user import from MoinMoin

diff --git a/auth/moinmoin.sh b/auth/moinmoin.sh
new file mode 100644 (file)
index 0000000..71c73da
--- /dev/null
+++ b/auth/moinmoin.sh
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+. "$_EXEC/cgilite/storage.sh"
+. "$_EXEC/cgilite/session.sh"
+
+MOIN_USERS="${MOIN_USERS:-/srv/moinwiki/data/user/}"
+user_db="${user_db:-${_DATA}/users.db}"
+USER_ACCOUNTEXPIRE="${USER_ACCOUNTEXPIRE:-$((86400 * 730))}"
+
+user_emailexist() {
+  local email="$1"
+  grep -qxF "email=${email}" "${MOIN_USERS%/}"/*
+  return $?
+}
+
+user_nameexist() {
+  local name="$1"
+  grep -qxF "name=${name}" "${MOIN_USERS%/}"/*
+  return $?
+}
+
+user_login(){
+  local UID_   UNAME   STATUS  EMAIL   PWSALT  PWHASH  EXPIRE  DEVICES FUTUREUSE
+  local name="$(POST uname)" pw="$(POST pw)"
+  local uname="$(STRING "$name")"
+  local moinfile="$(grep -lxF "name=${name}" "${MOIN_USERS%/}"/*)"
+  local moinpw pyreturn
+
+  [ ! "$moinfile" ] && return 1  # no user record in MoinMoin
+
+  [ -f "$user_db" -a -r "$user_db" ] \
+  && while read -r UID_        UNAME   STATUS  EMAIL   PWSALT  PWHASH  EXPIRE  DEVICES FUTUREUSE; do
+    # Username already in main DB
+    [ "$UNAME" = "$uname" -o "$EMAIL" = "$uname" ] && return 1
+  done <"$user_db"
+
+  moinpw="$(grep -E '^enc_password=\{PASSLIB\}' "$moinfile")"
+  moinpw="${moinpw#"enc_password={PASSLIB}"}"
+
+  if python3 -c '
+from passlib.hash import sha512_crypt
+if sha512_crypt.verify(input(), input()):
+  exit(0)
+else:
+  exit(1)
+' <<-EOF
+       ${pw}
+       ${moinpw}
+       EOF
+  then
+    EMAIL="$(grep -E '^email=' "$moinfile")" EMAIL="${EMAIL#email=}"
+    PWSALT="$(randomid)"
+    PWHASH="$(printf '%s\n%s\n' "$pw" "$PWSALT" |sha256sum)"
+    printf '%s %s      %s      %s      %s      %s      %i      %s      %s\n' \
+           "$(timeid)" "$(STRING "$name")" "active" "$(STRING "$EMAIL")" \
+           "$PWSALT" "${PWHASH%% *}" \
+           "$((_DATE + USER_ACCOUNTEXPIRE))" "\\" "\\" \
+    >>"$user_db"
+    return 0
+  else
+    return 1
+  fi
+}
+
+uname="$(POST uname)" email="$(POST email)"
+
+[ "$REQUEST_METHOD" = POST ] && case "$(POST action)" in
+  user_register):
+    # precede email/username check of default authenticator
+    if   [ "$USER_REQUIREEMAIL" = true ]; then
+      [ "$email" ] && user_emailexist "$email" \
+      && REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
+    elif [ "$USER_REQUIREEMAIL" != true ]; then
+      [ "$uname" ] && user_nameexist "$uname" \
+      && REDIRECT "${_BASE}${PATH_INFO}#ERROR_UNAME_EXISTS"
+    fi
+    ;;
+  user_invite):
+    # precede email check of default authenticator
+    [ "$email" ] && user_emailexist "$email" \
+    && REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
+    ;;
+  user_confirm):
+    # precede username check of default authenticator
+    [ "$uname" ] && user_nameexist "$uname" \
+    && REDIRECT "${_BASE}${PATH_INFO}#ERROR_UNAME_EXISTS"
+    ;;
+  user_login):
+    # verify password and write user record to db
+    user_login && debug "Set up new user record for \"$uname\"" \
+    ;;
+  user_logout|user_update|user_recover|user_disable)
+    # delegate to default authenticator
+    :;;
+esac
+
+unset uname email
+unset UID_     UNAME   STATUS  EMAIL   PWSALT  PWHASH  EXPIRE  DEVICES FUTUREUSE
+
+debug "Running default verify"
+. "$_EXEC/auth/default.sh"