Merge pull request #2383 from solgenomics/dauglyon-patch-1
[sgn.git] / lib / CXGN / Login.pm
blobbbcbee1dc0bb54918f51385dd245263debef5007
2 =head1 NAME
4 CXGN::Login - deal with browser site login
6 =head1 DESCRIPTION
8 This is an object which handles logging users in and out of our sites.
10 This class inherits from L<CXGN::DB::Object>.
12 =head1 EXAMPLES
14 #example 1
15 #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
16 #if they are logged in, you will get their person id and your code will continue to execute.
17 my $person_id=CXGN::Login->new()->verify_session();
19 #example 2
20 #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
21 #if they are logged in, you will get their person id and user type and your code will continue to execute.
22 my($person_id,$user_type)=CXGN::Login->new($dbh)->verify_session();
24 #example 3
25 #let everyone view this page, but if they are logged in, get their person id so you can give them a customized page. your code will
26 #continue execution after this line no matter what.
27 my $person_id=CXGN::Login->new($dbh)->has_session();
29 #example 4
30 #let everyone view this page, but if they are logged in, get their person id and user type so you can give them a customized page.
31 #your code will continue execution after this line no matter what.
32 my($person_id,$user_type)=CXGN::Login->new($dbh)->has_session();
34 =head1 AUTHOR
36 John Binns <zombieite@gmail.com>
38 =cut
40 package CXGN::Login;
41 use strict;
42 use warnings;
44 use Digest::MD5 qw(md5);
45 use String::Random;
47 use CXGN::Cookie;
49 use CatalystX::GlobalContext '$c';
51 use base qw | CXGN::DB::Object |;
53 our $LOGIN_COOKIE_NAME = 'sgn_session_id';
54 our $LOGIN_PAGE = '/user/login';
55 our $LOGIN_TIMEOUT = 7200; #seconds for login to timeout
56 our $DBH;
57 our $EXCHANGE_DBH = 1;
59 =head2 constructor new()
61 Usage: my $login = CXGN::Login->new($dbh)
62 Desc: creates a new login object
63 Ret:
64 Args: a database handle
65 Side Effects: connects to database
66 Example:
68 =cut
70 sub new {
71 my $class = shift;
72 my $dbh = shift;
73 my $self = $class->SUPER::new($dbh);
74 $self->set_sql()
75 ; #### This SQL should really be in the CXGN::People::Person object!
77 foreach (@_) {
78 if ( ref($_) eq "HASH" ) {
80 #Process hash args here
81 $self->{no_redirect} = $_->{NO_REDIRECT};
82 last;
85 $self->{conf_object} = $c || do{ require SGN::Context; SGN::Context->new };
86 return $self;
89 =head2 get_login_status
91 Usage: my %logged_in_status = $login -> get_login_status();
92 Desc: a member function. This was changed on 5/1/2009.
93 Ret: a hash with user_type as a key and count of logins as a value
94 Args: none
95 Side Effects: accesses the database
96 Example:
98 =cut
100 sub get_login_status {
101 my $self = shift;
103 my $sth = $self->get_sql("stats_aggregate");
104 $sth->execute($LOGIN_TIMEOUT);
106 my %logins = ();
107 while ( my ( $user_type, $count ) = $sth->fetchrow_array() ) {
108 $logins{$user_type} = $count;
110 if ( !$logins{curator} ) { $logins{curator} = "none"; }
111 if ( !$logins{submitter} ) { $logins{submitter} = "none"; }
112 if ( !$logins{user} ) { $logins{user} = "none"; }
114 $sth = $self->get_sql("stats_private");
115 $sth->execute($LOGIN_TIMEOUT);
117 $logins{detailed} = {};
118 while ( my ( $user_type, $username, $contact_email ) =
119 $sth->fetchrow_array() )
121 $logins{detailed}->{$user_type}->{$username}->{contact_email} =
122 $contact_email;
125 if (wantarray) {
126 return %logins;
128 else {
129 return \%logins;
133 =head2 get_login_info
135 Usage: $login->get_login_info()
136 Desc:
137 Ret:
138 Args:
139 Side Effects:
140 Example:
142 =cut
144 sub get_login_info {
145 my $self = shift;
146 return $self->{login_info};
149 =head2 verify_session
151 Usage: $login->verify_session($user_type)
152 Desc: checks whether a user is logged in currently and
153 is of the minimum user type $user_type.
154 user types have the following precedence:
155 user < submitter < sequencer < curator
156 Ret: the person_id, if a session exists
157 Args: a minimum user type required to access the page
158 Side Effects: redirects the website to the login page if no login
159 is currently defined.
160 Example:
162 =cut
164 sub verify_session {
165 my $self = shift;
166 my ($user_must_be_type) = @_;
167 my ( $person_id, $user_type ) = $self->has_session();
168 if ($person_id) { #if they have a session
169 if ($user_must_be_type)
170 { #if there is a type that they must be to view this page
172 if ( $user_must_be_type ne $user_type )
173 { #if they are not the required type, send them away
175 return;;
179 else { #else they do not have a session, so send them away
181 return;
183 if (wantarray)
184 { #if they are trying to get both pieces of info, give it to them, in array context
186 return ( $person_id, $user_type );
188 else { #else they just care about the login id
190 return $person_id;
194 =head2 has_session ()
196 if the user is not logged in, the return value is false;
197 else it's the person ID if in scalar context, or (person ID, user type) in array context
199 =cut
201 sub has_session {
202 my $self = shift;
204 #if people are not allowed to be logged in, return
205 if ( !$self->login_allowed() ) {
206 return;
209 my $cookie = $self->get_login_cookie();
211 #if they have no cookie, they are not logged in
212 unless ($cookie) {
213 return;
216 my ( $person_id, $user_type, $user_prefs, $expired ) =
217 $self->query_from_cookie($cookie);
219 #if cookie string is not found, they are not logged in
220 unless ( $person_id and $user_type ) {
221 return;
224 #if their cookie is good but their timestamp is old, they are not logged in
225 if ($expired) {
226 return;
229 ################################
230 # Ok, they are logged in! yay! #
231 ################################
233 $self->{login_info}->{person_id} = $person_id;
234 $self->{login_info}->{cookie_string} = $cookie;
235 $self->{login_info}->{user_type} = $user_type;
236 $self->{login_info}->{user_prefs} = $user_prefs;
237 $self->update_timestamp();
239 #if they are trying to get both pieces of info, give it to them, in array context
240 if (wantarray) {
241 return ( $person_id, $user_type );
244 #or they just care about the login id
245 else {
246 return $person_id;
250 sub query_from_cookie {
251 my $self = shift;
252 my $cookie_string = shift;
254 my $sth = $self->get_sql("user_from_cookie");
255 return undef unless $sth;
256 if ( !$sth->execute( $LOGIN_TIMEOUT, $cookie_string ) ) {
257 print STDERR "Cookie Query Error: " . $DBH->errstr;
258 return undef;
260 my @result = $sth->fetchrow_array();
262 return undef unless scalar(@result);
264 #if TWO rows are found with the SAME cookie_string, scream!
265 if ( scalar(@result) && $sth->fetchrow_array() ) {
267 "Duplicate cookie_string entries found for cookie string '$cookie_string'";
270 #Return info, or just the person_id, depending on array/scalar context of function
271 if (wantarray) {
272 return @result;
274 else {
275 return $result[0];
279 sub login_allowed {
280 my $self = shift;
282 #conditions for allowing logins:
284 # 1. configuration 'disable_login' must be 0 or undef
285 # 2. configuration 'is_mirror' must be 0 or undef
286 # 3. configuration 'dbname' must not be 'sandbox' if configuration 'production_server' is 1
287 # -- the reason for this is that if users can log in, they must be able to log in to the REAL database,
288 # not some mirror or some sandbox, because logged-in users can CHANGE data in the database and we
289 # don't want to lose or ignore those changes.
290 if (
291 !$self->{conf_object}->get_conf('disable_login')
292 and !$self->{conf_object}->get_conf('is_mirror')
294 #we haven't decided whether it's a good idea to comment this next line by default -- Evan
295 and !(
296 $self->{conf_object}->get_conf('dbname') =~ /sandbox/
297 and $self->{conf_object}->get_conf('production_server')
301 return 1;
303 else {
304 return 0;
308 =head2 login_user
310 Usage: $login->login_user($username, $password);
311 Desc:
312 Ret:
313 Args:
314 Side Effects:
315 Example:
317 =cut
319 sub login_user {
320 my $self = shift;
321 my ( $username, $password ) = @_;
322 my $login_info
323 ; #information about whether login succeeded, and if not, why not
324 if ( $self->login_allowed() ) {
325 my $sth = $self->get_sql("user_from_uname_pass");
327 print STDERR "NOW LOGGING IN USER $username\n";
328 my $num_rows = $sth->execute( $username, $password );
330 my ( $person_id, $disabled, $user_prefs, $first_name, $last_name ) = $sth->fetchrow_array();
332 print STDERR "FOUND: $person_id\n";
333 if ( $num_rows > 1 ) {
334 die "Duplicate entries found for username '$username'";
336 if ($disabled) {
337 $login_info->{account_disabled} = $disabled;
339 else {
340 $login_info->{user_prefs} = $user_prefs;
341 if ($person_id) {
342 my $new_cookie_string =
343 String::Random->new()
344 ->randpattern(
345 "ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
347 $sth = $self->get_sql("cookie_string_exists");
348 $sth->execute($new_cookie_string);
349 if ( $sth->fetchrow_array()
350 ) #very unlikely--or we need a new random string generator
352 $login_info->{duplicate_cookie_string} = 1;
354 else {
355 $sth = $self->get_sql("login");
356 $sth->execute( $new_cookie_string, $person_id );
357 CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME,
358 $new_cookie_string );
359 CXGN::Cookie::set_cookie( "user_prefs", $user_prefs );
360 $login_info->{person_id} = $person_id;
361 $login_info->{first_name} = $first_name;
362 $login_info->{last_name} = $last_name;
363 $login_info->{cookie_string} = $new_cookie_string;
366 else {
367 $login_info->{incorrect_password} = 1;
371 else {
372 $login_info->{logins_disabled} = 1;
374 $self->{login_info} = $login_info;
375 return $login_info;
378 =head2 function logout_user()
380 Usage: $login->logout_user();
381 Desc: log out the current logged in user
382 Ret: nothing
383 Args: none
384 Side Effects: resets the cookie to empty
385 Example:
387 =cut
389 sub logout_user {
390 my $self = shift;
391 my $cookie = $self->get_login_cookie();
392 if ($cookie) {
393 my $sth = $self->get_sql("logout");
394 $sth->execute($cookie);
395 CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME, "" );
399 =head2 update_timestamp
401 Usage: $login->update_timestamp();
402 Desc: updates the timestamp, such that users don't
403 get logged out when they are active on the site.
404 Ret: nothing
405 Args: none
406 Side Effects: accesses the database to change the timeout status.
407 Example:
409 =cut
411 sub update_timestamp {
412 my $self = shift;
413 my $cookie = $self->get_login_cookie();
414 if ($cookie) {
415 my $sth = $self->get_sql("refresh_cookie");
416 $sth->execute($cookie);
420 =head2 get_login_cookie
422 Usage: my $cookie = $login->get_login_cookie();
423 Desc: returns the cookie for the current login
424 Args: none
425 Side Effects:
426 Example:
428 =cut
430 sub get_login_cookie {
431 my $self = shift;
432 return CXGN::Cookie::get_cookie($LOGIN_COOKIE_NAME);
435 =head2 login_page_and_exit
436 ##DEPRECATED: redirect should happen in a catalyst controller, not in an object like CXGN::Login
438 Usage: $login->login_page_and_exit();
439 Desc: redirects to the login page.
440 Ret:
441 Args:
442 Side Effects:
443 Example:
445 =cut
447 #sub login_page_and_exit {
448 # my $self = shift;
449 #CGI redirect crashes server when used from a catalyst controller.
450 #Redirecting should happen in controller, not in an object like CXGN::Login
451 #print CGI->new->redirect( -uri => $LOGIN_PAGE, -status => 302 );
452 #exit;
456 ### helper function. SQL should probably be moved to the CXGN::People::Login class
459 sub set_sql {
460 my $self = shift;
462 $self->{queries} = {
464 user_from_cookie => #send: session_time_in_secs, cookiestring
466 " SELECT
467 sp_person_id,
468 sgn_people.sp_roles.name as user_type,
469 user_prefs,
470 extract (epoch FROM current_timestamp-last_access_time)>? AS expired
471 FROM
472 sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) join sgn_people.sp_roles using(sp_role_id)
473 WHERE
474 cookie_string=?
475 ORDER BY sp_role_id
476 LIMIT 1",
478 user_from_uname_pass =>
480 " SELECT
481 sp_person_id, disabled, user_prefs, first_name, last_name
482 FROM
483 sgn_people.sp_person
484 WHERE
485 UPPER(username)=UPPER(?)
486 AND (sp_person.password = crypt(?, sp_person.password))",
488 cookie_string_exists =>
490 " SELECT
491 cookie_string
492 FROM
493 sgn_people.sp_person
494 WHERE
495 cookie_string=?",
497 login => #send: cookie_string, sp_person_id
499 " UPDATE
500 sgn_people.sp_person
501 SET
502 cookie_string=?,
503 last_access_time=current_timestamp
504 WHERE
505 sp_person_id=?",
507 logout => #send: cookie_string
509 " UPDATE
510 sgn_people.sp_person
511 SET
512 cookie_string=null,
513 last_access_time=current_timestamp
514 WHERE
515 cookie_string=?",
517 refresh_cookie => #send: cookie_string (updates the timestamp)
519 " UPDATE
520 sgn_people.sp_person
521 SET
522 last_access_time=current_timestamp
523 WHERE
524 cookie_string=?",
526 stats_aggregate => #send: session_timeout_in_secs (gets aggregate login data)
528 " SELECT
529 sp_roles.name, count(*)
530 FROM
531 sgn_people.sp_person
532 JOIN sgn_people.sp_person_roles USING(sp_person_id)
533 JOIN sgn_people.sp_roles USING(sp_role_id)
535 WHERE
536 last_access_time IS NOT NULL
537 AND cookie_string IS NOT NULL
538 AND extract(epoch from now()-last_access_time)<?
539 GROUP BY
540 sp_roles.name",
542 stats_private => #send: session_timeout_in_secs (gets all logged-in users)
544 " SELECT
545 sp_roles.name as user_type, username, contact_email
546 FROM
547 sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) JOIN sgn_people.sp_roles using (sp_role_id)
548 WHERE
549 last_access_time IS NOT NULL
550 AND cookie_string IS NOT NULL
551 AND extract(epoch from now()-last_access_time)<?",
555 while ( my ( $name, $sql ) = each %{ $self->{queries} } ) {
556 $self->{query_handles}->{$name} = $self->get_dbh()->prepare($sql);
561 sub get_sql {
562 my $self = shift;
563 my $name = shift;
564 return $self->{query_handles}->{$name};
568 1; #do not remove