added: need_ssl flag to FunctionBase
// try to use SSL // if in the config 'use_ssl' is true and 'use_ssl_only_for_logged_users' is true // then ssl is used only for logged users but sometimes there is a need to use // SSL even if noone is logged (for example for such functions like 'login' or 'adduser') // default: false // (this option is ignored if 'use_ssl' in the config is false) bool need_ssl; git-svn-id: svn://ttmath.org/publicrep/winix/trunk@892 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
parent
26e87b20b1
commit
14f997b844
43
core/app.cpp
43
core/app.cpp
|
@ -221,23 +221,34 @@ return true;
|
|||
|
||||
|
||||
/*
|
||||
if this method returns true then we make a redirect
|
||||
this method is called when the connection is through SSL
|
||||
if this method returns true then we make a redirect to an ordinary http (without ssl)
|
||||
*/
|
||||
bool App::ShouldNotUseSSL()
|
||||
{
|
||||
if( cur.request->method == Request::post )
|
||||
{
|
||||
// something comes via POST, don't do a redirect because you lose the date
|
||||
return false;
|
||||
}
|
||||
|
||||
if( !config.use_ssl )
|
||||
{
|
||||
// we should not use SSL, we make a redirect
|
||||
return true;
|
||||
}
|
||||
|
||||
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||
if( cur.request->function == &functions.fun_login ||
|
||||
cur.request->function == &functions.fun_adduser )
|
||||
if( cur.request->function->need_ssl )
|
||||
{
|
||||
// this winix function require SSL, so we don't make a redirect
|
||||
return false;
|
||||
}
|
||||
|
||||
if( config.use_ssl_only_for_logged_users && !cur.session->puser )
|
||||
{
|
||||
// use_ssl_only_for_logged_users is true and noone is logged, do the redirect
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -245,23 +256,35 @@ return false;
|
|||
|
||||
|
||||
/*
|
||||
if this method returns true then we make a redirect
|
||||
this method is called when the connection is NOT through SSL
|
||||
if this method returns true then we make a redirect to SSL
|
||||
*/
|
||||
bool App::ShouldUseSSL()
|
||||
{
|
||||
if( cur.request->method == Request::post )
|
||||
{
|
||||
// something comes via POST, don't do a redirect because you lose the date
|
||||
return false;
|
||||
}
|
||||
|
||||
if( !config.use_ssl )
|
||||
{
|
||||
// we do not use ssl, don't do the redirect
|
||||
return false;
|
||||
}
|
||||
|
||||
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||
if( cur.request->function == &functions.fun_login ||
|
||||
cur.request->function == &functions.fun_adduser )
|
||||
if( cur.request->function->need_ssl )
|
||||
{
|
||||
// this functions require SSL, do the redirect
|
||||
return true;
|
||||
}
|
||||
|
||||
if( config.use_ssl_only_for_logged_users && !cur.session->puser )
|
||||
{
|
||||
// we require SSL but only for logged users
|
||||
// dont do redirect
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -276,7 +299,7 @@ bool status = true;
|
|||
if( ShouldNotUseSSL() )
|
||||
{
|
||||
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||
log << log3 << "App: this operation should NOT be used in SSL connection" << logend;
|
||||
log << log3 << "App: this operation should NOT be used through SSL" << logend;
|
||||
status = false;
|
||||
}
|
||||
}
|
||||
|
@ -284,7 +307,7 @@ bool status = true;
|
|||
if( ShouldUseSSL() )
|
||||
{
|
||||
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
||||
log << log3 << "App: this operation should be used through SSL" << logend;
|
||||
status = false;
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,8 @@ namespace Fun
|
|||
|
||||
AddUser::AddUser()
|
||||
{
|
||||
fun.url = L"adduser";
|
||||
fun.url = L"adduser";
|
||||
need_ssl = true;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@ FunctionBase::FunctionBase()
|
|||
{
|
||||
follow_symlinks = true;
|
||||
template_index = size_t(-1);
|
||||
need_ssl = false;
|
||||
|
||||
fun.user_id = -1;
|
||||
fun.group_id = -1;
|
||||
|
|
|
@ -43,6 +43,14 @@ public:
|
|||
// html template index (for using with 'patterns' object)
|
||||
size_t template_index;
|
||||
|
||||
// try to use SSL
|
||||
// if in the config 'use_ssl' is true and 'use_ssl_only_for_logged_users' is true
|
||||
// then ssl is used only for logged users but sometimes there is a need to use
|
||||
// SSL even if noone is logged (for example for such functions like 'login' or 'adduser')
|
||||
// default: false
|
||||
// (this option is ignored if 'use_ssl' in the config is false)
|
||||
bool need_ssl;
|
||||
|
||||
virtual void Init();
|
||||
virtual bool HasAccess();
|
||||
virtual void MakePost();
|
||||
|
|
|
@ -17,7 +17,8 @@ namespace Fun
|
|||
|
||||
Login::Login()
|
||||
{
|
||||
fun.url = L"login";
|
||||
fun.url = L"login";
|
||||
need_ssl = true;
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue