a240964d6dfdd6f8661487b64538d33518d88501 angie Mon May 16 09:38:09 2016 -0700 Added checking of wiki.loggedInCookie (numeric user ID) using random numbers as suggested by Max if the new centralDb table gbMemberToken exists, otherwise checking the ID vs gbMembers.idx. refs #17327 diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c index a7b483c..de6041a 100644 --- src/hg/hgSession/hgSession.c +++ src/hg/hgSession/hgSession.c @@ -105,42 +105,30 @@ else { printf("Signing in enables you to save current settings into a " "named session, and then restore settings from the session later.\n" "If you wish, you can share named sessions with other users.\n"); printf("<P>The sign-in page is handled by our " "<A HREF=\"http://%s/\" TARGET=_BLANK>wiki system</A>:\n", wikiHost); printf("<A HREF=\"%s\"><B>click here to sign in.</B></A>\n", wikiLinkUserLoginUrl(cartSessionId(cart))); printf("The wiki also serves as a forum for users " "to share knowledge and ideas.\n"); } } -char *getLinkUserName() -/* Return the user name specified in cookies from the browser, or NULL - * if - * the user doesn't appear to be logged in. */ -{ -if (wikiLinkEnabled()) - { - return cloneString(wikiLinkUserName()); - } -return NULL; -} - void showCartLinks() /* Print out links to cartDump and cartReset. */ { char *session = cartSidUrlString(cart); char returnAddress[512]; safef(returnAddress, sizeof(returnAddress), "%s?%s", hgSessionName(), session); printf("<A HREF=\"../cgi-bin/cartReset?%s&destination=%s\">Click here to " "reset</A> the browser user interface settings to their defaults.\n", session, cgiEncodeFull(returnAddress)); } char *destAppScriptName() /* Return the complete path (/cgi-bin/... on our systems) of the destination @@ -540,51 +528,50 @@ dyStringPrintf(dyUrl, "?hgS_doLoadUrl=submit&hgS_loadUrlName="); printf("<LI>If a saved settings file is available from a web server, " "you can send email to others with a link such as " "%s<B>U</B> where <B>U</B> is the URL of your " "settings file, e.g. http://www.mysite.edu/~me/mySession.txt . " "In this type of link, you can replace " "\"hgSession\" with \"hgTracks\" in order to proceed directly to " "the Genome Browser. For an example page using such links " "please see the <A HREF=\"../goldenPath/help/sessions.html\" " "TARGET=_BLANK>Session Gallery</A>.</LI>\n", dyUrl->string); printf("</UL>\n"); dyStringFree(&dyUrl); } -void doMainPage(char *message) +void doMainPage(char *userName, char *message) /* Login status/links and session controls. */ { puts("Content-Type:text/html\n"); if (wikiLinkEnabled()) { - char *wikiUserName = wikiLinkUserName(); - if (wikiUserName) - welcomeUser(wikiUserName); + if (userName) + welcomeUser(userName); else offerLogin(); if (isNotEmpty(message)) { if (cartVarExists(cart, hgsDoSessionDetail)) webNewSection("Session Details"); else webNewSection("Updated Session"); puts(message); } - showSessionControls(wikiUserName, TRUE, TRUE); - showLinkingTemplates(wikiUserName); + showSessionControls(userName, TRUE, TRUE); + showLinkingTemplates(userName); } else { if (isNotEmpty(message)) { if (cartVarExists(cart, hgsDoSessionDetail)) webNewSection("Session Details"); else cartWebStart(cart, NULL, "Updated Session"); jsInit(); puts(message); showSessionControls(NULL, FALSE, TRUE); } else showSessionControls(NULL, FALSE, FALSE); @@ -643,39 +630,40 @@ } } if (tdb->visibility != tvHide) outIfNotPresent(cart, dy, tdb->track, tdb->visibility); } // Put a variable in the cart that says we put the default // visibilities in it. if (dy) dyStringPrintf(dy,"&%s=on", CART_HAS_DEFAULT_VISIBILITY); else printf("%s on", CART_HAS_DEFAULT_VISIBILITY); } #define INITIAL_USE_COUNT 0 -char *doNewSession() +char *doNewSession(char *userName) /* Save current settings in a new named session. * Return a message confirming what we did. */ { +if (userName == NULL) + return "Unable to save session -- please log in and try again."; struct dyString *dyMessage = dyStringNew(2048); char *sessionName = trimSpaces(cartString(cart, hgsNewSessionName)); char *encSessionName = cgiEncodeFull(sessionName); boolean shareSession = cartBoolean(cart, hgsNewSessionShare); -char *userName = getLinkUserName(); char *encUserName = cgiEncodeFull(userName); struct sqlConnection *conn = hConnectCentral(); if (sqlTableExists(conn, namedSessionTable)) { struct sqlResult *sr = NULL; struct dyString *dy = dyStringNew(16 * 1024); char **row; char *firstUse = "now()"; int useCount = INITIAL_USE_COUNT; char firstUseBuf[32]; /* If this session already existed, preserve its firstUse and useCount. */ sqlDyStringPrintf(dy, "SELECT firstUse, useCount FROM %s " "WHERE userName = '%s' AND sessionName = '%s';", @@ -736,40 +724,41 @@ getSessionLink(encUserName, encSessionName), getSessionEmailLink(encUserName, encSessionName)); cartCheckForCustomTracks(cart, dyMessage); } else dyStringPrintf(dyMessage, "Sorry, required table %s does not exist yet in the central " "database (%s). Please ask a developer to create it using " "kent/src/hg/lib/namedSessionDb.sql .", namedSessionTable, sqlGetDatabase(conn)); hDisconnectCentral(&conn); return dyStringCannibalize(&dyMessage); } -char *doUpdateSessions() +char *doUpdateSessions(char *userName) /* Look for cart variables matching prefixes for sharing/unsharing, * loading or deleting a previously saved session. * Return a message confirming what we did, or NULL if no such variables * were in the cart. */ { +if (userName == NULL) + return NULL; struct dyString *dyMessage = dyStringNew(1024); struct hashEl *cartHelList = NULL, *hel = NULL; struct sqlConnection *conn = hConnectCentral(); -char *userName = getLinkUserName(); char *encUserName = cgiEncodeFull(userName); boolean didSomething = FALSE; char query[512]; cartHelList = cartFindPrefix(cart, hgsSharePrefix); if (cartHelList != NULL) { struct hash *sharedHash = hashNew(0); char **row; struct sqlResult *sr; sqlSafef(query, sizeof(query), "select sessionName,shared from %s where userName = '%s'", namedSessionTable, encUserName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) @@ -959,36 +948,37 @@ cgiAppendSForHttps(), cgiServerNamePort(), destAppScriptName(), cartSessionVarName(), cartSessionId(cart)); } if (lf != NULL) { cartLoadSettings(lf, cart, NULL, actionVar); cartHideDefaultTracks(cart); hubConnectLoadHubs(cart); cartCopyCustomTracks(cart); cartCheckForCustomTracks(cart, dyMessage); lineFileClose(&lf); } return dyStringCannibalize(&dyMessage); } -char *doSessionDetail(char *sessionName) +char *doSessionDetail(char *userName, char *sessionName) /* Show details about a particular session. */ { +if (userName == NULL) + return "Sorry, please log in again."; struct dyString *dyMessage = dyStringNew(4096); char *encSessionName = cgiEncodeFull(sessionName); -char *userName = getLinkUserName(); char *encUserName = cgiEncodeFull(userName); struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr = NULL; char **row = NULL; char query[512]; webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL)); boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0); if (gotSettings) sqlSafef(query, sizeof(query), "SELECT shared, firstUse, settings from %s " "WHERE userName = '%s' AND sessionName = '%s'", namedSessionTable, encUserName, encSessionName); else sqlSafef(query, sizeof(query), "SELECT shared, firstUse from %s " "WHERE userName = '%s' AND sessionName = '%s'", @@ -1061,39 +1051,40 @@ } void renamePrefixedCartVar(char *prefix, char *oldName, char *newName) /* If cart has prefix+oldName, replace it with prefix+newName = submit. */ { char varName[256]; safef(varName, sizeof(varName), "%s%s", prefix, oldName); if (cartVarExists(cart, varName)) { cartRemove(cart, varName); safef(varName, sizeof(varName), "%s%s", prefix, newName); cartSetString(cart, varName, "submit"); } } -char *doSessionChange(char *oldSessionName) +char *doSessionChange(char *userName, char *oldSessionName) /* Process changes to session from session details page. */ { +if (userName == NULL) + return "Unable to make changes to session. Please log in again."; struct dyString *dyMessage = dyStringNew(1024); webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL)); char *sessionName = oldSessionName; char *encSessionName = cgiEncodeFull(sessionName); char *encOldSessionName = encSessionName; -char *userName = getLinkUserName(); char *encUserName = cgiEncodeFull(userName); struct sqlConnection *conn = hConnectCentral(); struct sqlResult *sr = NULL; char **row = NULL; char query[512]; boolean shared = TRUE; char *settings = NULL; boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0); if (gotSettings) sqlSafef(query, sizeof(query), "SELECT shared, settings from %s " "WHERE userName = '%s' AND sessionName = '%s'", namedSessionTable, encUserName, encSessionName); else sqlSafef(query, sizeof(query), "SELECT shared from %s " @@ -1190,83 +1181,85 @@ return dyStringCannibalize(&dyMessage); } void hgSession() /* hgSession - Interface with wiki login and do session saving/loading. * Here we set up cart and some global variables, dispatch the command, * and put away the cart when it is done. */ { struct hash *oldVars = hashNew(10); /* Sometimes we output HTML and sometimes plain text; let each outputter * take care of headers instead of using a fixed cart*Shell(). */ cart = cartAndCookieNoContent(hUserCookie(), excludeVars, oldVars); +char *userName = wikiLinkEnabled() ? wikiLinkUserName() : NULL; + if (cartVarExists(cart, hgsDoMainPage) || cartVarExists(cart, hgsCancel)) - doMainPage(NULL); + doMainPage(userName, NULL); else if (cartVarExists(cart, hgsDoNewSession)) { - char *message = doNewSession(); - doMainPage(message); + char *message = doNewSession(userName); + doMainPage(userName, message); } else if (cartVarExists(cart, hgsDoOtherUser)) { char *message = doOtherUser(hgsDoOtherUser); - doMainPage(message); + doMainPage(userName, message); } else if (cartVarExists(cart, hgsDoSaveLocal)) { doSaveLocal(); } else if (cartVarExists(cart, hgsDoLoadLocal)) { char *message = doLoad(FALSE, hgsDoLoadLocal); - doMainPage(message); + doMainPage(userName, message); } else if (cartVarExists(cart, hgsDoLoadUrl)) { char *message = doLoad(TRUE, hgsDoLoadUrl); - doMainPage(message); + doMainPage(userName, message); } else if (cartVarExists(cart, hgsDoSessionDetail)) { - char *message = doSessionDetail(cartString(cart, hgsDoSessionDetail)); - doMainPage(message); + char *message = doSessionDetail(userName, cartString(cart, hgsDoSessionDetail)); + doMainPage(userName, message); } else if (cartVarExists(cart, hgsDoSessionChange)) { - char *message = doSessionChange(cartString(cart, hgsOldSessionName)); - doMainPage(message); + char *message = doSessionChange(userName, cartString(cart, hgsOldSessionName)); + doMainPage(userName, message); } else if (cartVarExists(cart, hgsOldSessionName)) { - char *message1 = doSessionChange(cartString(cart, hgsOldSessionName)); - char *message2 = doUpdateSessions(); + char *message1 = doSessionChange(userName, cartString(cart, hgsOldSessionName)); + char *message2 = doUpdateSessions(userName); char *message = message2; if (!startsWith("No changes to session", message1)) { size_t len = (sizeof message1[0]) * (strlen(message1) + strlen(message2) + 1); message = needMem(len); safef(message, len, "%s%s", message1, message2); } - doMainPage(message); + doMainPage(userName, message); } else { - char *message = doUpdateSessions(); - doMainPage(message); + char *message = doUpdateSessions(userName); + doMainPage(userName, message); } cleanHgSessionFromCart(cart); /* Save the cart state: */ cartCheckout(&cart); } int main(int argc, char *argv[]) /* Process command line. */ { long enteredMainTime = clock1000(); htmlPushEarlyHandlers(); cgiSpoof(&argc, argv); setUdcCacheDir(); hgSession();