Commit 9dc8fb9c authored by Leigh Stoller's avatar Leigh Stoller

Remove the bulk of the guest user code. Some left, but anything that

could let a guest user gain entry is now gone. I will clean up
straggling guest code over time. This closes issue #352.
parent 677a9082
......@@ -177,15 +177,16 @@ $xmlfile = shift(@ARGV);
# Check the filename when invoked from the web interface; must be a
# file in /tmp.
#
if (getpwuid($UID) ne "nobody") {
$this_user = User->ThisUser();
if (getpwuid($UID) eq "nobody") {
if (! defined($this_user)) {
}
$this_user = User->ThisUser();
if (! defined($this_user)) {
fatal("You ($UID) do not exist!");
}
$localuser = 1;
$maxduration = 16; # Hours.
}
$localuser = 1;
$maxduration = 16; # Hours.
if (!defined($this_user) || !$this_user->IsAdmin()) {
if ($xmlfile =~ /^([-\w\.\/]+)$/) {
$xmlfile = $1;
......
......@@ -44,7 +44,7 @@ $this_user = CheckLogin($check_status);
if (isset($this_user)) {
CheckLoginOrDie(CHECKLOGIN_NONLOCAL|CHECKLOGIN_WEBONLY);
}
elseif (!$ISAPT) {
else {
RedirectLoginPage();
}
......@@ -55,32 +55,11 @@ $optargs = OptionalPageArguments("create", PAGEARG_STRING,
"profile", PAGEARG_STRING,
"version", PAGEARG_INTEGER,
"project", PAGEARG_PROJECT,
"asguest", PAGEARG_BOOLEAN,
"default", PAGEARG_STRING,
"from", PAGEARG_STRING,
"refspec", PAGEARG_STRING,
"formfields", PAGEARG_ARRAY);
if ($ISAPT && !$this_user) {
#
# If user appears to have an account, go to login page.
# Continue as guest on that page.
#
if (REMEMBERED_ID()) {
if (isset($asguest) && $asguest) {
# User clicked on continue as guest. If we do not delete the
# cookie, then user will go through the same loop next time
# they click the Home button, since that points here. So delete
# the UID cookie. Not sure I like this.
ClearRememberedID();
}
else {
header("Location: login.php?from=instantiate&referrer=".
urlencode($_SERVER['REQUEST_URI']));
}
}
}
# Need to make non-hardcoded
$maxduration = 16;
......
......@@ -2,14 +2,13 @@ $(function ()
{
'use strict';
var templates = APT_OPTIONS.fetchTemplateList(['manage-profile', 'waitwait-modal', 'renderer-modal', 'showtopo-modal', 'oops-modal', 'rspectextview-modal', 'guest-instantiate', 'publish-modal', 'share-modal', 'gitrepo-picker','profile-list-modal','confirm-delete-profile']);
var templates = APT_OPTIONS.fetchTemplateList(['manage-profile', 'waitwait-modal', 'renderer-modal', 'showtopo-modal', 'oops-modal', 'rspectextview-modal', 'publish-modal', 'share-modal', 'gitrepo-picker','profile-list-modal','confirm-delete-profile']);
var manageString = templates['manage-profile'];
var waitwaitString = templates['waitwait-modal'];
var rendererString = templates['renderer-modal'];
var showtopoString = templates['showtopo-modal'];
var oopsString = templates['oops-modal'];
var rspectextviewString = templates['rspectextview-modal'];
var guestInstantiateString = templates['guest-instantiate'];
var publishString = templates['publish-modal'];
var shareString = templates['share-modal'];
var gitrepoString = templates['gitrepo-picker'];
......@@ -44,7 +43,6 @@ $(function ()
var showtopoTemplate = _.template(showtopoString);
var rspectextTemplate = _.template(rspectextviewString);
var oopsTemplate = _.template(oopsString);
var guestInstTemplate = _.template(guestInstantiateString);
var shareTemplate = _.template(shareString);
var gitrepoTemplate = _.template(gitrepoString);
var plistTemplate = _.template(plistString);
......@@ -173,8 +171,6 @@ $(function ()
$('#renderer_div').html(renderer_html);
var oops_html = oopsTemplate({});
$('#oops_div').html(oops_html);
var guest_html = guestInstTemplate({});
$('#guest_div').html(guest_html);
$('#publish_div').html(publishString);
var rspectext_html = rspectextTemplate({});
$('#rspectext_div').html(rspectext_html);
......@@ -580,12 +576,6 @@ $(function ()
$('#renderer_modal_div').html($(this).html());
sup.ShowModal("#renderer_modal");
});
// Handler for guest instantiate submit button, which is in
// the modal.
$('#guest_instantiate_submit_button').click(function (event) {
event.preventDefault();
InstantiateAsGuest();
});
// Handler for normal instantiate submit button, which is in
// the modal.
$('#instantiate_submit_button').click(function (event) {
......@@ -1102,41 +1092,6 @@ $(function ()
}
}
//
// Instantiate a profile as a guest User.
//
function InstantiateAsGuest()
{
var callback = function(json) {
sup.HideModal("#waitwait-modal");
if (json.code) {
sup.SpitOops("oops", json.value);
return;
}
//
// Need to set the cookies we get back so that we can
// redirect to the status page.
//
document.cookie =
'quickvm_user=' + json.value.quickvm_user +
'; max-age=86400; path=/; secure';
document.cookie =
'quickvm_authkey=' + json.value.quickvm_authkey +
'; max-age=86400; path=/; secure';
var url = "status.php?uuid=" + json.value.quickvm_uuid;
window.location.replace(url);
}
sup.HideModal("#guest_instantiate_modal");
WaitWait();
var xmlthing = sup.CallServerMethod(ajaxurl,
"manage_profile",
"InstantiateAsGuest",
{"uuid" : version_uuid});
xmlthing.done(callback);
}
//
// Instantiate a profile.
//
......@@ -1206,7 +1161,6 @@ $(function ()
EnableButton("profile_instantiate_button");
EnableButton("profile_submit_button");
EnableButton("profile_copy_button");
EnableButton("guest_instantiate_button");
EnableButton("profile_publish_button");
}
function DisableButtons()
......@@ -1215,7 +1169,6 @@ $(function ()
DisableButton("profile_instantiate_button");
DisableButton("profile_submit_button");
DisableButton("profile_copy_button");
DisableButton("guest_instantiate_button");
DisableButton("profile_publish_button");
}
function EnableButton(button)
......
......@@ -2,13 +2,12 @@ $(function ()
{
'use strict';
var templates = APT_OPTIONS.fetchTemplateList(['show-profile', 'waitwait-modal', 'renderer-modal', 'showtopo-modal', 'rspectextview-modal', 'guest-instantiate', 'instantiate-modal', 'oops-modal', 'share-modal']);
var templates = APT_OPTIONS.fetchTemplateList(['show-profile', 'waitwait-modal', 'renderer-modal', 'showtopo-modal', 'rspectextview-modal', 'instantiate-modal', 'oops-modal', 'share-modal']);
var showString = templates['show-profile'];
var waitwaitString = templates['waitwait-modal'];
var rendererString = templates['renderer-modal'];
var showtopoString = templates['showtopo-modal'];
var rspectextviewString = templates['rspectextview-modal'];
var guestInstantiateString = templates['guest-instantiate'];
var instantiateString = templates['instantiate-modal'];
var oopsString = templates['oops-modal'];
var shareString = templates['share-modal'];
......@@ -84,7 +83,6 @@ $(function ()
$('#waitwait_div').html(waitwaitString);
$('#showtopomodal_div').html(showtopoString);
$('#guest_div').html(guestInstantiateString);
var instantiate_html = InstTemplate({ amlist: amlist,
amdefault: window.AMDEFAULT});
$('#instantiate_div').html(instantiate_html);
......
......@@ -44,8 +44,7 @@ if (!$ISAPT) {
#
# Verify page arguments.
#
$optargs = OptionalPageArguments("asguest", PAGEARG_BOOLEAN,
"from", PAGEARG_STRING);
$optargs = OptionalPageArguments("from", PAGEARG_STRING);
#
# Redirect logged in user.
......@@ -74,43 +73,5 @@ if ($this_user) {
return;
}
#
# APT users might be guests.
#
if ($ISAPT) {
#
# If user appears to have an account, go to login page.
# Continue as guest on that page.
#
if (REMEMBERED_ID()) {
if (isset($asguest) && $asguest) {
# User clicked on continue as guest. If we do not delete the
# cookie, then user will go through the same loop next time
# they click the Home button, since that points here. So delete
# the UID cookie. Not sure I like this.
ClearRememberedID();
}
else {
header("Location: login.php?from=landing");
return;
}
}
}
#
# A guest user. Go directly to status page.
#
if (isset($_COOKIE['quickvm_user'])) {
$geniuser = GeniUser::Lookup("sa", $_COOKIE['quickvm_user']);
if ($geniuser) {
#
# Look for existing quickvm. Show that.
#
$instance = Instance::LookupByCreator($geniuser->uuid());
if ($instance && $instance->status() != "terminating") {
header("Location: status.php?uuid=" . $instance->uuid());
return;
}
}
}
header("Location: $APTBASE/instantiate.php");
?>
......@@ -73,16 +73,6 @@ else {
$cleanmode = 0;
}
#
# We want to show guest login, when redirected from the landing page
# or from the instantiate page. APT only.
#
$showguestlogin = 0;
if ($ISAPT && isset($from) &&
($from == "landing" || $from == "instantiate")) {
$showguestlogin = 1;
}
if (NOLOGINS() && !$adminmode) {
if ($ajax_request) {
SPITAJAX_ERROR(1, "logins are temporarily disabled");
......@@ -104,7 +94,7 @@ function SPITFORM($uid, $referrer, $error)
{
global $PORTAL_PASSWORD_HELP;
global $TBDB_UIDLEN, $TBBASE, $refer;
global $ISAPT, $ISCLOUD, $ISPNET, $ISPOWDER, $showguestlogin;
global $ISAPT, $ISCLOUD, $ISPNET, $ISPOWDER;
global $adminmode, $cleanmode;
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
......@@ -196,13 +186,6 @@ function SPITFORM($uid, $referrer, $error)
id='quickvm_geni_login_button'>Geni User?</button>
<?php
}
if ($ISAPT && REMEMBERED_ID() && $showguestlogin) {
?>
<a class='btn btn-info btn-sm pull-left'
href='instantiate.php?asguest=1'
type='button'>Continue as Guest</a>
<?php
}
?>
<button class='btn btn-primary btn-sm pull-right'
id='quickvm_login_modal_button'
......
......@@ -681,88 +681,6 @@ function Do_PublishProfile()
SPITAJAX_RESPONSE(array("published" => $profile->published()));
}
#
# Instantiate as Guest user. Simply a convenience, users could do
# this themselves.
#
# Note that this is going to log the user out. Big simplification,
# big headache otherwise.
#
function Do_GuestInstantiate()
{
global $this_user;
global $ajax_args;
$this_idx = $this_user->uid_idx();
if (!isset($ajax_args["uuid"])) {
SPITAJAX_ERROR(1, "Missing profile uuid");
return;
}
$profile = Profile::Lookup($ajax_args["uuid"]);
if (!$profile) {
SPITAJAX_ERROR(1, "Unknown profile uuid");
return;
}
if ($this_idx != $profile->creator_idx() && !ISADMIN()) {
SPITAJAX_ERROR(1, "Not enough permission");
return;
}
#
# Need to form a guest id. Ideally, lets look for a guest user
# with the same email and use that.
#
$geniuser = GeniUser::LookupByEmail("sa", $this_user->email());
if ($geniuser) {
$guestid = $geniuser->uid();
$token = $geniuser->auth_token();
}
else {
$guestid = "g" . substr(GENHASH(), 0, 6);
$token = substr(GENHASH(), 0, 16);
}
$args = array();
$args["username"] = $guestid;
$args["email"] = $this_user->email();
$args["profile"] = $profile->uuid();
$args["auth_token"] = $token;
# Grab first internal (encrypted) ssh key and use it.
$query_result =
DBQueryWarn("select pubkey from user_pubkeys ".
"where uid_idx='$this_idx' and internal=0 limit 1");
if (mysql_num_rows($query_result)) {
$row = mysql_fetch_array($query_result);
$args["sshkey"] = $row[0];
}
#
# Need to log the user out.
#
DBQueryFatal("delete from login where uid_idx='$this_idx'");
#
# Invoke the backend.
#
$errors = array();
list ($instance, $creator) =
Instance::Instantiate(NULL, "", $args, $errors);
if (!$instance) {
SPITAJAX_ERROR(1, $errors["error"]);
return;
}
#
# Return the cookies the clients needs to set, so that it can load
# the status page.
#
SPITAJAX_RESPONSE(array("quickvm_user" => $creator->uuid(),
"quickvm_id" => $guestid,
"quickvm_uuid" => $instance->uuid(),
'quickvm_authkey' => $creator->auth_token()));
}
#
# Run a geni-lib script, returning the XML.
#
......
......@@ -240,7 +240,7 @@ function SPITFORM($formfields, $errors)
AddLibrary("js/gitrepo.js");
SPITREQUIRE("js/manage_profile.js");
AddTemplateList(array('manage-profile', 'waitwait-modal', 'renderer-modal', 'showtopo-modal', 'oops-modal', 'rspectextview-modal', 'guest-instantiate', 'publish-modal', 'share-modal', 'gitrepo-picker', 'profile-list-modal', 'confirm-delete-profile'));
AddTemplateList(array('manage-profile', 'waitwait-modal', 'renderer-modal', 'showtopo-modal', 'oops-modal', 'rspectextview-modal', 'publish-modal', 'share-modal', 'gitrepo-picker', 'profile-list-modal', 'confirm-delete-profile'));
SPITFOOTER();
}
......
<?php
#
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -32,10 +32,9 @@ $page_title = "News";
# Get current user.
#
RedirectSecure();
$this_user = CheckLogin($check_status);
$this_user = CheckLoginOrDie($check_status);
$isadmin = 0;
# Guests are okay on this page.
if (isset($this_user) && ISADMIN()) {
if (ISADMIN()) {
$isadmin = 1;
}
......
......@@ -82,7 +82,7 @@ $routing = array("myprofiles" =>
"Do_GetDurationInfo")),
"instantiate" =>
array("file" => "instantiate.ajax",
"guest" => true,
"guest" => false,
"methods" => array("GetProfile" =>
"Do_GetProfile",
"CheckForm" =>
......@@ -116,8 +116,6 @@ $routing = array("myprofiles" =>
"Do_DeleteProfile",
"PublishProfile" =>
"Do_PublishProfile",
"InstantiateAsGuest" =>
"Do_GuestInstantiate",
"CheckScript" =>
"Do_CheckScript",
"BindParameters" =>
......@@ -144,7 +142,7 @@ $routing = array("myprofiles" =>
"Do_GetCommitList")),
"status" =>
array("file" => "status.ajax",
"guest" => true,
"guest" => false,
"methods" => array("GetInstanceStatus" =>
"Do_GetInstanceStatus",
"ExpInfo" =>
......@@ -377,7 +375,7 @@ $routing = array("myprofiles" =>
"Do_ClassicImageList")),
"news" =>
array("file" => "news.ajax",
"guest" => true,
"guest" => false,
"methods" => array("create" =>
"Do_CreateNews",
"modify" =>
......
......@@ -177,7 +177,7 @@ SPITREQUIRE("js/show-profile.js",
"<script src='js/lib/jquery-ui.js'></script>\n".
"<script src='js/lib/jquery.appendGrid-1.3.1.min.js'></script>");
AddTemplateList(array("show-profile", "waitwait-modal", "renderer-modal", "showtopo-modal", "rspectextview-modal", "guest-instantiate", "instantiate-modal", "oops-modal", "share-modal", "gitrepo-picker"));
AddTemplateList(array("show-profile", "waitwait-modal", "renderer-modal", "showtopo-modal", "rspectextview-modal", "instantiate-modal", "oops-modal", "share-modal", "gitrepo-picker"));
SPITFOOTER();
?>
......@@ -40,8 +40,7 @@ $this_user = CheckLogin($check_status);
if (isset($this_user)) {
CheckLoginOrDie(CHECKLOGIN_NONLOCAL);
}
elseif (!$ISAPT && GETUID()) {
# User with an account, redirect to login. APT allows guest users.
else {
RedirectLoginPage();
}
#
......@@ -65,6 +64,7 @@ if (!isset($uuid)) {
What experiment would you like to look at?
</p>
</div>\n";
SPITNULLREQUIRE();
SPITFOOTER();
return;
}
......@@ -80,6 +80,7 @@ if (!$instance) {
Experiment does not exist. Redirecting to the front page.
</p>
</div>\n";
SPITNULLREQUIRE();
SPITFOOTER();
flush();
sleep(3);
......@@ -97,6 +98,7 @@ if (!$creator) {
Hmm, there seems to be a problem.
</p>
</div>\n";
SPITNULLREQUIRE();
SPITFOOTER();
TBERROR("No creator for instance: $uuid", 0);
return;
......
......@@ -716,24 +716,6 @@
style='margin-right: 10px;'
type='submit' name='create'>Instantiate
</a>
<% if (isapt) { %>
<span class='pull-right'
data-toggle='popover'
data-delay='{"hide":1500, "show":250}'
data-html='true'
data-content="When you instantiate as a guest, you get
to see exactly how another user will
experience your profile. This allows you to
better debug your profile for other users">
<button class='btn btn-success btn-xs' disabled
id='guest_instantiate_button'
style='margin-right: 10px;'
data-toggle='modal'
data-target='#guest_instantiate_modal'
type='button'>Instantiate as Guest
</button>
</span>
<% } %>
<% if (!fromrepo) { %>
<a class='btn btn-primary btn-xs pull-left'
id='profile_copy_button'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment