update in basic_2

[helm.git] / matitaB / matita / matitaAuthentication.ml

(* Copyright (C) 2004-2011, HELM Team.
 * 
 * This file is part of HELM, an Hypertextual, Electronic
 * Library of Mathematics, developed at the Computer Science
 * Department, University of Bologna, Italy.
 * 
 * HELM is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * HELM is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with HELM; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA  02111-1307, USA.
 * 
 * For details, see the HELM World-Wide-Web page,
 * http://helm.cs.unibo.it/
 *)

type session_id = Uuidm.t

type matita_file = MatitaFilesystem.matita_flag * string

(* user table: user id, (salt, encrypted password, optional session id) *)
type user = string * (string * string * session_id option)

let user_tbl = (ref [] : user list ref)

(* low users can't commit or update *)
let luser_tbl = (ref [] : user list ref)

(* session table: session id, (user id, matita status, matita history, commit privileges *)
type session = session_id * (string * MatitaEngine.status * MatitaEngine.status list * bool)

let session_tbl = (ref [] : session list ref)

exception UsernameCollision of string
exception InvalidPassword

(* returns user entry and privileges *)
let lookup_user uid = 
  try List.assoc uid !user_tbl, true
  with Not_found -> List.assoc uid !luser_tbl, false

let user_of_session sid = let res,_,_,_ = List.assoc sid !session_tbl in res

(* disable for debugging *)
let prerr_endline _ = ()

(* used for commits, so lusers are excluded *)
let get_users () = List.map fst !user_tbl

let create_session uid =
  let status = new MatitaEngine.status (Some uid) "cic:/matita" in
  let history = [status] in
  let (salt,pw,sid),cp = lookup_user uid in
  let new_session = Uuidm.create `V4 in
  (if cp then
    let clean_utbl = List.remove_assoc uid !user_tbl in
    user_tbl := (uid,(salt,pw,Some new_session))::clean_utbl
  else
    let clean_lutbl = List.remove_assoc uid !luser_tbl in
    luser_tbl := (uid,(salt,pw,Some new_session))::clean_lutbl);
  let clean_stbl = match sid with
    | Some sid' -> 
       List.remove_assoc sid' !session_tbl
    | _ -> !session_tbl
  in 
  session_tbl := (new_session,(uid,status,history,cp))::clean_stbl;
  new_session
;;

let get_session_owner sid =
  let uid,_,_,_ = List.assoc sid !session_tbl
  in uid

let get_status sid =
  let _,st,_,_ = List.assoc sid !session_tbl
  in st

let get_history sid = 
  let _,_,hist,_ = List.assoc sid !session_tbl
  in hist

let get_commit_priv sid =
  let _,_,_,cp = List.assoc sid !session_tbl
  in cp

let probe_commit_priv sid =
  let _,_,_,cp = List.assoc sid !session_tbl in
  if not cp then failwith "no commit privileges" 

let set_status sid st =
  let uid, oldst, hist, cp = List.assoc sid !session_tbl in
  session_tbl := (sid,(uid,st,hist,cp))::(List.remove_assoc sid !session_tbl)
   
let set_history sid hist =
  let uid, st, oldhist, cp = List.assoc sid !session_tbl in
  session_tbl := (sid,(uid,st,hist,cp))::(List.remove_assoc sid !session_tbl)

let logout_user sid =
  let uid,st,hist,cp = List.assoc sid !session_tbl in
  (if cp then 
    let salt,pw,_ = List.assoc uid !user_tbl in
    user_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !user_tbl
  else
    let salt,pw,_ = List.assoc uid !luser_tbl in
    luser_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !luser_tbl);
  session_tbl := List.remove_assoc sid !session_tbl
;;

let remove_user uid =
  user_tbl := List.remove_assoc uid !user_tbl;
  luser_tbl := List.remove_assoc uid !luser_tbl
;;

(* serialization and deserialization of the user table *)
let config_path () =
  let path = Helm_registry.get "matita.basedir" in
  let dirname = Filename.dirname path in
  HExtlib.mkdir dirname;
  path
;;

let serialize () =
  let clean_utbl = List.map (fun (uid,(salt,pw,_)) -> uid,(salt,pw,None)) !user_tbl in
  let clean_lutbl = List.map (fun (uid,(salt,pw,_)) -> uid,(salt,pw,None)) !luser_tbl in
  let utbl_ch = open_out (config_path () ^ "/usertable.dump") in
  Marshal.to_channel utbl_ch clean_utbl [];
  close_out utbl_ch;
  let lutbl_ch = open_out (config_path () ^ "/lusertable.dump") in
  Marshal.to_channel lutbl_ch clean_lutbl [];
  close_out lutbl_ch
;;

let deserialize () =
  (try
    let utbl_ch = open_in (config_path () ^ "/usertable.dump") in
    user_tbl := Marshal.from_channel utbl_ch;
    close_in utbl_ch;
  with
    | Sys_error _ -> 
       user_tbl := []; serialize());
  (try
    let lutbl_ch = open_in (config_path () ^ "/lusertable.dump") in
    luser_tbl := Marshal.from_channel lutbl_ch;
    close_in lutbl_ch;
  with
    | Sys_error _ -> 
       luser_tbl := []; serialize());
  (* old_sessions are now invalid *)
  session_tbl := [];
;;

let write_ft uid ft =
  let ft_ch = open_out (config_path () ^ "/ft_" ^ uid ^ ".dump") in
  Marshal.to_channel ft_ch ft [];
  close_out ft_ch;
;;

let read_ft uid =
  try
    let ft_ch = open_in (config_path () ^ "/ft_" ^ uid ^ ".dump") in
    let ft = Marshal.from_channel ft_ch in
    close_in ft_ch;
    ft
  with
    | Sys_error _ -> 
      (* this is an error, we should rebuild the table by a diff of
         the directory listing and svn stat *) 
      [] 
;;

let set_file_flag uid files_flags =
  let ft = read_ft uid in
  let files = List.map fst files_flags in
  let ft = List.filter (fun (x,_) -> not (List.mem x files)) ft in
  let ft' = List.fold_left (fun acc (filename,flag) ->  
      let filename = MatitaFilesystem.normalize_qfn filename in 
      try
        (filename,HExtlib.unopt flag)::acc
      with Failure _ -> acc) [] files_flags
  in
  write_ft uid (ft'@ft)
;;

let add_user uid pw cp =
  try
    let _ = lookup_user uid in
    raise (UsernameCollision uid)
  with Not_found -> 
    let ft = MatitaFilesystem.checkout uid in
    (* use a 8 byte salt *)
    let salt = Cryptokit.Random.string Cryptokit.Random.secure_rng 8 in
    let sha256 = Cryptokit.Hash.sha256 () in
    sha256#add_string (salt ^ pw);
    let crypto_pw = sha256#result in
    (if cp then
      user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl
    else 
      luser_tbl := (uid,(salt,crypto_pw,None))::!luser_tbl);
    write_ft uid ft;
    serialize ()
;;

let add_user_no_checkout uid pw cp =
  try
    let _ = lookup_user uid in
    raise (UsernameCollision uid)
  with Not_found -> 
    (* use a 8 byte salt *)
    let salt = Cryptokit.Random.string Cryptokit.Random.secure_rng 8 in
    let sha256 = Cryptokit.Hash.sha256 () in
    sha256#add_string (salt ^ pw);
    let crypto_pw = sha256#result in
    sha256#wipe;
    (if cp then
      user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl
    else 
      luser_tbl := (uid,(salt,crypto_pw,None))::!luser_tbl);
    serialize ()
;;

let check_pw uid pw =
  try
    let (salt,crypto_pw,_),_ = lookup_user uid in
    let sha256 = Cryptokit.Hash.sha256 () in
    sha256#add_string (salt ^ pw);
    let computed_pw = sha256#result in
    sha256#wipe;
    if crypto_pw <> computed_pw 
      then (prerr_endline ("password " ^ pw ^ " incorrect"); raise InvalidPassword)
  with Not_found _ -> raise InvalidPassword
;;

let reset () =
  user_tbl := [];
  luser_tbl := [];
  session_tbl := [];
  MatitaFilesystem.reset_lib ();
  serialize ();
;;