Author: hhubner Date: Mon Feb 18 07:34:17 2008 New Revision: 2547
Modified: trunk/bknr/web/src/web/authorizer.lisp trunk/bknr/web/src/web/handlers.lisp Log: Make FIND-USER-FROM-REQUEST-PARAMS a GF again to support BOS.
Modified: trunk/bknr/web/src/web/authorizer.lisp ============================================================================== --- trunk/bknr/web/src/web/authorizer.lisp (original) +++ trunk/bknr/web/src/web/authorizer.lisp Mon Feb 18 07:34:17 2008 @@ -27,18 +27,21 @@ (declare (ignore c)) (format s "Login failed"))))
-(defun find-user-from-request-parameters () - (with-query-params (__username __password) - (unless (and __username __password - (not (equal __username "")) - (not (equal __password ""))) - (return-from find-user-from-request-parameters nil)) - (let ((user (find-user __username))) +(defgeneric find-user-from-request-parameters ((authorizer authorizer)) + (:documentation "Return the user that is associated with the current +request or NIL.") + (:method ((authorizer bknr-authorizer)) + (with-query-params (__username __password) + (unless (and __username __password + (not (equal __username "")) + (not (equal __password ""))) + (return-from find-user-from-request-parameters nil)) + (let ((user (find-user __username))) (when (and user (not (user-disabled user)) (verify-password user __password)) (return-from find-user-from-request-parameters user))) - (error 'login-failure))) + (error 'login-failure))))
(defmethod authorize ((authorizer bknr-authorizer)) ;; Catch any errors that occur during request body processing
Modified: trunk/bknr/web/src/web/handlers.lisp ============================================================================== --- trunk/bknr/web/src/web/handlers.lisp (original) +++ trunk/bknr/web/src/web/handlers.lisp Mon Feb 18 07:34:17 2008 @@ -283,10 +283,9 @@ (defun ensure-bknr-session () "Ensure that the BKNR-SESSION session variable is set and that it belongs to the user that is specified in the request." - (let ((request-user (find-user-from-request-parameters))) + (let ((request-user (find-user-from-request-parameters (website-authorizer *website*)))) (unless (and (session-value 'bknr-session) - (equal (bknr-session-user) - (find-user-from-request-parameters))) + (eq (bknr-session-user) request-user)) (setf (session-value 'bknr-session) (make-instance 'bknr-session :user (or request-user (find-user "anonymous")))))))