Author: CrawfordCurrie Date: 2007-02-11 08:17:56 -0600 (Sun, 11 Feb 2007) New Revision: 12837 Modified: twiki/branches/MAIN/data/TWiki/TWikiUserAuthentication.txt twiki/branches/MAIN/lib/TWiki.spec twiki/branches/MAIN/lib/TWiki/Client.pm twiki/branches/MAIN/lib/TWiki/Client/TemplateLogin.pm twiki/branches/MAIN/twikiplugins/ClassicSkin/templates/login.classic.tmpl twiki/branches/MAIN/twikiplugins/PatternSkin/templates/login.pattern.tmpl Log: Item3250: Chad Parrys changes for remembering a user login, after a bit of filtering Modified: twiki/branches/MAIN/data/TWiki/TWikiUserAuthentication.txt =================================================================== --- twiki/branches/MAIN/data/TWiki/TWikiUserAuthentication.txt 2007-02-11 12:38:23 UTC (rev 12836) +++ twiki/branches/MAIN/data/TWiki/TWikiUserAuthentication.txt 2007-02-11 14:17:56 UTC (rev 12837) @@ -56,7 +56,7 @@ ---+++ Template Login (select =TWiki::Client::TemplateLogin= in configure) -Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. +Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser. ---++++ Enabling Template Login 1 Use the [[%SCRIPTURLPATH{"configure"}%][configure]] interface to Modified: twiki/branches/MAIN/lib/TWiki/Client/TemplateLogin.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Client/TemplateLogin.pm 2007-02-11 12:38:23 UTC (rev 12836) +++ twiki/branches/MAIN/lib/TWiki/Client/TemplateLogin.pm 2007-02-11 14:17:56 UTC (rev 12837) @@ -48,6 +48,9 @@ my $this = bless( $class->SUPER::new($session), $class ); $session->enterContext( 'can_login' ); + if ($TWiki::cfg{Sessions}{ExpireCookiesAfter}) { + $session->enterContext( 'can_remember_login' ); + } return $this; } @@ -90,6 +93,10 @@ script. If there is no username in the query or the username/password is invalid (validate returns non-zero) then it prompts again. +If a flag to remember the login has been passed in the query, then the +corresponding session variable will be set. This will result in the +login cookie being preserved across browser sessions. + The password handler is expected to return a perl true value if the password is valid. This return value is stored in a session variable called VALIDATION. This is so that password handlers can return extra information @@ -106,6 +113,7 @@ my $origurl = $query->param( 'origurl' ); my $loginName = $query->param( 'username' ); my $loginPass = $query->param( 'password' ); + my $remember = $query->param( 'remember' ); # Eat these so there's no risk of accidental passthrough $query->delete('origurl', 'username', 'password'); @@ -118,8 +126,9 @@ my $topic = $twiki->{topicName}; my $web = $twiki->{webName}; - my $cgisession = $this->{cgisession}; + my $cgisession = $this->{_cgisession}; + $cgisession->param( 'REMEMBER', $remember ) if $cgisession; if( $cgisession && $cgisession->param( 'AUTHUSER' ) && $loginName ne $cgisession->param( 'AUTHUSER' )) { $banner = $twiki->{templates}->expandTemplate( 'LOGGED_IN_BANNER' ); Modified: twiki/branches/MAIN/lib/TWiki/Client.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Client.pm 2007-02-11 12:38:23 UTC (rev 12836) +++ twiki/branches/MAIN/lib/TWiki/Client.pm 2007-02-11 14:17:56 UTC (rev 12837) @@ -561,6 +561,30 @@ $_[0] =~ s/%SKINSELECT%/$this->_skinSelect()/geo; } +# Push the standard cookie +sub _pushCookie { + my $this = shift; + + my $cookie = CGI::Cookie->new( -name => $CGI::Session::NAME, + -value => $this->{_cgisession}->id(), + -path => '/' ); + # An expiry time is only set if the session has the REMEMBER variable + # in it. This is to prevent accidentally remembering cookies with + # login managers where the authority is cached in the browser and + # *not* in the session. Otherwise another user might be able to login + # on the same machine and inherit the authorities of a prior user. + if ($TWiki::cfg{Sessions}{ExpireCookiesAfter} && + $this->getSessionValue( 'REMEMBER' )) { + my $exp = TWiki::Time::formatTime( + time() + $TWiki::cfg{Sessions}{ExpireCookiesAfter}, + '$dow, $day-$month-$ye $hours:$minutes:$seconds GMT'); + + $cookie->expires($exp); + } + + $this->addCookie( $cookie ); +} + =pod ---++ ObjectMethod addCookie($c) @@ -596,11 +620,7 @@ return if $TWiki::cfg{Sessions}{MapIP2SID}; my $query = $this->{twiki}->{cgiQuery}; - my $c = CGI::Cookie->new( -name => $CGI::Session::NAME, - -value => $this->{_cgisession}->id(), - -path => '/' ); - - push( @{$this->{_cookies}}, $c ); + $this->_pushCookie(); $hopts->{cookie} = $this->{_cookies}; } @@ -631,10 +651,7 @@ # # So this is just a big fat precaution, just like the rest of this # whole handler. - my $cookie = CGI::Cookie->new( -name => $CGI::Session::NAME, - -value => $this->{_cgisession}->id(), - -path => '/' ); - push( @{$this->{_cookies}}, $cookie ); + $this->_pushCookie(); } if( $TWiki::cfg{Sessions}{MapIP2SID} ) { Modified: twiki/branches/MAIN/lib/TWiki.spec =================================================================== --- twiki/branches/MAIN/lib/TWiki.spec 2007-02-11 12:38:23 UTC (rev 12836) +++ twiki/branches/MAIN/lib/TWiki.spec 2007-02-11 14:17:56 UTC (rev 12837) @@ -182,6 +182,19 @@ # <tt>tools/tick_twiki.pl</tt> includes this function. $TWiki::cfg{Sessions}{ExpireAfter} = 21600; +# **NUMBER EXPERT** +# *TemplateLogin only*. +# Normally the cookie that remembers a user session is set to expire +# when the browser exits, but using this value you can make the cookie +# expire after a set number of seconds instead. If you set it then +# users will be able to tick a 'Remember me' box when logging in, and +# their session cookie will be remembered even if the browser exits.<p /> +# This should always be the same as, or longer than, {Sessions}{ExpireAfter}, +# otherwise TWiki may delete the session from its memory even though the +# cookie is still active.<p /> +# A value of 0 will cause the cookie to expire when the browser exits. +$TWiki::cfg{Sessions}{ExpireCookiesAfter} = 0; + # **BOOLEAN EXPERT** # If you have persistent sessions enabled, then TWiki will use a cookie in # the browser to store the session ID. If the client has cookies disabled, Modified: twiki/branches/MAIN/twikiplugins/ClassicSkin/templates/login.classic.tmpl =================================================================== --- twiki/branches/MAIN/twikiplugins/ClassicSkin/templates/login.classic.tmpl 2007-02-11 12:38:23 UTC (rev 12836) +++ twiki/branches/MAIN/twikiplugins/ClassicSkin/templates/login.classic.tmpl 2007-02-11 14:17:56 UTC (rev 12837) @@ -7,6 +7,8 @@ %TMPL:DEF{"NEW_USER_NOTE"}%Enter a new username and password to change identity%TMPL:END% %TMPL:DEF{"UNRECOGNISED_USER"}%Unrecognised user and/or password.%TMPL:END% +%TMPL:DEF{"rememberbox"}%</td></tr><tr><td colspan='2'><input id='remember' name='remember' type='checkbox' value='1' /> <label for='remember'>%MAKETEXT{"Remember me"}%</label>%TMPL:END% + %TMPL:DEF{"topbar"}%<div class="twikiTopBar"> <div class="twikiTopBarContents"> <img src="%WIKILOGOIMG%" border="0" alt="%WIKILOGOALT%"/> @@ -22,6 +24,7 @@ <input type='text' size='30' name='username' value='%URLPARAM{"username"}%' /> </td></tr><tr><th>Password</th><td> <input type='password' size='30' name='password' value='' /> +%TMPL:P{context="can_remember_login" then="rememberbox"}% </td></tr></table> <literal> %QUERYPARAMS{format="<input type='hidden' name='$name' value='$percntENCODE{$quot()$value$quot type=$quot()html$quot}$percnt' />"}% Modified: twiki/branches/MAIN/twikiplugins/PatternSkin/templates/login.pattern.tmpl =================================================================== --- twiki/branches/MAIN/twikiplugins/PatternSkin/templates/login.pattern.tmpl 2007-02-11 12:38:23 UTC (rev 12836) +++ twiki/branches/MAIN/twikiplugins/PatternSkin/templates/login.pattern.tmpl 2007-02-11 14:17:56 UTC (rev 12837) @@ -67,6 +67,29 @@ +%TMPL:DEF{"usernamestep"}%<div class="twikiFormStep"> +---+++ %MAKETEXT{"Username"}% + +<input class="twikiInputField" type="text" size="30" name="username" value="%URLPARAM{"username"}%" tabindex="1" /> +%TMPL:P{"authenticationnote"}% +</div><!-- /twikiFormStep-->%TMPL:END% + + + +%TMPL:DEF{"rememberbox"}%<input id="remember" name="remember" type="checkbox" value="1" tabindex="3" /> <label for="remember">%MAKETEXT{"Remember me"}%</label>%TMPL:END% + + + +%TMPL:DEF{"passwordstep"}%<div class="twikiFormStep"> +---+++ %MAKETEXT{"Password"}% + +<input class="patternFormFieldVerticalForm" type="password" size="30" class="twikiInputField" name="password" value="" tabindex="2" />%TMPL:P{"forgotpasswordnote"}% + +</div><!-- /twikiFormStep-->%TMPL:END% + + + + %TMPL:DEF{"forgotpasswordnote"}% <span class="twikiSmallish">[[%TWIKIWEB%.ResetPassword][%MAKETEXT{"I forgot my password"}%]]</span>%TMPL:END% @@ -76,8 +99,8 @@ %MAKETEXT{"If you have any questions, please contact [_1]." args="%WIKIWEBMASTER%"}% </div>%TMPL:END% +%TMPL:DEF{"rememberbox"}%<span class="twikiSmallish"><input id='remember' name='remember' type='checkbox' value='1' /> <label for='remember'>%MAKETEXT{"Remember me"}%</label></span>%TMPL:END% - %TMPL:DEF{"content"}%<div class="patternTopic"><div id="twikiLogin"> <form name="loginform" action="%SCRIPTURLPATH{"login"}%/%WEB%/%TOPIC%" method="post"> <div class="twikiFormSteps"> @@ -94,6 +117,8 @@ ---+++ %MAKETEXT{"Password"}% %ICON{"key"}% <input class="patternFormFieldVerticalForm" type="password" size="30" class="twikiInputField" name="password" value="" tabindex="2" />%TMPL:P{"forgotpasswordnote"}% + +%TMPL:P{context="can_remember_login" then="rememberbox"}% </div><!-- /twikiFormStep--> <div class="twikiFormStep twikiLast"> <input class="twikiSubmit" type="submit" value='%MAKETEXT{"Logon"}%' tabindex="3" /> |