From e30414b839b9a08f8acd3f2aabe619e3b51f6b52 Mon Sep 17 00:00:00 2001 From: Frank Celler Date: Thu, 10 Apr 2014 17:29:04 +0200 Subject: [PATCH] fixed path --- js/actions/api-open.js | 70 ++++++++++++++++ js/actions/api-system.js | 84 +------------------ js/apps/system/cerberus/cerberus.js | 18 ++-- .../system/cerberus/html/changePassword.html | 2 +- js/apps/system/cerberus/manifest.json | 2 +- js/server/modules/org/arangodb/actions.js | 79 +++++++++++++++++ 6 files changed, 164 insertions(+), 91 deletions(-) create mode 100644 js/actions/api-open.js diff --git a/js/actions/api-open.js b/js/actions/api-open.js new file mode 100644 index 0000000000..7cb647dc73 --- /dev/null +++ b/js/actions/api-open.js @@ -0,0 +1,70 @@ +/*jslint indent: 2, nomen: true, maxlen: 100, sloppy: true, vars: true, white: true, plusplus: true, evil: true */ +/*global require, exports, module, ArangoServerState */ + +//////////////////////////////////////////////////////////////////////////////// +/// @brief open actions +/// +/// @file +/// Actions that are mapped under the "_open" path. Allowing to execute the +/// actions without authorization. +/// +/// DISCLAIMER +/// +/// Copyright 2014 triagens GmbH, Cologne, Germany +/// +/// Licensed under the Apache License, Version 2.0 (the "License"); +/// you may not use this file except in compliance with the License. +/// You may obtain a copy of the License at +/// +/// http://www.apache.org/licenses/LICENSE-2.0 +/// +/// Unless required by applicable law or agreed to in writing, software +/// distributed under the License is distributed on an "AS IS" BASIS, +/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +/// See the License for the specific language governing permissions and +/// limitations under the License. +/// +/// Copyright holder is triAGENS GmbH, Cologne, Germany +/// +/// @author Dr. Frank Celler +/// @author Copyright 2014, triAGENS GmbH, Cologne, Germany +//////////////////////////////////////////////////////////////////////////////// + +var actions = require("org/arangodb/actions"); +var console = require("console"); + +// ----------------------------------------------------------------------------- +// --SECTION-- public functions +// ----------------------------------------------------------------------------- + +//////////////////////////////////////////////////////////////////////////////// +/// @brief ceberus password manager +//////////////////////////////////////////////////////////////////////////////// + +actions.defineHttp({ + url : "_open/cerberus", + context : "admin", + prefix : true, + + callback : function (req, res) { + req.user = null; + req.database = "_system"; + + var suffix = "system/cerberus"; + suffix = suffix.split("/"); + suffix = suffix.concat(req.suffix); + + req.suffix = suffix; + + actions.routeRequest(req, res); + } +}); + +// ----------------------------------------------------------------------------- +// --SECTION-- END-OF-FILE +// ----------------------------------------------------------------------------- + +// Local Variables: +// mode: outline-minor +// outline-regexp: "/// @brief\\|/// @addtogroup\\|// --SECTION--\\|/// @page\\|/// @\\}" +// End: diff --git a/js/actions/api-system.js b/js/actions/api-system.js index 1d94b982e5..82ab3e31a6 100644 --- a/js/actions/api-system.js +++ b/js/actions/api-system.js @@ -34,88 +34,6 @@ var internal = require("internal"); var console = require("console"); var users = require("org/arangodb/users"); -// ----------------------------------------------------------------------------- -// --SECTION-- private functions -// ----------------------------------------------------------------------------- - -//////////////////////////////////////////////////////////////////////////////// -/// @brief routing function -//////////////////////////////////////////////////////////////////////////////// - -function routing (req, res) { - var action; - var execute; - var next; - var path = req.suffix.join("/"); - - action = actions.firstRouting(req.requestType, req.suffix); - - execute = function () { - if (action.route === undefined) { - actions.resultNotFound(req, res, arangodb.ERROR_HTTP_NOT_FOUND, - "unknown path '" + path + "'"); - return; - } - - if (action.route.path !== undefined) { - req.path = action.route.path; - } - else { - delete req.path; - } - - if (action.prefix !== undefined) { - req.prefix = action.prefix; - } - else { - delete req.prefix; - } - - if (action.suffix !== undefined) { - req.suffix = action.suffix; - } - else { - delete req.suffix; - } - - if (action.urlParameters !== undefined) { - req.urlParameters = action.urlParameters; - } - else { - req.urlParameters = {}; - } - - var func = action.route.callback.controller; - - if (func === null || typeof func !== 'function') { - func = actions.errorFunction(action.route, - 'Invalid callback definition found for route ' - + JSON.stringify(action.route)); - } - - try { - func(req, res, action.route.callback.options, next); - } - catch (err) { - if (err instanceof internal.SleepAndRequeue) { - throw err; - } - - var msg = 'A runtime error occurred while executing an action: ' - + String(err) + " " + String(err.stack) + " " + (typeof err); - - actions.errorFunction(action.route, msg)(req, res, action.route.callback.options, next); - } - }; - - next = function () { - action = actions.nextRouting(action); - execute(); - }; - - execute(); -} - // ----------------------------------------------------------------------------- // --SECTION-- public functions // ----------------------------------------------------------------------------- @@ -129,7 +47,7 @@ actions.defineHttp({ prefix : true, context : "admin", - callback : routing + callback : actions.routeRequest }); //////////////////////////////////////////////////////////////////////////////// diff --git a/js/apps/system/cerberus/cerberus.js b/js/apps/system/cerberus/cerberus.js index c898f70d5f..2f6cb83a59 100644 --- a/js/apps/system/cerberus/cerberus.js +++ b/js/apps/system/cerberus/cerberus.js @@ -3,7 +3,8 @@ var Foxx = require("org/arangodb/foxx"), users = require("org/arangodb/users"), - controller = new Foxx.Controller(applicationContext) + controller = new Foxx.Controller(applicationContext), + url = require("url"); controller.get("/initpwd/:token", function(req, res) { var token = req.params("token"), @@ -12,11 +13,12 @@ //check token username = users.userByToken(token); -// token = users.setPasswordToken(username); - if (username) { + var path = url.parse(req.url).pathname.split("/"); + path = path.slice(0, path.length - 2).join("/") + "/changePassword.html"; + res.status(307); - res.set("Location", "/system/cerberus/changePassword.html?n="+username+"&t="+token); + res.set("Location", path + "?n=" + username + "&t=" + token); } else { res.set("Content-Type", "text/plain"); res.body = 'The token was not valid. Plaese ensure, that the url you entered was valid (no linebreaks etc.)'; @@ -29,12 +31,17 @@ var password = params[0].split("=")[1]; var confirmPassword = params[1].split("=")[1]; var token = params[2].split("=")[1]; + //check, if passwords are equal if(password !== confirmPassword) { + var path = url.parse(req.url).pathname.split("/"); + path = path.slice(0, path.length - 2).join("/") + "/changePassword.html"; + res.status(307); - res.set("Location", "/system/cerberus/changePassword.html?n="+name+"&t="+token); + res.set("Location", path + "?n=" + name + "&t=" + token); return; } + if (users.changePassword(token, password)) { res.set("Content-Type", "text/html"); res.body = 'Password sucessfully changed. Press here to proceed.'; @@ -43,5 +50,4 @@ res.body = 'The token was not valid. Plaese ensure, that the url you entered was valid (no linebreaks etc.)'; } }); - }()); \ No newline at end of file diff --git a/js/apps/system/cerberus/html/changePassword.html b/js/apps/system/cerberus/html/changePassword.html index 252e4feee8..3814f9cd49 100644 --- a/js/apps/system/cerberus/html/changePassword.html +++ b/js/apps/system/cerberus/html/changePassword.html @@ -14,7 +14,7 @@

-
+ diff --git a/js/apps/system/cerberus/manifest.json b/js/apps/system/cerberus/manifest.json index 5d5effc0cd..a45c0d1db4 100644 --- a/js/apps/system/cerberus/manifest.json +++ b/js/apps/system/cerberus/manifest.json @@ -4,7 +4,7 @@ "author": "gschwab", "isSystem": true, "controllers": { - "/_open/": "cerberus.js" + "/": "cerberus.js" }, "assets": { "changePassword.html": { diff --git a/js/server/modules/org/arangodb/actions.js b/js/server/modules/org/arangodb/actions.js index 9fd780d657..9199a24744 100644 --- a/js/server/modules/org/arangodb/actions.js +++ b/js/server/modules/org/arangodb/actions.js @@ -891,6 +891,84 @@ function flattenRouting (routes, path, urlParameters, depth, prefix) { // --SECTION-- public functions // ----------------------------------------------------------------------------- +//////////////////////////////////////////////////////////////////////////////// +/// @brief routing function +//////////////////////////////////////////////////////////////////////////////// + +function routeRequest (req, res) { + var action; + var execute; + var next; + var path = req.suffix.join("/"); + + action = exports.firstRouting(req.requestType, req.suffix); + + execute = function () { + if (action.route === undefined) { + exports.resultNotFound(req, res, arangodb.ERROR_HTTP_NOT_FOUND, + "unknown path '" + path + "'"); + return; + } + + if (action.route.path !== undefined) { + req.path = action.route.path; + } + else { + delete req.path; + } + + if (action.prefix !== undefined) { + req.prefix = action.prefix; + } + else { + delete req.prefix; + } + + if (action.suffix !== undefined) { + req.suffix = action.suffix; + } + else { + delete req.suffix; + } + + if (action.urlParameters !== undefined) { + req.urlParameters = action.urlParameters; + } + else { + req.urlParameters = {}; + } + + var func = action.route.callback.controller; + + if (func === null || typeof func !== 'function') { + func = exports.errorFunction(action.route, + 'Invalid callback definition found for route ' + + JSON.stringify(action.route)); + } + + try { + func(req, res, action.route.callback.options, next); + } + catch (err) { + if (err instanceof internal.SleepAndRequeue) { + throw err; + } + + var msg = 'A runtime error occurred while executing an action: ' + + String(err) + " " + String(err.stack) + " " + (typeof err); + + exports.errorFunction(action.route, msg)(req, res, action.route.callback.options, next); + } + }; + + next = function () { + action = exports.nextRouting(action); + execute(); + }; + + execute(); +} + //////////////////////////////////////////////////////////////////////////////// /// @brief returns a result of a query as documents /// @@ -1977,6 +2055,7 @@ function stringifyRequestAddress (req) { // ----------------------------------------------------------------------------- // public functions +exports.routeRequest = routeRequest; exports.defineHttp = defineHttp; exports.getErrorMessage = getErrorMessage; exports.getJsonBody = getJsonBody;
New password: