lrrr/Controller/Login.pm b/lib/Lrrr/Controller/Login.pm index 1f76fb9..e70d0b0 100644 --- a/lib/Lrrr/Controller/Login.pm +++ b/lib/Lrrr/Controller/Login.pm @@ -9,24 +9,28 @@ use Mojo::Base 'Mojolicious::Controller'; sub login { my $self = shift; - if ( $self->req->method eq 'POST'){ - if( !$self->is_user_authenticated ) { + if ( $self->req->method eq 'POST' ) { + if ( !$self->is_user_authenticated ) { my $u = $self->req->param('u'); my $p = $self->req->param('p'); - if( $self->authenticate($u,$p) ) { - $self->render(msg => 'ok' ); - } else { - $self->render(msg => 'failed' ); + if ( $self->authenticate( $u, $p ) ) { + $self->render( msg => 'ok' ); } - } else { - $self->render(msg=>'already logged in'); + else { + $self->render( msg => 'failed' ); + } + } + else { + $self->render( msg => 'already logged in' ); + } + } + else { + if ( !$self->is_user_authenticated ) { + $self->render( msg => 'log in here:' ); } - } else { - if( !$self->is_user_authenticated ) { - $self->render(msg=>'log in here:'); - } else { - $self->render(msg => 'already logged in'); + else { + $self->render( msg => 'already logged in' ); } } return; @@ -35,11 +39,11 @@ sub login { sub logoff { my $self = shift; $self->logout(); - $self->session(expires => 1); + $self->session( expires => 1 ); $self->render( - template=>'login/login', - format=>'html', - msg => 'you are now logged out.' + template => 'login/login', + format => 'html', + msg => 'you are now logged out.' ); return; } diff --git a/lib/Lrrr/Controller/Register.pm b/lib/Lrrr/Controller/Register.pm index 591401e..477997b 100644 --- a/lib/Lrrr/Controller/Register.pm +++ b/lib/Lrrr/Controller/Register.pm @@ -9,9 +9,9 @@ use Mojo::Base 'Mojolicious::Controller'; sub register { my $self = shift; - if ( - $self->is_user_authenticated && - $self->has_privilege('create_user') ) { + if ( $self->is_user_authenticated + && $self->has_privilege('create_user') ) + { if ( $self->req->method eq 'POST' ) { my $u = $self->req->param('u'); diff --git a/script/create_admin_user.pl b/script/create_admin_user.pl index 1f64cb1..8e30d49 100755 --- a/script/create_admin_user.pl +++ b/script/create_admin_user.pl @@ -3,10 +3,10 @@ use strict; use warnings; - # this section must correspond with Mojolicios::Plugin::Bcrypt # ############################################################ use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); + sub _salt { my $num = 999999; my $cr = crypt( rand($num), rand($num) ) . crypt( rand($num), rand($num) ); @@ -15,33 +15,42 @@ sub _salt { my $cost = sprintf( '%02d', 6 ); my $settings = join( '$', '$2a', $cost, _salt() ); -# ############################################################ +# ############################################################ use Mango; my $mongo_uri = $ENV{'MONGOLAB_URI'}; -my $mango = Mango->new($mongo_uri); +my $mango = Mango->new($mongo_uri); -if( defined $ENV{LRRR_ADMIN_USERNAME} && defined $ENV{LRRR_ADMIN_PASSWORD} ){ +if ( defined $ENV{LRRR_ADMIN_USERNAME} && defined $ENV{LRRR_ADMIN_PASSWORD} ) { my $username = $ENV{LRRR_ADMIN_USERNAME}; my $password = $ENV{LRRR_ADMIN_PASSWORD}; # insert admin user - my $doc = $mango->db->collection('users')->find_one( { username => $username } ); - if ( $doc ) { + my $doc = + $mango->db->collection('users')->find_one( { username => $username } ); + if ($doc) { print $username . " already exists!\n"; - } else { - my $oid = $mango->db->collection('users')->insert( { username => $username, password => bcrypt($password,$settings), role => 'admin' } ); - print "inserted ".$username." with oid: " . $oid . "\n"; } -} else { - print "the ENV variables LRRR_ADMIN_USERNAME and LRRR_ADMIN_PASSWORD need to be set for this command to create a new admin user.\n"; + else { + my $oid = $mango->db->collection('users')->insert( + { + username => $username, + password => bcrypt( $password, $settings ), + role => 'admin' + } + ); + print "inserted " . $username . " with oid: " . $oid . "\n"; + } +} +else { + print +"the ENV variables LRRR_ADMIN_USERNAME and LRRR_ADMIN_PASSWORD need to be set for this command to create a new admin user.\n"; } - # list existing admin users my $c = $mango->db->collection('users')->find( { role => 'admin' } ); print "existing admins:\n"; -while ( my $doc = $c->next ){ - print $doc->{username} . "\n"; +while ( my $doc = $c->next ) { + print $doc->{username} . "\n"; } diff --git a/templates/layouts/default.html.ep b/templates/layouts/default.html.ep index a1f55c6..57a6dc1 100644 --- a/templates/layouts/default.html.ep +++ b/templates/layouts/default.html.ep @@ -2,8 +2,8 @@ <%= title %> - home - login + home + login logout register user