Use FiatTux plugins

WARNING! LDAP configuration has changed! Check lufi.conf.template

CHANGELOG

@@ -2,6 +2,7 @@ Revision history for Lufi
 
 0.03 2018-??-??
 	- Use Mojo::SQLite instead of ORLite
+	- Use FiatTux plugins
 
 0.02.2 2017-09-18
 	- Fix cron tasks bug

cpanfile

@@ -3,6 +3,8 @@ requires 'Mojolicious', '>= 7.31';
 requires 'Mojolicious::Plugin::DebugDumperHelper';
 requires 'Mojolicious::Plugin::I18N';
 requires 'Mojolicious::Plugin::Mail';
+requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.01', url => 'https://framagit.org/luc/mojolicious-plugin-fiattux-helpers/-/archive/0.01/mojolicious-plugin-fiattux-helpers-0.01.tar.gz';
+requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.01', url => 'https://framagit.org/luc/mojolicious-plugin-fiattux-grantaccess/-/archive/0.01/mojolicious-plugin-fiattux-grantaccess-0.01.tar.gz';
 requires 'EV';
 requires 'Filesys::DiskUsage';
 requires 'Switch';

lib/Lufi.pm

@@ -66,82 +66,18 @@ sub startup {
     # Debug
     $self->plugin('DebugDumperHelper');
 
-    # Check htpasswd file existence
-    die 'Unable to read '.$self->config('htpasswd') if (defined($self->config('htpasswd')) && !-r $self->config('htpasswd'));
+    # Fiat Tux helpers
+    $self->plugin('FiatTux::Helpers');
 
-    # Authentication (if configured)
-    $self->plugin('authentication' =>
-        {
-            autoload_user => 1,
-            session_key   => 'Dolomon',
-            load_user     => sub {
-                my ($c, $username) = @_;
-
-                return $username;
-            },
-            validate_user => sub {
-                my ($c, $username, $password, $extradata) = @_;
-
-                if (defined($c->config('ldap'))) {
-                    my $ldap = Net::LDAP->new($c->config->{ldap}->{uri});
-                    my $mesg = $ldap->bind($c->config->{ldap}->{bind_user}.$c->config->{ldap}->{bind_dn},
-                        password => $c->config->{ldap}->{bind_pwd}
-                    );
-
-                    $mesg->code && die $mesg->error;
-
-                    $mesg = $ldap->search(
-                        base   => $c->config->{ldap}->{user_tree},
-                        filter => "(&(uid=$username)".$c->config->{ldap}->{user_filter}.")"
-                    );
-
-                    if ($mesg->code) {
-                        $c->app->log->error($mesg->error);
-                        return undef;
-                    }
-
-                    # we filtered out, but did we actually get a non-empty result?
-                    $entry = $mesg->shift_entry;
-                    if (!defined $entry) {
-                        $c->app->log->info("[LDAP authentication failed] - User $username filtered out, IP: ".$c->ip);
-                        return undef;
-                    }
-
-                    # Now we know that the user exists, and that he is authorized by the filter
-                    $mesg = $ldap->bind('uid='.$username.$c->config->{ldap}->{bind_dn},
-                        password => $password
-                    );
-
-                    if ($mesg->code) {
-                        $c->app->log->info("[LDAP authentication failed] login: $username, IP: ".$c->ip);
-                        $c->app->log->error("[LDAP authentication failed] ".$mesg->error);
-                        return undef;
-                    }
-
-                    $c->app->log->info("[LDAP authentication successful] login: $username, IP: ".$c->ip);
-                } elsif (defined($c->config('htpasswd'))) {
-                    my $htpasswd = new Apache::Htpasswd({passwdFile => $c->config->{htpasswd},
-                                                 ReadOnly   => 1}
-                                                );
-                    if (!$htpasswd->htCheckPassword($username, $password)) {
-                        return undef;
-                    }
-                    $c->app->log->info("[Simple authentication successful] login: $username, IP: ".$c->ip);
-                }
-
-                return $username;
-            }
-        }
-    );
-    if (defined($self->config('ldap')) || defined($self->config('htpasswd'))) {
-        $self->app->sessions->default_expiration($self->config('session_duration'));
-    }
+    # Authentication
+    $self->plugin('FiatTux::GrantAccess');
 
     # Secrets
     $self->secrets($self->config('secrets'));
 
     # Helpers
     $self->plugin('Lufi::Plugin::Helpers');
+
     # Hooks
     $self->hook(
         after_dispatch => sub {

lufi.conf.template

@@ -140,12 +140,12 @@
     # please note that everybody can still download files
     # optional, no default
     #ldap => {
-    #    uri         => 'ldaps://ldap.example.org',
-    #    user_tree   => 'ou=users,dc=example,dc=org',
-    #    bind_dn     => ',ou=users,dc=example,dc=org',
-    #    bind_user   => 'uid=ldap_user',
-    #    bind_pwd    => 'secr3t',
-    #    user_filter => '!(uid=ldap_user)'
+    #    uri         => 'ldaps://ldap.example.org',                 # server URI
+    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
+    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+    #    bind_pwd    => 'secr3t',                                   # search bind password
+    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
     #},
 
     # set `htpasswd` if you want to use an htpasswd file instead of ldap

themes/default/lib/Lufi/I18N/ca.po

@@ -304,7 +304,7 @@ msgstr "Si us plau contacteu amb l'administrador: %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Si us plau, espereu mentre obtenim el fitxer. Abans que el tingueu disponible primer cal descarregar i desxifrar tots els trossos."
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr ""
 
@@ -345,7 +345,7 @@ msgstr "Compartiu fitxers amb total privacitat a %1"
 msgid "Signin"
 msgstr "Autenticació"
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr ""
 

themes/default/lib/Lufi/I18N/en.po

@@ -300,7 +300,7 @@ msgstr ""
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr ""
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr ""
 
@@ -341,7 +341,7 @@ msgstr ""
 msgid "Signin"
 msgstr ""
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr ""
 

themes/default/lib/Lufi/I18N/fr.po

@@ -302,7 +302,7 @@ msgstr "Veuillez contacter l’administrateur : %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Veuillez patientez pendant la récupération de votre fichier. Nous devons d’abord récupérer et déchiffrer tous les fragments avant que vous puissiez le télécharger."
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr "Veuillez vérifier vos identifiants : impossible de vous authentifier."
 
@@ -343,7 +343,7 @@ msgstr "Partagez vos fichiers en toute confidentialité sur %1"
 msgid "Signin"
 msgstr "Connexion"
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr "Désolé, vous n’êtes pas autorisé à utiliser ce service. Contactez votre administrateur si vous pensez qu’il s’agit d’une erreur."
 

themes/default/lib/Lufi/I18N/it.po

@@ -302,7 +302,7 @@ msgstr "Contattare l'amministratore : %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Attendere mentre otteniamo il vostro file. Dobbiamo prima scaricare e decifrare tutte le parti prima che possiate averlo."
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr ""
 
@@ -347,7 +347,7 @@ msgstr "Condividi tutti i file in totale riservatezza su %1"
 msgid "Signin"
 msgstr "Autenticazione"
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr ""
 

themes/default/lib/Lufi/I18N/nl.po

@@ -289,7 +289,7 @@ msgstr "Neem contact op met administrator: %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Een ogenblik geduld, we pakken je bestand er bij. We moeten alle delen downloaden en decrypten voordat je het kan downloaden."
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr ""
 
@@ -334,7 +334,7 @@ msgstr "Deel je bestanden met volledige privacy op %1"
 msgid "Signin"
 msgstr "Inloggen"
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr ""
 

themes/default/lib/Lufi/I18N/oc.po

@@ -302,7 +302,7 @@ msgstr "Mercés de contactar l’administrator : %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Mercés d’esperar pendent la recuperacion de vòstre fichièr. Nos cal d’en primièr recuperar e deschifrar totes los fragaments abans que poscatz o telecargar."
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr "Mercés de verificar vòstres identificants : impossible de vos autentificar."
 
@@ -343,7 +343,7 @@ msgstr "Partejatz vòstres fichièrs en tota confidencialitat sus %1"
 msgid "Signin"
 msgstr "Connexion"
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr "O planhèm collèga, sètz pas autorizat a utilizar aqueste servici. Contactatz vòstre administrator sistèma se pensatz que i a un problèma."
 

themes/default/lib/Lufi/I18N/pt.po

@@ -311,7 +311,7 @@ msgstr "Contacte o administrador: %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Por favor aguarde durante a recuperação do seu ficheiro. Primeiro devemos recuperar e descodificar todos os fragmentos e depois poderá descarregar o ficheiro."
 
-#: lib/Lufi.pm:200
+#: lib/Lufi.pm:136
 msgid "Please, check your credentials: unable to authenticate."
 msgstr ""
 
@@ -352,7 +352,7 @@ msgstr "Partilhe os seus ficheiros com toda a privacidade em %1"
 msgid "Signin"
 msgstr "Conexão"
 
-#: lib/Lufi.pm:203
+#: lib/Lufi.pm:139
 msgid "Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there's a glitch in the matrix."
 msgstr ""