search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add blocksdesign R code
[sgn.git] / lib / CXGN / Login.pm
blob93b01aba31564695d6800e47b2a57020f70c0ba6
1
2 =head1 NAME
3
4 CXGN::Login - deal with browser site login
5
6 =head1 DESCRIPTION
7
8 This is an object which handles logging users in and out of our sites.
9
10 This class inherits from L<CXGN::DB::Object>.
11
12 =head1 EXAMPLES
13
14 #example 1
15 #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
16 #if they are logged in, you will get their person id and your code will continue to execute.
17 my $person_id=CXGN::Login->new()->verify_session();
18
19 #example 2
20 #kick user out if they are not logged in. if they are not logged in, your code will exit here and they will be sent to the login page.
21 #if they are logged in, you will get their person id and user type and your code will continue to execute.
22 my($person_id,$user_type)=CXGN::Login->new($dbh)->verify_session();
23
24 #example 3
25 #let everyone view this page, but if they are logged in, get their person id so you can give them a customized page. your code will
26 #continue execution after this line no matter what.
27 my $person_id=CXGN::Login->new($dbh)->has_session();
28
29 #example 4
30 #let everyone view this page, but if they are logged in, get their person id and user type so you can give them a customized page.
31 #your code will continue execution after this line no matter what.
32 my($person_id,$user_type)=CXGN::Login->new($dbh)->has_session();
33
34 =head1 AUTHOR
35
36 John Binns <zombieite@gmail.com>
37
38 =cut
39
40 package CXGN::Login;
41 use strict;
42 use warnings;
43
44 use Digest::MD5 qw(md5);
45 use String::Random;
46 use CXGN::Cookie;
47
48 use CatalystX::GlobalContext '$c';
49
50 use base qw | CXGN::DB::Object |;
51
52 our $LOGIN_COOKIE_NAME = 'sgn_session_id';
53 our $LOGIN_PAGE = '/user/login';
54 our $LOGIN_TIMEOUT = 7200; #seconds for login to timeout
55 our $DBH;
56 our $EXCHANGE_DBH = 1;
57
58 =head2 constructor new()
59
60 Usage: my $login = CXGN::Login->new($dbh)
61 Desc: creates a new login object
62 Ret:
63 Args: a database handle
64 Side Effects: connects to database
65 Example:
66
67 =cut
68
69 sub new {
70 my $class = shift;
71 my $dbh = shift;
72 my $self = $class->SUPER::new($dbh);
73 $self->set_sql()
74 ; #### This SQL should really be in the CXGN::People::Person object!
75
76 foreach (@_) {
77 if ( ref($_) eq "HASH" ) {
78
79 #Process hash args here
80 $self->{no_redirect} = $_->{NO_REDIRECT};
81 last;
82 }
83 }
84 $self->{conf_object} = $c || do{ require SGN::Context; SGN::Context->new };
85 return $self;
86 }
87
88 =head2 get_login_status
89
90 Usage: my %logged_in_status = $login -> get_login_status();
91 Desc: a member function. This was changed on 5/1/2009.
92 Ret: a hash with user_type as a key and count of logins as a value
93 Args: none
94 Side Effects: accesses the database
95 Example:
96
97 =cut
98
99 sub get_login_status {
100 my $self = shift;
101
102 my $sth = $self->get_sql("stats_aggregate");
103 $sth->execute($LOGIN_TIMEOUT);
104
105 my %logins = ();
106 while ( my ( $user_type, $count ) = $sth->fetchrow_array() ) {
107 $logins{$user_type} = $count;
108 }
109 if ( !$logins{curator} ) { $logins{curator} = "none"; }
110 if ( !$logins{submitter} ) { $logins{submitter} = "none"; }
111 if ( !$logins{user} ) { $logins{user} = "none"; }
112
113 $sth = $self->get_sql("stats_private");
114 $sth->execute($LOGIN_TIMEOUT);
115
116 $logins{detailed} = {};
117 while ( my ( $user_type, $username, $contact_email ) =
118 $sth->fetchrow_array() )
119 {
120 $logins{detailed}->{$user_type}->{$username}->{contact_email} =
121 $contact_email;
122 }
123
124 if (wantarray) {
125 return %logins;
126 }
127 else {
128 return \%logins;
129 }
130 }
131
132 =head2 get_login_info
133
134 Usage: $login->get_login_info()
135 Desc:
136 Ret:
137 Args:
138 Side Effects:
139 Example:
140
141 =cut
142
143 sub get_login_info {
144 my $self = shift;
145 return $self->{login_info};
146 }
147
148 =head2 verify_session
149
150 Usage: $login->verify_session($user_type)
151 Desc: checks whether a user is logged in currently and
152 is of the minimum user type $user_type.
153 user types have the following precedence:
154 user < submitter < sequencer < curator
155 Ret: the person_id, if a session exists
156 Args: a minimum user type required to access the page
157 Side Effects: redirects the website to the login page if no login
158 is currently defined.
159 Example:
160
161 =cut
162
163 sub verify_session {
164 my $self = shift;
165 my ($user_must_be_type) = @_;
166 my ( $person_id, $user_type ) = $self->has_session();
167 if ($person_id) { #if they have a session
168 if ($user_must_be_type)
169 { #if there is a type that they must be to view this page
170
171 if ( $user_must_be_type ne $user_type )
172 { #if they are not the required type, send them away
173
174 return;;
175 }
176 }
177 }
178 else { #else they do not have a session, so send them away
179
180 return;
181 }
182 if (wantarray)
183 { #if they are trying to get both pieces of info, give it to them, in array context
184
185 return ( $person_id, $user_type );
186 }
187 else { #else they just care about the login id
188
189 return $person_id;
190 }
191 }
192
193 =head2 has_session ()
194
195 if the user is not logged in, the return value is false;
196 else it's the person ID if in scalar context, or (person ID, user type) in array context
197
198 =cut
199
200 sub has_session {
201 my $self = shift;
202
203 #if people are not allowed to be logged in, return
204 if ( !$self->login_allowed() ) {
205 return;
206 }
207
208 my $cookie = $self->get_login_cookie();
209
210 #if they have no cookie, they are not logged in
211 unless ($cookie) {
212 return;
213 }
214
215 my ( $person_id, $user_type, $user_prefs, $expired ) =
216 $self->query_from_cookie($cookie);
217
218 #if cookie string is not found, they are not logged in
219 unless ( $person_id and $user_type ) {
220 return;
221 }
222
223 #if their cookie is good but their timestamp is old, they are not logged in
224 if ($expired) {
225 return;
226 }
227
228 ################################
229 # Ok, they are logged in! yay! #
230 ################################
231
232 $self->{login_info}->{person_id} = $person_id;
233 $self->{login_info}->{cookie_string} = $cookie;
234 $self->{login_info}->{user_type} = $user_type;
235 $self->{login_info}->{user_prefs} = $user_prefs;
236 $self->update_timestamp();
237
238 #if they are trying to get both pieces of info, give it to them, in array context
239 if (wantarray) {
240 return ( $person_id, $user_type );
241 }
242
243 #or they just care about the login id
244 else {
245 return $person_id;
246 }
247 }
248
249 sub query_from_cookie {
250 my $self = shift;
251 my $cookie_string = shift;
252
253 my $sth = $self->get_sql("user_from_cookie");
254 return undef unless $sth;
255 if ( !$sth->execute( $LOGIN_TIMEOUT, $cookie_string ) ) {
256 print STDERR "Cookie Query Error: " . $DBH->errstr;
257 return undef;
258 }
259 my @result = $sth->fetchrow_array();
260
261 return undef unless scalar(@result);
262
263 #if TWO rows are found with the SAME cookie_string, scream!
264 if ( scalar(@result) && $sth->fetchrow_array() ) {
265 die
266 "Duplicate cookie_string entries found for cookie string '$cookie_string'";
267 }
268
269 #Return info, or just the person_id, depending on array/scalar context of function
270 if (wantarray) {
271 return @result;
272 }
273 else {
274 return $result[0];
275 }
276 }
277
278 sub login_allowed {
279 my $self = shift;
280
281 #conditions for allowing logins:
282 #
283 # 1. configuration 'disable_login' must be 0 or undef
284 # 2. configuration 'is_mirror' must be 0 or undef
285 # 3. configuration 'dbname' must not be 'sandbox' if configuration 'production_server' is 1
286 # -- the reason for this is that if users can log in, they must be able to log in to the REAL database,
287 # not some mirror or some sandbox, because logged-in users can CHANGE data in the database and we
288 # don't want to lose or ignore those changes.
289 if (
290 !$self->{conf_object}->get_conf('disable_login')
291 and !$self->{conf_object}->get_conf('is_mirror')
292
293 #we haven't decided whether it's a good idea to comment this next line by default -- Evan
294 and !(
295 $self->{conf_object}->get_conf('dbname') =~ /sandbox/
296 and $self->{conf_object}->get_conf('production_server')
297 )
298 )
299 {
300 return 1;
301 }
302 else {
303 print STDERR "Login is disabled if dbname contains 'sandbox' and production_server is set to 1\n";
304 return 0;
305 }
306 }
307
308 =head2 login_user
309
310 Usage: $login->login_user($username, $password);
311 Desc:
312 Ret:
313 Args:
314 Side Effects:
315 Example:
316
317 =cut
318
319 sub login_user {
320 my $self = shift;
321 my ( $username, $password ) = @_;
322 my $login_info
323 ; #information about whether login succeeded, and if not, why not
324 if ( $self->login_allowed() ) {
325 my $sth = $self->get_sql("user_from_uname_pass");
326
327 print STDERR "NOW LOGGING IN USER $username\n";
328 my $num_rows = $sth->execute( $username, $password );
329
330 my ( $person_id, $disabled, $user_prefs, $first_name, $last_name ) = $sth->fetchrow_array();
331
332 print STDERR "FOUND: $person_id\n";
333 if ( $num_rows > 1 ) {
334 die "Duplicate entries found for username '$username'";
335 }
336 if ($disabled) {
337 $login_info->{account_disabled} = $disabled;
338 }
339
340 else {
341 $login_info->{user_prefs} = $user_prefs;
342 if ($person_id) {
343 my $new_cookie_string =
344 String::Random->new()
345 ->randpattern(
346 "ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
347 );
348 $sth = $self->get_sql("cookie_string_exists");
349 $sth->execute($new_cookie_string);
350 if ( $sth->fetchrow_array()
351 ) #very unlikely--or we need a new random string generator
352 {
353 $login_info->{duplicate_cookie_string} = 1;
354 }
355 else {
356 $sth = $self->get_sql("login");
357 $sth->execute( $new_cookie_string, $person_id );
358 CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME,
359 $new_cookie_string );
360 CXGN::Cookie::set_cookie( "user_prefs", $user_prefs );
361 $login_info->{person_id} = $person_id;
362 $login_info->{first_name} = $first_name;
363 $login_info->{last_name} = $last_name;
364 $login_info->{cookie_string} = $new_cookie_string;
365 }
366 }
367 else {
368 $login_info->{incorrect_password} = 1;
369 }
370 }
371 }
372 else {
373 $login_info->{logins_disabled} = 1;
374 }
375 $self->{login_info} = $login_info;
376 return $login_info;
377 }
378
379 =head2 function logout_user()
380
381 Usage: $login->logout_user();
382 Desc: log out the current logged in user
383 Ret: nothing
384 Args: none
385 Side Effects: resets the cookie to empty
386 Example:
387
388 =cut
389
390 sub logout_user {
391 my $self = shift;
392 my $cookie = $self->get_login_cookie();
393 if ($cookie) {
394 my $sth = $self->get_sql("logout");
395 $sth->execute($cookie);
396 CXGN::Cookie::set_cookie( $LOGIN_COOKIE_NAME, "" );
397 }
398 }
399
400 =head2 update_timestamp
401
402 Usage: $login->update_timestamp();
403 Desc: updates the timestamp, such that users don't
404 get logged out when they are active on the site.
405 Ret: nothing
406 Args: none
407 Side Effects: accesses the database to change the timeout status.
408 Example:
409
410 =cut
411
412 sub update_timestamp {
413 my $self = shift;
414 my $cookie = $self->get_login_cookie();
415 if ($cookie) {
416 my $sth = $self->get_sql("refresh_cookie");
417 $sth->execute($cookie);
418 }
419 }
420
421 =head2 get_login_cookie
422
423 Usage: my $cookie = $login->get_login_cookie();
424 Desc: returns the cookie for the current login
425 Args: none
426 Side Effects:
427 Example:
428
429 =cut
430
431 sub get_login_cookie {
432 my $self = shift;
433 return CXGN::Cookie::get_cookie($LOGIN_COOKIE_NAME);
434 }
435
436 =head2 login_page_and_exit
437 ##DEPRECATED: redirect should happen in a catalyst controller, not in an object like CXGN::Login
438
439 Usage: $login->login_page_and_exit();
440 Desc: redirects to the login page.
441 Ret:
442 Args:
443 Side Effects:
444 Example:
445
446 =cut
447
448 #sub login_page_and_exit {
449 # my $self = shift;
450 #CGI redirect crashes server when used from a catalyst controller.
451 #Redirecting should happen in controller, not in an object like CXGN::Login
452 #print CGI->new->redirect( -uri => $LOGIN_PAGE, -status => 302 );
453 #exit;
454 #}
455
456 ###
457 ### helper function. SQL should probably be moved to the CXGN::People::Login class
458 ###
459
460 sub set_sql {
461 my $self = shift;
462
463 $self->{queries} = {
464
465 user_from_cookie => #send: session_time_in_secs, cookiestring
466
467 " SELECT
468 sp_token.sp_person_id,
469 sgn_people.sp_roles.name as user_type,
470 user_prefs,
471 extract (epoch FROM current_timestamp-sp_token.last_access_time)>? AS expired
472 FROM
473 sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) join sgn_people.sp_roles using(sp_role_id) JOIN sgn_people.sp_token on(sgn_people.sp_person.sp_person_id = sgn_people.sp_token.sp_person_id)
474 WHERE
475 sp_token.cookie_string=?
476 ORDER BY sp_role_id
477 LIMIT 1",
478
479 user_from_uname_pass =>
480
481 " SELECT
482 sp_person_id, disabled, user_prefs, first_name, last_name
483 FROM
484 sgn_people.sp_person
485 WHERE
486 UPPER(username)=UPPER(?)
487 AND (sp_person.password = crypt(?, sp_person.password))",
488
489 cookie_string_exists =>
490
491 " SELECT
492 sgn_people.sp_token.cookie_string
493 FROM
494 sgn_people.sp_person JOIN sgn_people.sp_token using(sp_person_id)
495 WHERE
496 sp_token.cookie_string=?",
497
498 login => #send: cookie_string, sp_person_id
499
500 " INSERT INTO
501 sgn_people.sp_token(cookie_string, sp_person_id, last_access_time)
502 VALUES (
503 ?,
504 ?,
505 current_timestamp
506 )",
507
508
509 logout => #send: cookie_string
510
511 " UPDATE
512 sgn_people.sp_token
513 SET
514 cookie_string=null,
515 last_access_time=current_timestamp
516 WHERE
517 cookie_string=?",
518
519 refresh_cookie => #send: cookie_string (updates the timestamp)
520
521 " UPDATE
522 sgn_people.sp_token
523 SET
524 last_access_time=current_timestamp
525 WHERE
526 cookie_string=?",
527
528 stats_aggregate => #send: session_timeout_in_secs (gets aggregate login data)
529
530 " SELECT
531 sp_roles.name, count(*)
532 FROM
533 sgn_people.sp_person
534 JOIN sgn_people.sp_person_roles USING(sp_person_id)
535 JOIN sgn_people.sp_roles USING(sp_role_id)
536 JOIN sgn_people.sp_token on(sgn_people.sp_person.sp_person_id=sgn_people.sp_token.sp_person_id)
537
538 WHERE
539 sp_token.last_access_time IS NOT NULL
540 AND sp_token.cookie_string IS NOT NULL
541 AND extract(epoch from now()-sp_token.last_access_time)<?
542 GROUP BY
543 sp_roles.name",
544
545 stats_private => #send: session_timeout_in_secs (gets all logged-in users)
546
547 " SELECT
548 sp_roles.name as user_type, username, contact_email
549 FROM
550 sgn_people.sp_person JOIN sgn_people.sp_person_roles using(sp_person_id) JOIN sgn_people.sp_roles using (sp_role_id) JOIN sgn_people.sp_token on (sgn_people.sp_person.sp_person_id=sgn_people.sp_token.sp_person_id)
551 WHERE
552 sp_token.last_access_time IS NOT NULL
553 AND sp_token.cookie_string IS NOT NULL
554 AND extract(epoch from now()-sp_token.last_access_time)<?",
555
556 };
557
558 while ( my ( $name, $sql ) = each %{ $self->{queries} } ) {
559 $self->{query_handles}->{$name} = $self->get_dbh()->prepare($sql);
560 }
561
562 }
563
564 sub get_sql {
565 my $self = shift;
566 my $name = shift;
567 return $self->{query_handles}->{$name};
568 }
569
570 ###
571 1; #do not remove
572 ###
573
Sol Genomics Network