Changeset 2547
- Timestamp:
- 02/18/08 13:34:17 (11 months ago)
- Files:
-
- trunk/bknr/web/src/web/authorizer.lisp (modified) (1 diff)
- trunk/bknr/web/src/web/handlers.lisp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/bknr/web/src/web/authorizer.lisp
r2497 r2547 28 28 (format s "Login failed")))) 29 29 30 (defun find-user-from-request-parameters () 31 (with-query-params (__username __password) 32 (unless (and __username __password 33 (not (equal __username "")) 34 (not (equal __password ""))) 35 (return-from find-user-from-request-parameters nil)) 36 (let ((user (find-user __username))) 30 (defgeneric find-user-from-request-parameters ((authorizer authorizer)) 31 (:documentation "Return the user that is associated with the current 32 request or NIL.") 33 (:method ((authorizer bknr-authorizer)) 34 (with-query-params (__username __password) 35 (unless (and __username __password 36 (not (equal __username "")) 37 (not (equal __password ""))) 38 (return-from find-user-from-request-parameters nil)) 39 (let ((user (find-user __username))) 37 40 (when (and user 38 41 (not (user-disabled user)) 39 42 (verify-password user __password)) 40 43 (return-from find-user-from-request-parameters user))) 41 (error 'login-failure)))44 (error 'login-failure)))) 42 45 43 46 (defmethod authorize ((authorizer bknr-authorizer)) trunk/bknr/web/src/web/handlers.lisp
r2522 r2547 284 284 "Ensure that the BKNR-SESSION session variable is set and that it 285 285 belongs to the user that is specified in the request." 286 (let ((request-user (find-user-from-request-parameters )))286 (let ((request-user (find-user-from-request-parameters (website-authorizer *website*)))) 287 287 (unless (and (session-value 'bknr-session) 288 (equal (bknr-session-user) 289 (find-user-from-request-parameters))) 288 (eq (bknr-session-user) request-user)) 290 289 (setf (session-value 'bknr-session) 291 290 (make-instance 'bknr-session :user (or request-user
