search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add trial design store subclasses.
[sgn.git] / lib / CXGN / Login.pm
blobbbcbee1dc0bb54918f51385dd245263debef5007
1
2 =head1 NAME
3
4 CXGN::Login - deal with browser site login
5
6 =head1 DESCRIPTION
7
8 This is an object which handles logging users in and out of our sites.
9
10 This class inherits from L<CXGN::DB::Object>.
11
12 =head1 EXAMPLES
13
14 #example 1
15 #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
16 #if they are logged in, you will get their person id and your code will continue to execute.
17 my $person_id=CXGN::Login->new()->verify_session();
18
19 #example 2
20 #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
21 #if they are logged in, you will get their person id and user type and your code will continue to execute.
22 my($person_id,$user_type)=CXGN::Login->new($dbh)->verify_session();
23
24 #example 3
25 #let everyone view this page, but if they are logged in, get their person id so you can give them a customized page. your code will
26 #continue execution after this line no matter what.
27 my $person_id=CXGN::Login->new($dbh)->has_session();
28
29 #example 4
30 #let everyone view this page, but if they are logged in, get their person id and user type so you can give them a customized page.
31 #your code will continue execution after this line no matter what.
32 my($person_id,$user_type)=CXGN::Login->new($dbh)->has_session();
33
34 =head1 AUTHOR
35
36 John Binns <zombieite@gmail.com>
37
38 =cut
39
40 package CXGN::Login;
41 use strict;
42 use warnings;
43
44 use Digest::MD5 qw(md5);
45 use String::Random;
46
47 use CXGN::Cookie;
48
49 use CatalystX::GlobalContext '$c';
50
51 use base qw | CXGN::DB::Object |;
52
53 our $LOGIN_COOKIE_NAME = 'sgn_session_id';
54 our $LOGIN_PAGE = '/user/login';
55 our $LOGIN_TIMEOUT = 7200; #seconds for login to timeout
56 our $DBH;
57 our $EXCHANGE_DBH = 1;
58
59 =head2 constructor new()
60
61 Usage: my $login = CXGN::Login->new($dbh)
62 Desc: creates a new login object
63 Ret:
64 Args: a database handle
65 Side Effects: connects to database
66 Example:
67
68 =cut
69
70 sub new {
71 my $class = shift;
72 my $dbh = shift;
73 my $self = $class->SUPER::new($dbh);
74 $self->set_sql()
75 ; #### This SQL should really be in the CXGN::People::Person object!
76
77 foreach (@_) {
78 if ( ref($_) eq "HASH" ) {
79
80 #Process hash args here
81 $self->{no_redirect} = $_->{NO_REDIRECT};
82 last;
83 }
84 }
85 $self->{conf_object} = $c || do{ require SGN::Context; SGN::Context->new };
86 return $self;
87 }
88
89 =head2 get_login_status
90
91 Usage: my %logged_in_status = $login -> get_login_status();
92 Desc: a member function. This was changed on 5/1/2009.
93 Ret: a hash with user_type as a key and count of logins as a value
94 Args: none
95 Side Effects: accesses the database
96 Example:
97
98 =cut
99
100 sub get_login_status {
101 my $self = shift;
102
103 my $sth = $self->get_sql("stats_aggregate");
104 $sth->execute($LOGIN_TIMEOUT);
105
106 my %logins = ();
107 while ( my ( $user_type, $count ) = $sth->fetchrow_array() ) {
108 $logins{$user_type} = $count;
109 }
110 if ( !$logins{curator} ) { $logins{curator} = "none"; }
111 if ( !$logins{submitter} ) { $logins{submitter} = "none"; }
112 if ( !$logins{user} ) { $logins{user} = "none"; }
113
114 $sth = $self->get_sql("stats_private");
115 $sth->execute($LOGIN_TIMEOUT);
116
117 $logins{detailed} = {};
118 while ( my ( $user_type, $username, $contact_email ) =
119 $sth->fetchrow_array() )
120 {
121 $logins{detailed}->{$user_type}->{$username}->{contact_email} =
122 $contact_email;
123 }
124
125 if (wantarray) {
126 return %logins;
127 }
128 else {
129 return \%logins;
130 }
131 }
132
133 =head2 get_login_info
134
135 Usage: $login->get_login_info()
136 Desc:
137 Ret:
138 Args:
139 Side Effects:
140 Example:
141
142 =cut
143
144 sub get_login_info {
145 my $self = shift;
146 return $self->{login_info};
147 }
148
149 =head2 verify_session
150
151 Usage: $login->verify_session($user_type)
152 Desc: checks whether a user is logged in currently and
153 is of the minimum user type $user_type.
154 user types have the following precedence:
155 user < submitter < sequencer < curator
156 Ret: the person_id, if a session exists
157 Args: a minimum user type required to access the page
158 Side Effects: redirects the website to the login page if no login
159 is currently defined.
160 Example:
161
162 =cut
163
164 sub verify_session {
165 my $self = shift;
166 my ($user_must_be_type) = @_;
167 my ( $person_id, $user_type ) = $self->has_session();
168 if ($person_id) { #if they have a session
169 if ($user_must_be_type)
170 { #if there is a type that they must be to view this page
171
172 if ( $user_must_be_type ne $user_type )
173 { #if they are not the required type, send them away
174
175 return;;
176 }
177 }
178 }
179 else { #else they do not have a session, so send them away
180
181 return;
182 }
183 if (wantarray)
184 { #if they are trying to get both pieces of info, give it to them, in array context
185
186 return ( $person_id, $user_type );
187 }
188 else { #else they just care about the login id
189
190 return $person_id;
191 }
192 }
193
194 =head2 has_session ()
195
196 if the user is not logged in, the return value is false;
197 else it's the person ID if in scalar context, or (person ID, user type) in array context
198
199 =cut
200
201 sub has_session {
202 my $self = shift;
203
204 #if people are not allowed to be logged in, return
205 if ( !$self->login_allowed() ) {
206 return;
207 }
208
209 my $cookie = $self->get_login_cookie();
210
211 #if they have no cookie, they are not logged in
212 unless ($cookie) {
213 return;
214 }
215
216 my ( $person_id, $user_type, $user_prefs, $expired ) =
217 $self->query_from_cookie($cookie);
218
219 #if cookie string is not found, they are not logged in
220 unless ( $person_id and $user_type ) {
221 return;
222 }
223
224 #if their cookie is good but their timestamp is old, they are not logged in
225 if ($expired) {
226 return;
227 }
228
229 ################################
230 # Ok, they are logged in! yay! #
231 ################################
232
233 $self->{login_info}->{person_id} = $person_id;
234 $self->{login_info}->{cookie_string} = $cookie;
235 $self->{login_info}->{user_type} = $user_type;
236 $self->{login_info}->{user_prefs} = $user_prefs;
237 $self->update_timestamp();
238
239 #if they are trying to get both pieces of info, give it to them, in array context
240 if (wantarray) {
241 return ( $person_id, $user_type );
242 }
243
244 #or they just care about the login id
245 else {
246 return $person_id;
247 }
248 }
249
250 sub query_from_cookie {
251 my $self = shift;
252 my $cookie_string = shift;
253
254 my $sth = $self->get_sql("user_from_cookie");
255 return undef unless $sth;
256 if ( !$sth->execute( $LOGIN_TIMEOUT, $cookie_string ) ) {
257 print STDERR "Cookie Query Error: " . $DBH->errstr;
258 return undef;
259 }
260 my @result = $sth->fetchrow_array();
261
262 return undef unless scalar(@result);
263
264 #if TWO rows are found with the SAME cookie_string, scream!
265 if ( scalar(@result) && $sth->fetchrow_array() ) {
266 die
267 "Duplicate cookie_string entries found for cookie string '$cookie_string'";
268 }
269
270 #Return info, or just the person_id, depending on array/scalar context of function
271 if (wantarray) {
272 return @result;
273 }
274 else {
275 return $result[0];
276 }
277 }
278
279 sub login_allowed {
280 my $self = shift;
281
282 #conditions for allowing logins:
283 #
284 # 1. configuration 'disable_login' must be 0 or undef
285 # 2. configuration 'is_mirror' must be 0 or undef
286 # 3. configuration 'dbname' must not be 'sandbox' if configuration 'production_server' is 1
287 # -- the reason for this is that if users can log in, they must be able to log in to the REAL database,
288 # not some mirror or some sandbox, because logged-in users can CHANGE data in the database and we
289 # don't want to lose or ignore those changes.
290 if (
291 !$self->{conf_object}->get_conf('disable_login')
292 and !$self->{conf_object}->get_conf('is_mirror')
293
294 #we haven't decided whether it's a good idea to comment this next line by default -- Evan
295 and !(
296 $self->{conf_object}->get_conf('dbname') =~ /sandbox/
297 and $self->{conf_object}->get_conf('production_server')
298 )
299 )
300 {
301 return 1;
302 }
303 else {
304 return 0;
305 }
306 }
307
308 =head2 login_user
309
310 Usage: $login->login_user($username, $password);
311 Desc:
312 Ret:
313 Args:
314 Side Effects:
315 Example:
316
317 =cut
318
319 sub login_user {
320 my $self = shift;
321 my ( $username, $password ) = @_;
322 my $login_info
323 ; #information about whether login succeeded, and if not, why not
324 if ( $self->login_allowed() ) {
325 my $sth = $self->get_sql("user_from_uname_pass");
326
327 print STDERR "NOW LOGGING IN USER $username\n";
328 my $num_rows = $sth->execute( $username, $password );
329
330 my ( $person_id, $disabled, $user_prefs, $first_name, $last_name ) = $sth->fetchrow_array();
331
332 print STDERR "FOUND: $person_id\n";
333 if ( $num_rows > 1 ) {
334 die "Duplicate entries found for username '$username'";
335 }
336 if ($disabled) {
337 $login_info->{account_disabled} = $disabled;
338 }
339 else {
340 $login_info->{user_prefs} = $user_prefs;
341 if ($person_id) {
342 my $new_cookie_string =
343 String::Random->new()
344 ->randpattern(
345 "ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
346 );
347 $sth = $self->get_sql("cookie_string_exists");
348 $sth->execute($new_cookie_string);
349 if ( $sth->fetchrow_array()
350 ) #very unlikely--or we need a new random string generator
351 {
352 $login_info->{duplicate_cookie_string} = 1;
353 }
354 else {
355 $sth = $self->get_sql("login");
356 $sth->execute( $new_cookie_string, $person_id );
357 CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME,
358 $new_cookie_string );
359 CXGN::Cookie::set_cookie( "user_prefs", $user_prefs );
360 $login_info->{person_id} = $person_id;
361 $login_info->{first_name} = $first_name;
362 $login_info->{last_name} = $last_name;
363 $login_info->{cookie_string} = $new_cookie_string;
364 }
365 }
366 else {
367 $login_info->{incorrect_password} = 1;
368 }
369 }
370 }
371 else {
372 $login_info->{logins_disabled} = 1;
373 }
374 $self->{login_info} = $login_info;
375 return $login_info;
376 }
377
378 =head2 function logout_user()
379
380 Usage: $login->logout_user();
381 Desc: log out the current logged in user
382 Ret: nothing
383 Args: none
384 Side Effects: resets the cookie to empty
385 Example:
386
387 =cut
388
389 sub logout_user {
390 my $self = shift;
391 my $cookie = $self->get_login_cookie();
392 if ($cookie) {
393 my $sth = $self->get_sql("logout");
394 $sth->execute($cookie);
395 CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME, "" );
396 }
397 }
398
399 =head2 update_timestamp
400
401 Usage: $login->update_timestamp();
402 Desc: updates the timestamp, such that users don't
403 get logged out when they are active on the site.
404 Ret: nothing
405 Args: none
406 Side Effects: accesses the database to change the timeout status.
407 Example:
408
409 =cut
410
411 sub update_timestamp {
412 my $self = shift;
413 my $cookie = $self->get_login_cookie();
414 if ($cookie) {
415 my $sth = $self->get_sql("refresh_cookie");
416 $sth->execute($cookie);
417 }
418 }
419
420 =head2 get_login_cookie
421
422 Usage: my $cookie = $login->get_login_cookie();
423 Desc: returns the cookie for the current login
424 Args: none
425 Side Effects:
426 Example:
427
428 =cut
429
430 sub get_login_cookie {
431 my $self = shift;
432 return CXGN::Cookie::get_cookie($LOGIN_COOKIE_NAME);
433 }
434
435 =head2 login_page_and_exit
436 ##DEPRECATED: redirect should happen in a catalyst controller, not in an object like CXGN::Login
437
438 Usage: $login->login_page_and_exit();
439 Desc: redirects to the login page.
440 Ret:
441 Args:
442 Side Effects:
443 Example:
444
445 =cut
446
447 #sub login_page_and_exit {
448 # my $self = shift;
449 #CGI redirect crashes server when used from a catalyst controller.
450 #Redirecting should happen in controller, not in an object like CXGN::Login
451 #print CGI->new->redirect( -uri => $LOGIN_PAGE, -status => 302 );
452 #exit;
453 #}
454
455 ###
456 ### helper function. SQL should probably be moved to the CXGN::People::Login class
457 ###
458
459 sub set_sql {
460 my $self = shift;
461
462 $self->{queries} = {
463
464 user_from_cookie => #send: session_time_in_secs, cookiestring
465
466 " SELECT
467 sp_person_id,
468 sgn_people.sp_roles.name as user_type,
469 user_prefs,
470 extract (epoch FROM current_timestamp-last_access_time)>? AS expired
471 FROM
472 sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) join sgn_people.sp_roles using(sp_role_id)
473 WHERE
474 cookie_string=?
475 ORDER BY sp_role_id
476 LIMIT 1",
477
478 user_from_uname_pass =>
479
480 " SELECT
481 sp_person_id, disabled, user_prefs, first_name, last_name
482 FROM
483 sgn_people.sp_person
484 WHERE
485 UPPER(username)=UPPER(?)
486 AND (sp_person.password = crypt(?, sp_person.password))",
487
488 cookie_string_exists =>
489
490 " SELECT
491 cookie_string
492 FROM
493 sgn_people.sp_person
494 WHERE
495 cookie_string=?",
496
497 login => #send: cookie_string, sp_person_id
498
499 " UPDATE
500 sgn_people.sp_person
501 SET
502 cookie_string=?,
503 last_access_time=current_timestamp
504 WHERE
505 sp_person_id=?",
506
507 logout => #send: cookie_string
508
509 " UPDATE
510 sgn_people.sp_person
511 SET
512 cookie_string=null,
513 last_access_time=current_timestamp
514 WHERE
515 cookie_string=?",
516
517 refresh_cookie => #send: cookie_string (updates the timestamp)
518
519 " UPDATE
520 sgn_people.sp_person
521 SET
522 last_access_time=current_timestamp
523 WHERE
524 cookie_string=?",
525
526 stats_aggregate => #send: session_timeout_in_secs (gets aggregate login data)
527
528 " SELECT
529 sp_roles.name, count(*)
530 FROM
531 sgn_people.sp_person
532 JOIN sgn_people.sp_person_roles USING(sp_person_id)
533 JOIN sgn_people.sp_roles USING(sp_role_id)
534
535 WHERE
536 last_access_time IS NOT NULL
537 AND cookie_string IS NOT NULL
538 AND extract(epoch from now()-last_access_time)<?
539 GROUP BY
540 sp_roles.name",
541
542 stats_private => #send: session_timeout_in_secs (gets all logged-in users)
543
544 " SELECT
545 sp_roles.name as user_type, username, contact_email
546 FROM
547 sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) JOIN sgn_people.sp_roles using (sp_role_id)
548 WHERE
549 last_access_time IS NOT NULL
550 AND cookie_string IS NOT NULL
551 AND extract(epoch from now()-last_access_time)<?",
552
553 };
554
555 while ( my ( $name, $sql ) = each %{ $self->{queries} } ) {
556 $self->{query_handles}->{$name} = $self->get_dbh()->prepare($sql);
557 }
558
559 }
560
561 sub get_sql {
562 my $self = shift;
563 my $name = shift;
564 return $self->{query_handles}->{$name};
565 }
566
567 ###
568 1; #do not remove
569 ###
570
Sol Genomics Network