diff --git a/controllers/freeswitch.moon b/controllers/freeswitch.moon index 3a9bab6..6247d91 100644 --- a/controllers/freeswitch.moon +++ b/controllers/freeswitch.moon @@ -2,6 +2,7 @@ lapis = require "lapis" import respond_to from require "lapis.application" +require "models.token" require "models.user" class Freeswitch extends lapis.Application @@ -9,8 +10,13 @@ class Freeswitch extends lapis.Application POST: => uid = @params["user"] or @params["sip_auth_username"] @user = Users\find extension: uid + @tokens = Tokens\select "where user_id = ?", uid + + if #@tokens == 0 + return status: 404, layout: false, "no auth tokens for " .. uid + if not @user - return status: 404, "no such user" + return status: 404, layout: false, "no such user " .. uid render: true, layout: false } diff --git a/controllers/users.moon b/controllers/users.moon index ae05011..2620ed0 100644 --- a/controllers/users.moon +++ b/controllers/users.moon @@ -10,6 +10,12 @@ require "models.user" class User extends lapis.Application [list: "/list"]: => + if @session.user + if not Users\find id: @session.user + @write redirect_to: @url_for "login" + else + @write redirect_to: @url_for "login" + user = Users\find id: @session.user @list = Users\select! render: true @@ -28,11 +34,10 @@ class User extends lapis.Application { "name", exists: true, min_length: 3} } - @params.password = encoding.encode_base64 encoding.hmac_sha1("ninjas", @params.password) + @params.password = encoding.encode_base64 encoding.hmac_sha1(@params.email, @params.password) @params.password_again = nil @params.csrf_token = nil @params.extension = "#{1000}" - @params.registrar_password = encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!) if Users\find email: @params.email @title = "Failure" @@ -40,8 +45,14 @@ class User extends lapis.Application user = Users\create @params user\write_session @ + user.extension = "#{1000 + user.id}" - Users\update user + assert Users\update user + + token = Tokens\create { + user_id: user.extension + token: encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!) + } @title = "Success" @@ -52,8 +63,8 @@ class User extends lapis.Application p -> text "Your extension is " .. user.extension p -> - text "Your sip password is " - code user.registrar_password + text "Your one-time sip token is " + code token.token p "This will not be shown again so please be sure to write this down." @@ -73,11 +84,16 @@ class User extends lapis.Application user = Users\find email: @params.email - cmppass = encoding.encode_base64 encoding.hmac_sha1("ninjas", @params.password) + cmppass = encoding.encode_base64 encoding.hmac_sha1(@params.email, @params.password) if user.password == cmppass user\write_session @ + token = Tokens\create { + user_id: user.extension + token: encoding.encode_base64 encoding.hmac_sha1(@params.email, os.time!) + } + @title = "Login successful" return "Hi " .. user.name diff --git a/models/user.moon b/models/user.moon index 7a75ab0..07e3a66 100644 --- a/models/user.moon +++ b/models/user.moon @@ -6,4 +6,3 @@ export class Users extends Model write_session: (r) => r.session.user = @id - r.session.sippw = @registrar_password diff --git a/views/freeswitch.moon b/views/freeswitch.moon index 31c453c..c5f52a9 100644 --- a/views/freeswitch.moon +++ b/views/freeswitch.moon @@ -10,9 +10,10 @@ class Freeswitch extends Widget groups -> group name: "default", -> users -> - user id: "#{@user.extension}", -> - params -> - param name: "password", value: "#{@user.registrar_password}" - variables -> - variable name: "accountcode", value: "#{@user.extension}" - variable name: "user_context", value: "default" + for _, token in pairs @tokens + user id: "#{@user.extension}", -> + params -> + param name: "password", value: "#{token.token}" + variables -> + variable name: "accountcode", value: "#{@user.extension}" + variable name: "user_context", value: "default"