• Publicity: Public Only All

security-procs.tcl

Provides methods for authorizing and identifying ACS users (both logged-in and not) and tracking their sessions.

Location:
packages/acs-tcl/tcl/security-procs.tcl
Created:
16 Feb 2000
Authors:
Jon Salz <jsalz@arsdigita.com>
Richard Li <richardl@arsdigita.com>
Archit Shah <ashah@arsdigita.com>
CVS Identification:
$Id: security-procs.tcl,v 1.128 2024/09/11 06:15:48 gustafn Exp $

Procedures in this file

Detailed information

ad_change_password (public)

 ad_change_password \
    [ -password_hash_algorithm password_hash_algorithm ] user_id \
    new_password

Change the user's password

Switches:
-password_hash_algorithm (optional, defaults to "salted-sha1")
Parameters:
user_id (required)
new_password (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_ad_change_check_password ad_change_check_password (test acs-tcl) ad_change_password ad_change_password test_ad_change_check_password->ad_change_password db_dml db_dml (public) ad_change_password->db_dml sec_random_token sec_random_token (public) ad_change_password->sec_random_token acs::test::auth::registration::Register acs::test::auth::registration::Register (private) acs::test::auth::registration::Register->ad_change_password ad_check_password ad_check_password (public) ad_check_password->ad_change_password auth::local::password::ChangePassword auth::local::password::ChangePassword (private) auth::local::password::ChangePassword->ad_change_password auth::local::password::ResetPassword auth::local::password::ResetPassword (private) auth::local::password::ResetPassword->ad_change_password auth::local::registration::Register auth::local::registration::Register (private) auth::local::registration::Register->ad_change_password

Testcases:
ad_change_check_password

ad_check_password (public)

 ad_check_password user_id password_from_form

Check if the provided password is correct. OpenACS never stores password, but uses salted hashes for identification. Different algorithm can be used. When the stored hash is from another hash algorithm, which is preferred, this function updates the password hash automatically, but only, when the password is correct.

Parameters:
user_id (required)
password_from_form (required)
Returns:
Returns 1 if the password is correct for the given user ID.

Partial Call Graph (max 5 caller/called nodes):
%3 test_ad_change_check_password ad_change_check_password (test acs-tcl) ad_check_password ad_check_password test_ad_change_check_password->ad_check_password test_auth_password_change auth_password_change (test acs-authentication) test_auth_password_change->ad_check_password test_auth_password_implementations auth_password_implementations (test acs-authentication) test_auth_password_implementations->ad_check_password ad_change_password ad_change_password (public) ad_check_password->ad_change_password db_0or1row db_0or1row (public) ad_check_password->db_0or1row security::preferred_password_hash_algorithm security::preferred_password_hash_algorithm (private) ad_check_password->security::preferred_password_hash_algorithm auth::local::authentication::Authenticate auth::local::authentication::Authenticate (private) auth::local::authentication::Authenticate->ad_check_password auth::local::password::ChangePassword auth::local::password::ChangePassword (private) auth::local::password::ChangePassword->ad_check_password

Testcases:
auth_password_change, auth_password_implementations, ad_change_check_password

ad_get_client_property (public)

 ad_get_client_property [ -cache cache ] [ -cache_only cache_only ] \
    [ -default default ] [ -session_id session_id ] module name

Looks up a property for a session. If -cache is true, will use the cached value if available. If -cache_only is true, will never incur a database hit (i.e., will only return a value if cached). If the property is secure, we must be on a validated session over HTTPS or the default is returned.

Switches:
-cache (optional, defaults to "t")
-cache_only (optional, defaults to "f")
-default (optional)
-session_id (optional)
controls which session is used
Parameters:
module (required)
typically the name of the package to which the property belongs (serves as a namespace)
name (required)
name of the property
Returns:
value of the property or default
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_client_properties client_properties (test acs-tcl) ad_get_client_property ad_get_client_property test_client_properties->ad_get_client_property ad_conn ad_conn (public) ad_get_client_property->ad_conn sec_session_timeout sec_session_timeout ad_get_client_property->sec_session_timeout security::secure_conn_p security::secure_conn_p (public) ad_get_client_property->security::secure_conn_p util_memoize util_memoize (public) ad_get_client_property->util_memoize util_memoize_cached_p util_memoize_cached_p (public) ad_get_client_property->util_memoize_cached_p ad_cache_returnredirect ad_cache_returnredirect (public) ad_cache_returnredirect->ad_get_client_property ad_page_contract ad_page_contract (public) ad_page_contract->ad_get_client_property apidoc::set_public apidoc::set_public (private) apidoc::set_public->ad_get_client_property apm_get_package_repository apm_get_package_repository (public) apm_get_package_repository->ad_get_client_property ds_get_user_id ds_get_user_id (private) ds_get_user_id->ad_get_client_property

Testcases:
client_properties

ad_get_external_registries (public)

 ad_get_external_registries [ -subsite_id subsite_id ]

Return for the specified subsite (or the current registry subsite) the external authority interface objs. Per default, all defined external registries are returned, but a subsite might restrict this.

Switches:
-subsite_id (optional)

Partial Call Graph (max 5 caller/called nodes):
%3 test_webtest_example webtest_example (test acs-automated-testing) ad_get_external_registries ad_get_external_registries test_webtest_example->ad_get_external_registries parameter::get parameter::get (public) ad_get_external_registries->parameter::get security::get_register_subsite security::get_register_subsite (public) ad_get_external_registries->security::get_register_subsite packages/acs-subsite/lib/external-logins.tcl packages/acs-subsite/ lib/external-logins.tcl packages/acs-subsite/lib/external-logins.tcl->ad_get_external_registries

Testcases:
webtest_example

ad_get_login_url (public)

 ad_get_login_url [ -authority_id authority_id ] [ -username username ] \
    [ -return ] [ -external_registry external_registry ]

Returns a URL to the login page of the closest subsite, or the main site, if there's no current connection.

Switches:
-authority_id (optional)
-username (optional)
-return (optional, boolean)
-external_registry (optional)
Options:
-return
If set, will export the current form, so when the registration is complete, the user will be returned to the current location. All variables in ns_getform (both posts and gets) will be maintained.
Authors:
Lars Pind <lars@collaboraid.biz>
Gustaf Neumann

Partial Call Graph (max 5 caller/called nodes):
%3 test_login_logout_urls login_logout_urls (test acs-tcl) ad_get_login_url ad_get_login_url test_login_logout_urls->ad_get_login_url ad_conn ad_conn (public) ad_get_login_url->ad_conn ad_return_url ad_return_url (public) ad_get_login_url->ad_return_url export_vars export_vars (public) ad_get_login_url->export_vars security::RestrictLoginToSSLP security::RestrictLoginToSSLP (public) ad_get_login_url->security::RestrictLoginToSSLP security::get_register_subsite security::get_register_subsite (public) ad_get_login_url->security::get_register_subsite ad_redirect_for_registration ad_redirect_for_registration (public) ad_redirect_for_registration->ad_get_login_url auth::refresh_login auth::refresh_login (public) auth::refresh_login->ad_get_login_url auth::require_login auth::require_login (public) auth::require_login->ad_get_login_url packages/acs-subsite/lib/home.tcl packages/acs-subsite/ lib/home.tcl packages/acs-subsite/lib/home.tcl->ad_get_login_url packages/acs-subsite/www/group-master.tcl packages/acs-subsite/ www/group-master.tcl packages/acs-subsite/www/group-master.tcl->ad_get_login_url

Testcases:
login_logout_urls

ad_get_logout_url (public)

 ad_get_logout_url [ -return ] [ -return_url return_url ]

Returns a URL to the logout page of the closest subsite, or the main site, if there's no current connection.

Switches:
-return (optional, boolean)
-return_url (optional)
Options:
-return
If set, will export the current form, so when the logout is complete the user will be returned to the current location. All variables in ns_getform (both posts and gets) will be maintained.
Author:
Lars Pind <lars@collaboraid.biz>

Partial Call Graph (max 5 caller/called nodes):
%3 test_login_logout_urls login_logout_urls (test acs-tcl) ad_get_logout_url ad_get_logout_url test_login_logout_urls->ad_get_logout_url ad_return_url ad_return_url (public) ad_get_logout_url->ad_return_url export_vars export_vars (public) ad_get_logout_url->export_vars security::get_register_subsite security::get_register_subsite (public) ad_get_logout_url->security::get_register_subsite packages/acs-subsite/www/group-master.tcl packages/acs-subsite/ www/group-master.tcl packages/acs-subsite/www/group-master.tcl->ad_get_logout_url packages/openacs-default-theme/lib/plain-master.tcl packages/openacs-default-theme/ lib/plain-master.tcl packages/openacs-default-theme/lib/plain-master.tcl->ad_get_logout_url

Testcases:
login_logout_urls

ad_get_signed_cookie (public)

 ad_get_signed_cookie [ -include_set_cookies include_set_cookies ] \
    [ -secret secret ] name

Retrieves a signed cookie. Validates a cookie against its cryptographic signature and ensures that the cookie has not expired. Throws an exception if cookie does not exists or validation fails (maybe due to expiration).

Switches:
-include_set_cookies (optional, defaults to "t")
-secret (optional)
Parameters:
name (required)
Returns:
cookie value
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_test_set_cookie_procs test_set_cookie_procs (test acs-tcl) ad_get_signed_cookie ad_get_signed_cookie test_test_set_cookie_procs->ad_get_signed_cookie ad_get_cookie ad_get_cookie (public) ad_get_signed_cookie->ad_get_cookie ad_verify_signature ad_verify_signature (public) ad_get_signed_cookie->ad_verify_signature security::log security::log (private) ad_get_signed_cookie->security::log Class ::xowiki::includelet::kibana Class ::xowiki::includelet::kibana (public) Class ::xowiki::includelet::kibana->ad_get_signed_cookie sec_handler sec_handler (private) sec_handler->ad_get_signed_cookie sec_login_read_cookie sec_login_read_cookie (private) sec_login_read_cookie->ad_get_signed_cookie

Testcases:
test_set_cookie_procs

ad_get_signed_cookie_with_expr (public)

 ad_get_signed_cookie_with_expr \
    [ -include_set_cookies include_set_cookies ] [ -secret secret ] \
    name

Retrieves a signed cookie. Validates a cookie against its cryptographic signature and ensures that the cookie has not expired. Throws an exception when cookie does not exist or validation fails.

Switches:
-include_set_cookies (optional, defaults to "t")
-secret (optional)
Parameters:
name (required)
Returns:
Two-element list containing cookie data and expiration time
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_sync_http_get_document sync_http_get_document (test acs-authentication) ad_get_signed_cookie_with_expr ad_get_signed_cookie_with_expr test_sync_http_get_document->ad_get_signed_cookie_with_expr ad_get_cookie ad_get_cookie (public) ad_get_signed_cookie_with_expr->ad_get_cookie ad_verify_signature_with_expr ad_verify_signature_with_expr (public) ad_get_signed_cookie_with_expr->ad_verify_signature_with_expr

Testcases:
sync_http_get_document

ad_redirect_for_registration (public)

 ad_redirect_for_registration

Redirects user to [subsite]/register/index to require the user to register. When registration is complete, the user will be returned to the current location. All variables in ns_getform (both posts and gets) will be maintained.

It's up to the caller to issue an ad_script_abort, if that's what you want.

See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 forum::security::do_abort forum::security::do_abort (private) ad_redirect_for_registration ad_redirect_for_registration forum::security::do_abort->ad_redirect_for_registration ad_get_login_url ad_get_login_url (public) ad_redirect_for_registration->ad_get_login_url ad_returnredirect ad_returnredirect (public) ad_redirect_for_registration->ad_returnredirect

Testcases:
No testcase defined.

ad_restrict_entire_server_to_registered_users (public)

 ad_restrict_entire_server_to_registered_users conn args why

A preauth filter that will halt service of any page if the user is unregistered, except the site index page and stuff underneath [subsite]/register. Use permissions on the site node map to control access.

Parameters:
conn (required)
args (required)
why (required)

Partial Call Graph (max 5 caller/called nodes):
%3 ad_conn ad_conn (public) auth::require_login auth::require_login (public) ad_restrict_entire_server_to_registered_users ad_restrict_entire_server_to_registered_users ad_restrict_entire_server_to_registered_users->ad_conn ad_restrict_entire_server_to_registered_users->auth::require_login

Testcases:
No testcase defined.

ad_set_client_property (public)

 ad_set_client_property [ -clob clob ] [ -secure secure ] \
    [ -persistent persistent ] [ -session_id session_id ] module name \
    value

Sets a client (session-level) property. If -persistent is true, the new value will be written through to the database (it will survive a server restart, bit it will be slower). If -secure is true, the property will not be retrievable except via a validated, secure (HTTPS) connection.

Switches:
-clob (optional, defaults to "f")
tells us to use a large object to store the value
-secure (optional, defaults to "f")
-persistent (optional, defaults to "t")
-session_id (optional)
controls which session is used
Parameters:
module (required)
typically the name of the package to which the property belongs (serves as a namespace)
name (required)
name of the property
value (required)
value if the property
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_client_properties client_properties (test acs-tcl) ad_set_client_property ad_set_client_property test_client_properties->ad_set_client_property ad_conn ad_conn (public) ad_set_client_property->ad_conn ad_log ad_log (public) ad_set_client_property->ad_log db_dml db_dml (public) ad_set_client_property->db_dml db_driverkey db_driverkey (public) ad_set_client_property->db_driverkey db_map db_map (public) ad_set_client_property->db_map ad_cache_returnredirect ad_cache_returnredirect (public) ad_cache_returnredirect->ad_set_client_property apidoc::set_public apidoc::set_public (private) apidoc::set_public->ad_set_client_property apm_get_package_repository apm_get_package_repository (public) apm_get_package_repository->ad_set_client_property ds_replace_get_user_procs ds_replace_get_user_procs (private) ds_replace_get_user_procs->ad_set_client_property lang::util::translator_mode_set lang::util::translator_mode_set (public) lang::util::translator_mode_set->ad_set_client_property

Testcases:
client_properties

ad_set_signed_cookie (public)

 ad_set_signed_cookie [ -replace replace ] [ -secure secure ] \
    [ -expire expire ] [ -discard discard ] [ -scriptable scriptable ] \
    [ -max_age max_age ] [ -signature_max_age signature_max_age ] \
    [ -domain domain ] [ -path path ] [ -secret secret ] \
    [ -token_id token_id ] [ -samesite samesite ] name value

Sets a signed cookie. Negative token_ids are reserved for secrets external to the signed cookie mechanism. If a token_id is specified, a secret must be specified.

Switches:
-replace (optional, defaults to "f")
-secure (optional, defaults to "f")
-expire (optional, defaults to "f")
-discard (optional, defaults to "f")
-scriptable (optional, defaults to "f")
allow access to the cookie from JavaScript
-max_age (optional)
specifies the maximum age of the cookies in seconds (consistent with RFC 2109). max_age inf specifies cookies that never expire. (see ad_set_cookie). The default is session cookies.
-signature_max_age (optional)
-domain (optional)
-path (optional, defaults to "/")
-secret (optional)
allows the caller to specify a known secret external to the random secret management mechanism.
-token_id (optional)
allows the caller to specify a token_id.
-samesite (optional, defaults to "lax")
Parameters:
name (required)
value (required)
the value for the cookie. This is automatically url-encoded.
Author:
Richard Li <richardl@arsdigita.com>
Created:
18 October 2000
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_test_set_cookie_procs test_set_cookie_procs (test acs-tcl) ad_set_signed_cookie ad_set_signed_cookie test_test_set_cookie_procs->ad_set_signed_cookie ad_set_cookie ad_set_cookie (public) ad_set_signed_cookie->ad_set_cookie ad_sign ad_sign (public) ad_set_signed_cookie->ad_sign sec_session_lifetime sec_session_lifetime (private) ad_set_signed_cookie->sec_session_lifetime security::log security::log (private) ad_set_signed_cookie->security::log Class ::xowiki::includelet::kibana Class ::xowiki::includelet::kibana (public) Class ::xowiki::includelet::kibana->ad_set_signed_cookie ad_user_login ad_user_login (public) ad_user_login->ad_set_signed_cookie sec_generate_secure_token_cookie sec_generate_secure_token_cookie (private) sec_generate_secure_token_cookie->ad_set_signed_cookie sec_generate_session_id_cookie sec_generate_session_id_cookie (private) sec_generate_session_id_cookie->ad_set_signed_cookie

Testcases:
test_set_cookie_procs

ad_sign (public)

 ad_sign [ -secret secret ] [ -token_id token_id ] [ -max_age max_age ] \
    [ -binding binding ] value

Returns a digital signature of the value. Negative token_ids are reserved for secrets external to the ACS digital signature mechanism. If a token_id is specified, a secret must also be specified.

Switches:
-secret (optional)
allows the caller to specify a known secret external to the random secret management mechanism.
-token_id (optional)
allows the caller to specify a token_id which is then ignored so don't use it.
-max_age (optional)
specifies the length of time the signature is valid in seconds. The default is forever.
-binding (optional, defaults to "0")
allows the caller to bind a signature to a user/session. A value of 0 (default) means no additional binding. When the value is "-1" only the user who created the signature can obtain the value again. When the value is "-2" only the user with the same csrf token can obtain the value again. The permissible values might be extended in the future.
Parameters:
value (required)
the value to be signed.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_password_recover auth_password_recover (test acs-authentication) ad_sign ad_sign test_auth_password_recover->ad_sign test_sync_http_get_document sync_http_get_document (test acs-authentication) test_sync_http_get_document->ad_sign ad_conn ad_conn (public) ad_sign->ad_conn sec_get_random_cached_token_id sec_get_random_cached_token_id (public) ad_sign->sec_get_random_cached_token_id sec_get_token sec_get_token (public) ad_sign->sec_get_token security::csrf::new security::csrf::new (public) ad_sign->security::csrf::new acs_mail_lite::unique_id_create acs_mail_lite::unique_id_create (private) acs_mail_lite::unique_id_create->ad_sign ad_form ad_form (public) ad_form->ad_sign ad_set_signed_cookie ad_set_signed_cookie (public) ad_set_signed_cookie->ad_sign export_vars_sign export_vars_sign (private) export_vars_sign->ad_sign security::parameter::signed security::parameter::signed (public) security::parameter::signed->ad_sign

Testcases:
auth_password_recover, sync_http_get_document

ad_user_login (public)

 ad_user_login [ -account_status account_status ] \
    [ -cookie_domain cookie_domain ] \
    [ -external_registry external_registry ] [ -forever ] user_id

Logs the user in, forever (via the user_login cookie) if -forever is true. This procedure assumes that the user identity has been validated.

Switches:
-account_status (optional, defaults to "ok")
-cookie_domain (optional)
-external_registry (optional)
-forever (optional, boolean)
Parameters:
user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_logout_from_everywhere logout_from_everywhere (test acs-tcl) ad_user_login ad_user_login test_logout_from_everywhere->ad_user_login ad_conn ad_conn (public) ad_user_login->ad_conn ad_set_signed_cookie ad_set_signed_cookie (public) ad_user_login->ad_set_signed_cookie ad_unset_cookie ad_unset_cookie (public) ad_user_login->ad_unset_cookie parameter::get parameter::get (public) ad_user_login->parameter::get sec_get_user_auth_token sec_get_user_auth_token (public) ad_user_login->sec_get_user_auth_token acs::test::set_user acs::test::set_user (private) acs::test::set_user->ad_user_login auth::authenticate auth::authenticate (public) auth::authenticate->ad_user_login auth::create_user auth::create_user (public) auth::create_user->ad_user_login auth::issue_login auth::issue_login (public, deprecated) auth::issue_login->ad_user_login auth::password::change auth::password::change (public) auth::password::change->ad_user_login

Testcases:
logout_from_everywhere

ad_user_logout (public)

 ad_user_logout [ -cookie_domain cookie_domain ]

Logs the user out.

Switches:
-cookie_domain (optional)

Partial Call Graph (max 5 caller/called nodes):
%3 test_fs_create_folder fs_create_folder (test file-storage) ad_user_logout ad_user_logout test_fs_create_folder->ad_user_logout ad_conn ad_conn (public) ad_user_logout->ad_conn ad_unset_cookie ad_unset_cookie (public) ad_user_logout->ad_unset_cookie parameter::get parameter::get (public) ad_user_logout->parameter::get sec_invalidate_session_id sec_invalidate_session_id (private) ad_user_logout->sec_invalidate_session_id sec_login_get_external_registry sec_login_get_external_registry (public) ad_user_logout->sec_login_get_external_registry packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl packages/acs-subsite/lib/user-new.tcl->ad_user_logout packages/acs-subsite/www/register/logout.tcl packages/acs-subsite/ www/register/logout.tcl packages/acs-subsite/www/register/logout.tcl->ad_user_logout sec_handler sec_handler (private) sec_handler->ad_user_logout

Testcases:
fs_create_folder

ad_verify_signature (public)

 ad_verify_signature [ -secret secret ] value signature

Verifies a digital signature. Returns 1 for success, and 0 for failed validation. Validation can fail due to tampering or expiration of signature.

Switches:
-secret (optional)
specifies an external secret to use instead of the one provided by the ACS signature mechanism.
Parameters:
value (required)
signature (required)

Partial Call Graph (max 5 caller/called nodes):
%3 acs_mail_lite::unique_id_parse acs_mail_lite::unique_id_parse (private) ad_verify_signature ad_verify_signature acs_mail_lite::unique_id_parse->ad_verify_signature ad_form ad_form (public) ad_form->ad_verify_signature ad_get_signed_cookie ad_get_signed_cookie (public) ad_get_signed_cookie->ad_verify_signature ad_page_contract ad_page_contract (public) ad_page_contract->ad_verify_signature security::parameter::validated security::parameter::validated (public) security::parameter::validated->ad_verify_signature _ _ (public) ad_verify_signature->_

Testcases:
No testcase defined.

ad_verify_signature_with_expr (public)

 ad_verify_signature_with_expr [ -secret secret ] value signature

Verifies a digital signature. Returns either the expiration time or 0 if the validation fails.

Switches:
-secret (optional)
specifies an external secret to use instead of the one provided by the ACS signature mechanism.
Parameters:
value (required)
signature (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_sync_http_get_document sync_http_get_document (test acs-authentication) ad_verify_signature_with_expr ad_verify_signature_with_expr test_sync_http_get_document->ad_verify_signature_with_expr _ _ (public) ad_verify_signature_with_expr->_ acs_mail_lite::unique_id_parse acs_mail_lite::unique_id_parse (private) acs_mail_lite::unique_id_parse->ad_verify_signature_with_expr ad_get_signed_cookie_with_expr ad_get_signed_cookie_with_expr (public) ad_get_signed_cookie_with_expr->ad_verify_signature_with_expr

Testcases:
sync_http_get_document

sec_change_user_auth_token (public)

 sec_change_user_auth_token user_id

Change the user's auth_token, which invalidates all existing login cookies, i.e. forces user logout at the server.

Parameters:
user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_logout_from_everywhere logout_from_everywhere (test acs-tcl) sec_change_user_auth_token sec_change_user_auth_token test_logout_from_everywhere->sec_change_user_auth_token ad_generate_random_string ad_generate_random_string (public) sec_change_user_auth_token->ad_generate_random_string db_dml db_dml (public) sec_change_user_auth_token->db_dml auth::password::change auth::password::change (public) auth::password::change->sec_change_user_auth_token sec_get_user_auth_token sec_get_user_auth_token (public) sec_get_user_auth_token->sec_change_user_auth_token

Testcases:
logout_from_everywhere

sec_get_random_cached_token_id (public)

 sec_get_random_cached_token_id

Randomly returns a token_id from the token cache

Partial Call Graph (max 5 caller/called nodes):
%3 test_secret_tokens_get secret_tokens_get (test acs-tcl) sec_get_random_cached_token_id sec_get_random_cached_token_id test_secret_tokens_get->sec_get_random_cached_token_id sec_populate_secret_tokens_thread_cache sec_populate_secret_tokens_thread_cache (private) sec_get_random_cached_token_id->sec_populate_secret_tokens_thread_cache ad_sign ad_sign (public) ad_sign->sec_get_random_cached_token_id packages/acs-subsite/lib/login.tcl packages/acs-subsite/ lib/login.tcl packages/acs-subsite/lib/login.tcl->sec_get_random_cached_token_id security::parameter::signed security::parameter::signed (public) security::parameter::signed->sec_get_random_cached_token_id

Testcases:
secret_tokens_get

sec_get_token (public)

 sec_get_token token_id

Returns the token corresponding to the token_id. This first checks the thread-persistent Tcl cache, then checks the server size-limited cache before finally hitting the db in the worst case if the secret_token value is not in either cache. The procedure also updates the caches. Cache eviction is handled by the ns_cache API for the size-limited cache and is handled by AOLserver (via thread termination) for the thread-persistent Tcl cache.

Parameters:
token_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_secret_tokens_get secret_tokens_get (test acs-tcl) sec_get_token sec_get_token test_secret_tokens_get->sec_get_token db_string db_string (public) sec_get_token->db_string sec_get_token_from_nsv sec_get_token_from_nsv (private) sec_get_token->sec_get_token_from_nsv sec_populate_secret_tokens_thread_cache sec_populate_secret_tokens_thread_cache (private) sec_get_token->sec_populate_secret_tokens_thread_cache __ad_verify_signature __ad_verify_signature (private) __ad_verify_signature->sec_get_token ad_sign ad_sign (public) ad_sign->sec_get_token auth::get_user_secret_token auth::get_user_secret_token (public) auth::get_user_secret_token->sec_get_token packages/acs-subsite/lib/login.tcl packages/acs-subsite/ lib/login.tcl packages/acs-subsite/lib/login.tcl->sec_get_token

Testcases:
secret_tokens_get

sec_get_user_auth_token (public)

 sec_get_user_auth_token user_id

Get the user's auth token for verifying login cookies.

Parameters:
user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 ad_user_login ad_user_login (public) sec_get_user_auth_token sec_get_user_auth_token ad_user_login->sec_get_user_auth_token sec_handler sec_handler (private) sec_handler->sec_get_user_auth_token sec_login_handler sec_login_handler (public) sec_login_handler->sec_get_user_auth_token db_string db_string (public) sec_get_user_auth_token->db_string sec_change_user_auth_token sec_change_user_auth_token (public) sec_get_user_auth_token->sec_change_user_auth_token

Testcases:
No testcase defined.

sec_login_get_external_registry (public)

 sec_login_get_external_registry

If the login was issued from an external_registry, use this as well for refreshing.

Returns:
registry object or the empty string when not applicable

Partial Call Graph (max 5 caller/called nodes):
%3 ad_user_logout ad_user_logout (public) sec_login_get_external_registry sec_login_get_external_registry ad_user_logout->sec_login_get_external_registry auth::refresh_login auth::refresh_login (public) auth::refresh_login->sec_login_get_external_registry auth::require_login auth::require_login (public) auth::require_login->sec_login_get_external_registry ad_conn ad_conn (public) sec_login_get_external_registry->ad_conn sec_login_read_cookie sec_login_read_cookie (private) sec_login_get_external_registry->sec_login_read_cookie

Testcases:
No testcase defined.

sec_login_handler (public)

 sec_login_handler

If a login cookie exists, it is checked for expiration (depending on LoginTimeout) and the account status is validated. In every case, the session info including [ad_conn] and the session cookie is updated accordingly. Modified ad_conn variables: untrusted_user_id, session_id, auth_level, account_status, and user_id.

Partial Call Graph (max 5 caller/called nodes):
%3 auth::verify_account_status auth::verify_account_status (public) sec_login_handler sec_login_handler auth::verify_account_status->sec_login_handler sec_handler sec_handler (private) sec_handler->sec_login_handler ad_conn ad_conn (public) sec_login_handler->ad_conn auth::get_local_account_status auth::get_local_account_status (public) sec_login_handler->auth::get_local_account_status sec_get_user_auth_token sec_get_user_auth_token (public) sec_login_handler->sec_get_user_auth_token sec_login_read_cookie sec_login_read_cookie (private) sec_login_handler->sec_login_read_cookie sec_login_timeout sec_login_timeout sec_login_handler->sec_login_timeout

Testcases:
No testcase defined.

sec_random_token (public)

 sec_random_token

Generates a random token.

Partial Call Graph (max 5 caller/called nodes):
%3 acs_user::promote_person_to_user acs_user::promote_person_to_user (public) sec_random_token sec_random_token acs_user::promote_person_to_user->sec_random_token ad_change_password ad_change_password (public) ad_change_password->sec_random_token ad_generate_random_string ad_generate_random_string (public) ad_generate_random_string->sec_random_token auth::create_local_account_helper auth::create_local_account_helper (private) auth::create_local_account_helper->sec_random_token sec_populate_secret_tokens_db sec_populate_secret_tokens_db (private) sec_populate_secret_tokens_db->sec_random_token acs::icanuse acs::icanuse (public) sec_random_token->acs::icanuse ad_conn ad_conn (public) sec_random_token->ad_conn

Testcases:
No testcase defined.

security::RestrictLoginToSSLP (public)

 security::RestrictLoginToSSLP

Return 1 if login pages and other pages taking user password should be restricted to a secure (HTTPS) connection and 0 otherwise. Based on acs-kernel parameter with same name.

Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 ad_get_login_url ad_get_login_url (public) security::RestrictLoginToSSLP security::RestrictLoginToSSLP ad_get_login_url->security::RestrictLoginToSSLP fs::webdav_url fs::webdav_url (public) fs::webdav_url->security::RestrictLoginToSSLP oacs_dav::authorize oacs_dav::authorize (public) oacs_dav::authorize->security::RestrictLoginToSSLP packages/acs-admin/lib/password-update.tcl packages/acs-admin/ lib/password-update.tcl packages/acs-admin/lib/password-update.tcl->security::RestrictLoginToSSLP packages/acs-subsite/lib/login.tcl packages/acs-subsite/ lib/login.tcl packages/acs-subsite/lib/login.tcl->security::RestrictLoginToSSLP parameter::get parameter::get (public) security::RestrictLoginToSSLP->parameter::get security::https_available_p security::https_available_p (public) security::RestrictLoginToSSLP->security::https_available_p

Testcases:
No testcase defined.

security::configured_driver_info (public)

 security::configured_driver_info

Return a list of dicts containing type, driver, location and port of all configured drivers

See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 security::configured_locations security::configured_locations (private) security::configured_driver_info security::configured_driver_info security::configured_locations->security::configured_driver_info security::validated_host_header security::validated_host_header (public) security::validated_host_header->security::configured_driver_info subsite::get_url subsite::get_url (public) subsite::get_url->security::configured_driver_info

Testcases:
No testcase defined.

security::cookie_name (public)

 security::cookie_name plain_name
Parameters:
plain_name (required)
Returns:
the supplied cookie name, but potentially prefixed according to the NaviServer CookieNamespace parameter, to make it unique for this particular domain.

Partial Call Graph (max 5 caller/called nodes):
%3 ad_user_login ad_user_login (public) security::cookie_name security::cookie_name ad_user_login->security::cookie_name ad_user_logout ad_user_logout (public) ad_user_logout->security::cookie_name lang::user::set_locale lang::user::set_locale (public) lang::user::set_locale->security::cookie_name lang::user::site_wide_locale_not_cached lang::user::site_wide_locale_not_cached (private) lang::user::site_wide_locale_not_cached->security::cookie_name sec_generate_secure_token_cookie sec_generate_secure_token_cookie (private) sec_generate_secure_token_cookie->security::cookie_name

Testcases:
No testcase defined.

security::csp::add_static_resource_header (public)

 security::csp::add_static_resource_header -mime_type mime_type

Set the CSP rule on the current connection for a static resource depending on the MIME type.

Switches:
-mime_type (required)
MIME type of the resource to be delivered

Partial Call Graph (max 5 caller/called nodes):
%3 ad_returnfile_background ad_returnfile_background (public) security::csp::add_static_resource_header security::csp::add_static_resource_header ad_returnfile_background->security::csp::add_static_resource_header cr_write_content-file cr_write_content-file (private) cr_write_content-file->security::csp::add_static_resource_header rp_serve_resource_file rp_serve_resource_file (private) rp_serve_resource_file->security::csp::add_static_resource_header

Testcases:
No testcase defined.

security::csp::nonce (public)

 security::csp::nonce [ -tokenname tokenname ]

Generate a nonce token and return it. The nonce token can be used in content security policies (CSP2) for "script" and "style" elements. Desired Properties: generate a single unique value per request which is hard for a hacker to predict, it should only contain base64 characters (so hex is fine). For details, see https://www.w3.org/TR/CSP/

Switches:
-tokenname (optional, defaults to "__csp_nonce")
Returns:
nonce token
Author:
Gustaf Neumann

Partial Call Graph (max 5 caller/called nodes):
%3 Class ::xowiki::BootstrapNavbarDropzone Class ::xowiki::BootstrapNavbarDropzone (public) security::csp::nonce security::csp::nonce Class ::xowiki::BootstrapNavbarDropzone->security::csp::nonce Class ::xowiki::includelet::book Class ::xowiki::includelet::book (public) Class ::xowiki::includelet::book->security::csp::nonce Class ::xowiki::includelet::flowplayer Class ::xowiki::includelet::flowplayer (public) Class ::xowiki::includelet::flowplayer->security::csp::nonce Class ::xowiki::includelet::timeline Class ::xowiki::includelet::timeline (public) Class ::xowiki::includelet::timeline->security::csp::nonce ad_progress_bar_end ad_progress_bar_end (public) ad_progress_bar_end->security::csp::nonce ad_conn ad_conn (public) security::csp::nonce->ad_conn

Testcases:
No testcase defined.

security::csp::render (public)

 security::csp::render

This is the CSP generator. Collect the specified directives and build from these directives the full CSP specification for the current page.

Author:
Gustaf Neumann
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 packages/acs-bootstrap-installer/installer/www/blank-master.tcl packages/acs-bootstrap-installer/ installer/www/blank-master.tcl security::csp::render security::csp::render packages/acs-bootstrap-installer/installer/www/blank-master.tcl->security::csp::render security::csp::nonce security::csp::nonce (public) security::csp::render->security::csp::nonce security::csp::require security::csp::require (public) security::csp::render->security::csp::require

Testcases:
No testcase defined.

security::csp::require (public)

 security::csp::require [ -force ] directive value

Add a single value directive to the CSP rule-set. The directives are picked up, when the page is rendered, by the CSP generator.

Switches:
-force (optional, boolean)
Parameters:
directive (required)
name of the directive (such as e.g. style-src)
value (required)
allowed source for this page (such as e.g. unsafe-inline)
Author:
Gustaf Neumann
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 Class ::xowiki::formfield::FormField Class ::xowiki::formfield::FormField (public) security::csp::require security::csp::require Class ::xowiki::formfield::FormField->security::csp::require Class ::xowiki::includelet::gravatar Class ::xowiki::includelet::gravatar (public) Class ::xowiki::includelet::gravatar->security::csp::require ad_html_text_convert ad_html_text_convert (public) ad_html_text_convert->security::csp::require cookieconsent::add_to_page cookieconsent::add_to_page (public) cookieconsent::add_to_page->security::csp::require packages/xotcl-request-monitor/www/index.tcl packages/xotcl-request-monitor/ www/index.tcl packages/xotcl-request-monitor/www/index.tcl->security::csp::require

Testcases:
No testcase defined.

security::csrf::new (public)

 security::csrf::new [ -tokenname tokenname ] [ -user_id user_id ]

Create a security token to protect against CSRF (Cross-Site Request Forgery). The token is set (and cached) in a global per-thread variable and can be included in forms e.g. via the following command.

        <if @::__csrf_token@ defined>
            <input type="hidden" name="__csrf_token" value="@::__csrf_token;literal@">
        </if>

The token is automatically cleared together with other global variables at the end of the processing of every request.

The optional argument user_id is currently ignored, but it is there, since there are algorithms published to calculate the CSRF token based on a user_id. So far, i found no evidence that these should be used, but the argument is there as a reminder, such the interface does not have to be used, when we switch to such an algorithm.

Switches:
-tokenname (optional, defaults to "__csrf_token")
-user_id (optional)
Returns:
CSRF token
Author:
Gustaf Neumann

Partial Call Graph (max 5 caller/called nodes):
%3 __ad_verify_signature __ad_verify_signature (private) security::csrf::new security::csrf::new __ad_verify_signature->security::csrf::new ad_sign ad_sign (public) ad_sign->security::csrf::new packages/search/lib/navbar.tcl packages/search/ lib/navbar.tcl packages/search/lib/navbar.tcl->security::csrf::new sec_handler sec_handler (private) sec_handler->security::csrf::new security::csrf::token security::csrf::token (private) security::csrf::new->security::csrf::token

Testcases:
No testcase defined.

security::csrf::validate (public)

 security::csrf::validate [ -tokenname tokenname ] \
    [ -allowempty allowempty ]

Validate a CSRF token and call security::csrf::fail the request if invalid.

Switches:
-tokenname (optional, defaults to "__csrf_token")
-allowempty (optional, defaults to "false")
Returns:
nothing

Partial Call Graph (max 5 caller/called nodes):
%3 test_create_workflow_with_instance create_workflow_with_instance (test xowf) security::csrf::validate security::csrf::validate test_create_workflow_with_instance->security::csrf::validate security::csrf::fail security::csrf::fail (private) security::csrf::validate->security::csrf::fail security::csrf::token security::csrf::token (private) security::csrf::validate->security::csrf::token ad_form ad_form (public) ad_form->security::csrf::validate template::csrf::validate template::csrf::validate (public) template::csrf::validate->security::csrf::validate xowiki::FormPage instproc www-edit xowiki::FormPage instproc www-edit (public) xowiki::FormPage instproc www-edit->security::csrf::validate xowiki::FormPage instproc www-file-upload xowiki::FormPage instproc www-file-upload (public) xowiki::FormPage instproc www-file-upload->security::csrf::validate xowiki::Page instproc www-bulk-delete xowiki::Page instproc www-bulk-delete (public) xowiki::Page instproc www-bulk-delete->security::csrf::validate

Testcases:
create_workflow_with_instance

security::driver (public)

 security::driver

Return the secure driver if available

Author:
Gustaf Neumann

Partial Call Graph (max 5 caller/called nodes):
%3 security::get_https_port security::get_https_port (private) security::driver security::driver security::get_https_port->security::driver ad_server_modules ad_server_modules (private) security::driver->ad_server_modules

Testcases:
No testcase defined.

security::get_client_property_password (public)

 security::get_client_property_password password

Convenience function for retrieving user password from client property

Parameters:
password (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 packages/acs-admin/www/users/user-add-2.tcl packages/acs-admin/ www/users/user-add-2.tcl security::get_client_property_password security::get_client_property_password packages/acs-admin/www/users/user-add-2.tcl->security::get_client_property_password ad_get_client_property ad_get_client_property (public) security::get_client_property_password->ad_get_client_property

Testcases:
No testcase defined.

security::get_qualified_url (public)

 security::get_qualified_url url
Parameters:
url (required)
Returns:
secure or insecure qualified url

Partial Call Graph (max 5 caller/called nodes):
%3 ad_return_url ad_return_url (public) security::get_qualified_url security::get_qualified_url ad_return_url->security::get_qualified_url auth::password::email_password auth::password::email_password (private) auth::password::email_password->security::get_qualified_url security::get_register_subsite security::get_register_subsite (public) security::get_register_subsite->security::get_qualified_url ad_conn ad_conn (public) security::get_qualified_url->ad_conn security::get_insecure_qualified_url security::get_insecure_qualified_url (private) security::get_qualified_url->security::get_insecure_qualified_url security::get_secure_qualified_url security::get_secure_qualified_url (private) security::get_qualified_url->security::get_secure_qualified_url security::secure_conn_p security::secure_conn_p (public) security::get_qualified_url->security::secure_conn_p

Testcases:
No testcase defined.

security::get_register_subsite (public)

 security::get_register_subsite

Returns a URL pointing to the subsite, on which the register/unregister should be performed. If there is no current connection, the main site url is returned. TODO: util_current_location and security::get_register_subsite can be probably cached, when using the following parameters in the cache key: - host header field - [ns_conn location] - ... also [security::get_register_subsite] could/should be cached

Author:
Gustaf Neumann

Partial Call Graph (max 5 caller/called nodes):
%3 ad_get_external_registries ad_get_external_registries (public) security::get_register_subsite security::get_register_subsite ad_get_external_registries->security::get_register_subsite ad_get_login_url ad_get_login_url (public) ad_get_login_url->security::get_register_subsite ad_get_logout_url ad_get_logout_url (public) ad_get_logout_url->security::get_register_subsite auth::password::email_password auth::password::email_password (private) auth::password::email_password->security::get_register_subsite boomerang::get_relevant_subsite boomerang::get_relevant_subsite (private) boomerang::get_relevant_subsite->security::get_register_subsite ad_get_node_id_from_host_node_map ad_get_node_id_from_host_node_map (private) security::get_register_subsite->ad_get_node_id_from_host_node_map apm_package_id_from_key apm_package_id_from_key (public) security::get_register_subsite->apm_package_id_from_key apm_package_key_from_id apm_package_key_from_id (public) security::get_register_subsite->apm_package_key_from_id parameter::get parameter::get (public) security::get_register_subsite->parameter::get permission::permission_p permission::permission_p (public) security::get_register_subsite->permission::permission_p

Testcases:
No testcase defined.

security::get_secure_location (public)

 security::get_secure_location

Return the current location in secure (https) mode.

Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 test_get_insecure_location get_insecure_location (test acs-tcl) security::get_secure_location security::get_secure_location test_get_insecure_location->security::get_secure_location apm_package_id_from_key apm_package_id_from_key (public) security::get_secure_location->apm_package_id_from_key parameter::get parameter::get (public) security::get_secure_location->parameter::get security::get_https_port security::get_https_port (private) security::get_secure_location->security::get_https_port util::join_location util::join_location (public) security::get_secure_location->util::join_location util::split_location util::split_location (public) security::get_secure_location->util::split_location fs::webdav_url fs::webdav_url (public) fs::webdav_url->security::get_secure_location security::get_secure_qualified_url security::get_secure_qualified_url (private) security::get_secure_qualified_url->security::get_secure_location security::locations security::locations (public) security::locations->security::get_secure_location

Testcases:
get_insecure_location

security::https_available_p (public)

 security::https_available_p

Return 1 if server is configured to support HTTPS and 0 otherwise.

Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 auth::get_user_id auth::get_user_id (public) security::https_available_p security::https_available_p auth::get_user_id->security::https_available_p packages/acs-tcl/tcl/admin-init.tcl packages/acs-tcl/ tcl/admin-init.tcl packages/acs-tcl/tcl/admin-init.tcl->security::https_available_p rp_filter rp_filter (private) rp_filter->security::https_available_p security::RestrictLoginToSSLP security::RestrictLoginToSSLP (public) security::RestrictLoginToSSLP->security::https_available_p security::locations security::locations (public) security::locations->security::https_available_p security::get_https_port security::get_https_port (private) security::https_available_p->security::get_https_port

Testcases:
No testcase defined.

security::locations (public)

 security::locations

This function returns the configured locations and the current location and the vhost locations, potentially in HTTP or in HTTPs variants. When the package parameter "SuppressHttpPort" of acs-tcl parameter is true, then an alternate location without a port is included. This proc also assumes hostnames from host_node_map table are accurate and legit. The term location refers to protocol://domain:port for website.

Returns:
insecure location and secure location followed possibly by alternate location(s) as a list.

Partial Call Graph (max 5 caller/called nodes):
%3 test_ad_dom_sanitize_html ad_dom_sanitize_html (test acs-tcl) security::locations security::locations test_ad_dom_sanitize_html->security::locations ad_conn ad_conn (public) security::locations->ad_conn apm_package_id_from_key apm_package_id_from_key (public) security::locations->apm_package_id_from_key parameter::get parameter::get (public) security::locations->parameter::get security::configured_locations security::configured_locations (private) security::locations->security::configured_locations security::get_secure_location security::get_secure_location (public) security::locations->security::get_secure_location util::external_url_p util::external_url_p (public) util::external_url_p->security::locations

Testcases:
ad_dom_sanitize_html

security::parameter::signed (public)

 security::parameter::signed [ -max_age max_age ] value

Compute a compact single-token signed value based on the parameterSecret.

Switches:
-max_age (optional)
Parameters:
value (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 Class ::Generic::Form Class ::Generic::Form (public) security::parameter::signed security::parameter::signed Class ::Generic::Form->security::parameter::signed Generic::Form instproc generate Generic::Form instproc generate (public) Generic::Form instproc generate->security::parameter::signed xowiki::FormPage instproc www-edit xowiki::FormPage instproc www-edit (public) xowiki::FormPage instproc www-edit->security::parameter::signed ad_sign ad_sign (public) security::parameter::signed->ad_sign sec_get_random_cached_token_id sec_get_random_cached_token_id (public) security::parameter::signed->sec_get_random_cached_token_id

Testcases:
No testcase defined.

security::parameter::validated (public)

 security::parameter::validated input

Validate the single-token signed value and return its content value. Raise an exception, when the signature is broken.

Parameters:
input (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 xowiki::test::get_object_name xowiki::test::get_object_name (private) security::parameter::validated security::parameter::validated xowiki::test::get_object_name->security::parameter::validated ad_raise ad_raise (public) security::parameter::validated->ad_raise ad_verify_signature ad_verify_signature (public) security::parameter::validated->ad_verify_signature

Testcases:
No testcase defined.

security::redirect_to_insecure (public)

 security::redirect_to_insecure url

Redirect to the given URL and enter insecure (HTTP) mode.

Parameters:
url (required)
Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 ad_returnredirect ad_returnredirect (public) ad_script_abort ad_script_abort (public) security::get_insecure_qualified_url security::get_insecure_qualified_url (private) security::redirect_to_insecure security::redirect_to_insecure security::redirect_to_insecure->ad_returnredirect security::redirect_to_insecure->ad_script_abort security::redirect_to_insecure->security::get_insecure_qualified_url

Testcases:
No testcase defined.

security::redirect_to_secure (public)

 security::redirect_to_secure [ -script_abort ] url

Redirect to the given URL and enter secure (HTTPS) mode. Does nothing if the server is not configured for HTTPS support.

Switches:
-script_abort (optional, boolean, defaults to "true")
Parameters:
url (required)
Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 rp_filter rp_filter (private) security::redirect_to_secure security::redirect_to_secure rp_filter->security::redirect_to_secure security::require_secure_conn security::require_secure_conn (public) security::require_secure_conn->security::redirect_to_secure ad_conn ad_conn (public) security::redirect_to_secure->ad_conn ad_returnredirect ad_returnredirect (public) security::redirect_to_secure->ad_returnredirect ad_script_abort ad_script_abort (public) security::redirect_to_secure->ad_script_abort security::get_secure_qualified_url security::get_secure_qualified_url (private) security::redirect_to_secure->security::get_secure_qualified_url security::https_available_p security::https_available_p (public) security::redirect_to_secure->security::https_available_p

Testcases:
No testcase defined.

security::require_secure_conn (public)

 security::require_secure_conn

Redirect back to the current page in secure mode (HTTPS) if we are not already in secure mode. Does nothing if the server is not configured for HTTPS support.

Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 packages/acs-admin/lib/password-update.tcl packages/acs-admin/ lib/password-update.tcl security::require_secure_conn security::require_secure_conn packages/acs-admin/lib/password-update.tcl->security::require_secure_conn packages/acs-subsite/lib/login.tcl packages/acs-subsite/ lib/login.tcl packages/acs-subsite/lib/login.tcl->security::require_secure_conn packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl packages/acs-subsite/lib/user-new.tcl->security::require_secure_conn packages/acs-subsite/www/user/password-reset.tcl packages/acs-subsite/ www/user/password-reset.tcl packages/acs-subsite/www/user/password-reset.tcl->security::require_secure_conn packages/acs-subsite/www/user/password-update.tcl packages/acs-subsite/ www/user/password-update.tcl packages/acs-subsite/www/user/password-update.tcl->security::require_secure_conn ad_conn ad_conn (public) security::require_secure_conn->ad_conn ad_return_url ad_return_url (public) security::require_secure_conn->ad_return_url security::https_available_p security::https_available_p (public) security::require_secure_conn->security::https_available_p security::redirect_to_secure security::redirect_to_secure (public) security::require_secure_conn->security::redirect_to_secure security::secure_conn_p security::secure_conn_p (public) security::require_secure_conn->security::secure_conn_p

Testcases:
No testcase defined.

security::safe_tmpfile_p (public)

 security::safe_tmpfile_p [ -must_exist ] tmpfile

Checks that a file is a safe tmpfile, that is, it belongs to the configured tmpdir. When the file exists, we also enforce additional criteria: - file must belong to the current system user - file must be readable and writable by the current system user

Switches:
-must_exist (optional, boolean)
make sure the file exists
Parameters:
tmpfile (required)
absolute path to a possibly existing tmpfile
Returns:
boolean

Partial Call Graph (max 5 caller/called nodes):
%3 test_safe_tmpfile_p safe_tmpfile_p (test acs-tcl) security::safe_tmpfile_p security::safe_tmpfile_p test_safe_tmpfile_p->security::safe_tmpfile_p ad_file ad_file (public) security::safe_tmpfile_p->ad_file ad_page_contract_filter_proc_tmpfile ad_page_contract_filter_proc_tmpfile (public) ad_page_contract_filter_proc_tmpfile->security::safe_tmpfile_p template::data::validate::file template::data::validate::file (public) template::data::validate::file->security::safe_tmpfile_p

Testcases:
safe_tmpfile_p

security::secure_conn_p (public)

 security::secure_conn_p

Returns true if the connection [ad_conn] is secure (HTTPS), or false otherwise.

Partial Call Graph (max 5 caller/called nodes):
%3 ad_get_client_property ad_get_client_property (public) security::secure_conn_p security::secure_conn_p ad_get_client_property->security::secure_conn_p ad_get_login_url ad_get_login_url (public) ad_get_login_url->security::secure_conn_p ad_restrict_to_https ad_restrict_to_https (public) ad_restrict_to_https->security::secure_conn_p ad_set_client_property ad_set_client_property (public) ad_set_client_property->security::secure_conn_p ad_user_login ad_user_login (public) ad_user_login->security::secure_conn_p

Testcases:
No testcase defined.

security::secure_hostname_p (public)

 security::secure_hostname_p host

Check, if the content of host is a "secure" value, which means, it is either white-listed or belongs to a non-public IP address, such it cannot harm in redirect operations.

Parameters:
host (required)
Returns:
boolean value

Partial Call Graph (max 5 caller/called nodes):
%3 security::validated_host_header security::validated_host_header (public) security::secure_hostname_p security::secure_hostname_p security::validated_host_header->security::secure_hostname_p acs::icanuse acs::icanuse (public) security::secure_hostname_p->acs::icanuse

Testcases:
No testcase defined.

security::set_client_property_password (public)

 security::set_client_property_password password

Convenience function for remembering user password as client property rather than passing it as query parameter.

Parameters:
password (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl security::set_client_property_password security::set_client_property_password packages/acs-subsite/lib/user-new.tcl->security::set_client_property_password ad_set_client_property ad_set_client_property (public) security::set_client_property_password->ad_set_client_property

Testcases:
No testcase defined.

security::validated_host_header (public)

 security::validated_host_header
Returns:
validated host header field or empty
Author:
Gustaf Neumann Protect against faked or invalid host header fields. Host header attacks can lead to web-cache poisoning and password reset attacks (for more details, see e.g. http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html) or to unintended redirects to different sites. The validated host header most be syntactically correct, and it must be either configured/white-listed or it must be from a non-routable IP address. White-listed hosts are taken from the alternate host names specified in the "ns/module/DRIVER/servers" section, or via the configuration variable "hostname" (e.g., "openacs.org www.openacs.org") which is added the the "/server" section during startup.

Partial Call Graph (max 5 caller/called nodes):
%3 packages/acs-admin/www/posture-overview.tcl packages/acs-admin/ www/posture-overview.tcl security::validated_host_header security::validated_host_header packages/acs-admin/www/posture-overview.tcl->security::validated_host_header util_current_location util_current_location (public) util_current_location->security::validated_host_header acs::icanuse acs::icanuse (public) security::validated_host_header->acs::icanuse ad_conn ad_conn (public) security::validated_host_header->ad_conn ad_url ad_url (public) security::validated_host_header->ad_url db_0or1row db_0or1row (public) security::validated_host_header->db_0or1row security::configured_driver_info security::configured_driver_info (public) security::validated_host_header->security::configured_driver_info

Testcases:
No testcase defined.
[ show source ]