185dbcc2ba84d6eb1301163b926ebed3177cd379 angie Thu May 19 04:42:20 2016 -0700 Several revisions to login cookie-checking after helpful code review by Max: Use /dev/urandom instead of srand(clock1000()), duh. Instead of forming cookie strings in both wikiLink.c and hgLogin.c, form them all in wikiLink.c so they're consistent. The wikiLink routines now return (possibly empty) slName lists of cookie strings to be set. The login system uses new cookie names that default to a concatentation of central.cookie (which needs to have one name per central database, like hguid for RR hgcentral and hguid.genome-test for hgcentraltest) and either optional new config params login.tokenCookie and login.userNameCookie or central.cookie concatenated with hgLoginToken and hgLoginUserName (because login uses the central db, so it's different for hgwdev vs RR). If those cookies are not set but the wiki cookies are set, then we accept the wiki cookie values and send out the new cookies, removing the wiki cookies the first time that happens. The login system no longer depends on any wiki.* hg.conf settings. refs #17336, #17327 diff --git src/hg/inc/wikiLink.h src/hg/inc/wikiLink.h index cde7ee2..6daac55 100644 --- src/hg/inc/wikiLink.h +++ src/hg/inc/wikiLink.h @@ -1,47 +1,58 @@ /* wikiLink - interoperate with a wiki site (share user identities). */ /* Copyright (C) 2014 The Regents of the University of California * See README in this or parent directory for licensing information. */ #ifndef WIKILINK_H #define WIKILINK_H /* hg.conf wiki parameters -- wikiLink is disabled if any are undefined. */ #define CFG_WIKI_HOST "wiki.host" #define CFG_WIKI_USER_NAME_COOKIE "wiki.userNameCookie" #define CFG_WIKI_LOGGED_IN_COOKIE "wiki.loggedInCookie" #define CFG_WIKI_SESSION_COOKIE "wiki.sessionCookie" -/* hg.conf login system parameter -- using non-wiki login system if defined */ +/* hg.conf login system parameter -- using non-wiki login system (hgLogin) if defined */ #define CFG_LOGIN_SYSTEM_NAME "login.systemName" +/* hg.conf optional cookie names to override default */ +#define CFG_LOGIN_TOKEN_COOKIE "login.tokenCookie" +#define CFG_LOGIN_USER_NAME_COOKIE "login.userNameCookie" + +/* hg.conf central db parameters */ +#define CFG_CENTRAL_DOMAIN "central.domain" +#define CFG_CENTRAL_COOKIE "central.cookie" char *loginSystemName(); /* Return the wiki host specified in hg.conf, or NULL. Allocd here. */ boolean loginSystemEnabled(); /* Return TRUE if login.systemName parameter is defined in hg.conf . */ -uint loginSystemLoginUser(char *userName); -/* Return a nonzero token which caller must set as the value of CFG_WIKI_LOGGED_IN_COOKIE. - * Call this when userName's password has been validated. */ +struct slName *loginLoginUser(char *userName); +/* Return cookie strings to set for user so we'll recognize that user is logged in. + * Call this after validating userName's password. */ + +struct slName *loginLogoutUser(); +/* Return cookie strings to set (deleting the login cookies). */ -char *loginSystemValidateCookies(); -/* Return a cookie string or NULL. If login cookies are present and valid, but the current - * token has aged out, the returned cookie string sets a cookie to a new token value. - * If login cookies are present but invalid, the cookie string deletes/expires the cookies. - * Otherwise returns NULL. */ +struct slName *loginValidateCookies(); +/* Return possibly empty list of cookie strings for the caller to set. + * If login cookies are present and valid, but the current token has aged out, + * the returned cookie string sets the token cookie to a new token value. + * If login cookies are present but invalid, the result deletes/expires the cookies. + * Otherwise returns NULL (no change to cookies). */ char *wikiLinkHost(); /* Return the wiki host specified in hg.conf, or NULL. Allocd here. */ boolean wikiLinkEnabled(); /* Return TRUE if all wiki.* parameters are defined in hg.conf . */ char *wikiLinkUserName(); /* Return the user name specified in cookies from the browser, or NULL if * the user doesn't appear to be logged in. */ char *wikiLinkUserLoginUrl(char *hgsid); /* Return the URL for the wiki user login page. */ char *wikiLinkUserLoginUrlReturning(char *hgsid, char *returnUrl);