From 541b90d7107419dab646736ad4c3d9a7d5428b29 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Mon, 26 Feb 2024 23:08:20 +0100 Subject: [PATCH] user import from MoinMoin --- auth/moinmoin.sh | 101 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 auth/moinmoin.sh diff --git a/auth/moinmoin.sh b/auth/moinmoin.sh new file mode 100644 index 0000000..71c73da --- /dev/null +++ b/auth/moinmoin.sh @@ -0,0 +1,101 @@ +#!/bin/sh + +. "$_EXEC/cgilite/storage.sh" +. "$_EXEC/cgilite/session.sh" + +MOIN_USERS="${MOIN_USERS:-/srv/moinwiki/data/user/}" +user_db="${user_db:-${_DATA}/users.db}" +USER_ACCOUNTEXPIRE="${USER_ACCOUNTEXPIRE:-$((86400 * 730))}" + +user_emailexist() { + local email="$1" + grep -qxF "email=${email}" "${MOIN_USERS%/}"/* + return $? +} + +user_nameexist() { + local name="$1" + grep -qxF "name=${name}" "${MOIN_USERS%/}"/* + return $? +} + +user_login(){ + local UID_ UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE + local name="$(POST uname)" pw="$(POST pw)" + local uname="$(STRING "$name")" + local moinfile="$(grep -lxF "name=${name}" "${MOIN_USERS%/}"/*)" + local moinpw pyreturn + + [ ! "$moinfile" ] && return 1 # no user record in MoinMoin + + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID_ UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + # Username already in main DB + [ "$UNAME" = "$uname" -o "$EMAIL" = "$uname" ] && return 1 + done <"$user_db" + + moinpw="$(grep -E '^enc_password=\{PASSLIB\}' "$moinfile")" + moinpw="${moinpw#"enc_password={PASSLIB}"}" + + if python3 -c ' +from passlib.hash import sha512_crypt +if sha512_crypt.verify(input(), input()): + exit(0) +else: + exit(1) +' <<-EOF + ${pw} + ${moinpw} + EOF + then + EMAIL="$(grep -E '^email=' "$moinfile")" EMAIL="${EMAIL#email=}" + PWSALT="$(randomid)" + PWHASH="$(printf '%s\n%s\n' "$pw" "$PWSALT" |sha256sum)" + printf '%s %s %s %s %s %s %i %s %s\n' \ + "$(timeid)" "$(STRING "$name")" "active" "$(STRING "$EMAIL")" \ + "$PWSALT" "${PWHASH%% *}" \ + "$((_DATE + USER_ACCOUNTEXPIRE))" "\\" "\\" \ + >>"$user_db" + return 0 + else + return 1 + fi +} + +uname="$(POST uname)" email="$(POST email)" + +[ "$REQUEST_METHOD" = POST ] && case "$(POST action)" in + user_register): + # precede email/username check of default authenticator + if [ "$USER_REQUIREEMAIL" = true ]; then + [ "$email" ] && user_emailexist "$email" \ + && REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS" + elif [ "$USER_REQUIREEMAIL" != true ]; then + [ "$uname" ] && user_nameexist "$uname" \ + && REDIRECT "${_BASE}${PATH_INFO}#ERROR_UNAME_EXISTS" + fi + ;; + user_invite): + # precede email check of default authenticator + [ "$email" ] && user_emailexist "$email" \ + && REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS" + ;; + user_confirm): + # precede username check of default authenticator + [ "$uname" ] && user_nameexist "$uname" \ + && REDIRECT "${_BASE}${PATH_INFO}#ERROR_UNAME_EXISTS" + ;; + user_login): + # verify password and write user record to db + user_login && debug "Set up new user record for \"$uname\"" \ + ;; + user_logout|user_update|user_recover|user_disable) + # delegate to default authenticator + :;; +esac + +unset uname email +unset UID_ UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE + +debug "Running default verify" +. "$_EXEC/auth/default.sh" -- 2.39.2