[bknr-cvs] r2547 - trunk/bknr/web/src/web

hhubner at common-lisp.net hhubner at common-lisp.net
Mon Feb 18 12:34:18 UTC 2008 

Author: hhubner
Date: Mon Feb 18 07:34:17 2008
New Revision: 2547

Modified:
   trunk/bknr/web/src/web/authorizer.lisp
   trunk/bknr/web/src/web/handlers.lisp
Log:
Make FIND-USER-FROM-REQUEST-PARAMS a GF again to support BOS.


Modified: trunk/bknr/web/src/web/authorizer.lisp
==============================================================================
--- trunk/bknr/web/src/web/authorizer.lisp	(original)
+++ trunk/bknr/web/src/web/authorizer.lisp	Mon Feb 18 07:34:17 2008
@@ -27,18 +27,21 @@
              (declare (ignore c))
              (format s "Login failed"))))
 
-(defun find-user-from-request-parameters ()
-  (with-query-params (__username __password)
-    (unless (and __username __password
-                 (not (equal __username ""))
-                 (not (equal __password "")))
-      (return-from find-user-from-request-parameters nil))
-    (let ((user (find-user __username)))
+(defgeneric find-user-from-request-parameters ((authorizer authorizer))
+  (:documentation "Return the user that is associated with the current
+request or NIL.")
+  (:method ((authorizer bknr-authorizer))
+    (with-query-params (__username __password)
+      (unless (and __username __password
+                   (not (equal __username ""))
+                   (not (equal __password "")))
+        (return-from find-user-from-request-parameters nil))
+      (let ((user (find-user __username)))
 	(when (and user
                    (not (user-disabled user))
 		   (verify-password user __password))
           (return-from find-user-from-request-parameters user)))
-    (error 'login-failure)))
+      (error 'login-failure))))
 
 (defmethod authorize ((authorizer bknr-authorizer))
   ;; Catch any errors that occur during request body processing

Modified: trunk/bknr/web/src/web/handlers.lisp
==============================================================================
--- trunk/bknr/web/src/web/handlers.lisp	(original)
+++ trunk/bknr/web/src/web/handlers.lisp	Mon Feb 18 07:34:17 2008
@@ -283,10 +283,9 @@
 (defun ensure-bknr-session ()
   "Ensure that the BKNR-SESSION session variable is set and that it
 belongs to the user that is specified in the request."
-  (let ((request-user (find-user-from-request-parameters)))
+  (let ((request-user (find-user-from-request-parameters (website-authorizer *website*))))
     (unless (and (session-value 'bknr-session)
-                 (equal (bknr-session-user)
-                        (find-user-from-request-parameters)))
+                 (eq (bknr-session-user) request-user))
       (setf (session-value 'bknr-session)
             (make-instance 'bknr-session :user (or request-user
                                                    (find-user "anonymous")))))))

More information about the Bknr-cvs mailing list