diff --git a/Data/Seed/InstallSeed.cmd b/Data/Seed/InstallSeed.cmd index 2edb88c..6c2ba01 100644 --- a/Data/Seed/InstallSeed.cmd +++ b/Data/Seed/InstallSeed.cmd @@ -8,6 +8,12 @@ sqlplus %1 @disable_constraints sqlplus %1 @delete_tables +sqlldr %1 control=prty + +sqlldr %1 control=parl + +sqlldr %1 control=apau + sqlldr %1 control=alty sqlldr %1 control=caco @@ -60,6 +66,8 @@ sqlldr %1 control=poco sqlplus %1 @enable_constraints +sqlplus %1 @create_passwords + goto :done :usage diff --git a/Data/Seed/apau.ctl b/Data/Seed/apau.ctl new file mode 100644 index 0000000..90c1ce3 --- /dev/null +++ b/Data/Seed/apau.ctl @@ -0,0 +1,18 @@ +LOAD DATA +INFILE * +INTO TABLE apex_authorization +REPLACE +FIELDS TERMINATED BY '|' +( +rt_code +,component_name +,component_type +,privilege +) +BEGINDATA +MIPADMIN|10|P|A +MIPADMIN|32|P|A +MIPADMIN|21|P|A +MIPADMIN|20|P|A +MIPADMIN|13|P|A +MIPADMIN|11|P|A diff --git a/Data/Seed/create_passwords.sql b/Data/Seed/create_passwords.sql new file mode 100644 index 0000000..4bafe9b --- /dev/null +++ b/Data/Seed/create_passwords.sql @@ -0,0 +1,21 @@ +DECLARE + l_hash varchar2(240); +BEGIN + FOR l_pwd IN (SELECT id, username + FROM parties + WHERE username IS NOT NULL) LOOP + + l_hash := mip_security.get_hash(p_username=>l_pwd.username, p_password=>'password'); + + INSERT INTO passwords + (prty_id + ,password_hash + ,created_on) + VALUES + (l_pwd.id + ,l_hash + ,SYSDATE); + END LOOP; +END; +/ +exit diff --git a/Data/Seed/parl.ctl b/Data/Seed/parl.ctl new file mode 100644 index 0000000..2ba95f1 --- /dev/null +++ b/Data/Seed/parl.ctl @@ -0,0 +1,16 @@ +LOAD DATA +INFILE * +INTO TABLE party_roles +REPLACE +FIELDS TERMINATED BY '|' +( +prty_id +,rt_code +,id +,start_date +,end_date +,description +) +BEGINDATA +100|MIPADMIN|1001|08-NOV-07||| + diff --git a/Data/Seed/prty.ctl b/Data/Seed/prty.ctl new file mode 100644 index 0000000..5286ea0 --- /dev/null +++ b/Data/Seed/prty.ctl @@ -0,0 +1,29 @@ +LOAD DATA +INFILE * +INTO TABLE parties +REPLACE +FIELDS TERMINATED BY '|' +( +manu_ref +,created_by +,shortcode +,name +,description +,created_on +,updated_on +,updated_by +,mktp_ref +,lt_7b_contract_ref +,gt_7b_contract_ref +,adversarial_contract_ref +,username +,status +,first_name +,last_name +,personal_title +,comments +,id +,prty_type +) +BEGINDATA +|advantica||||08-NOV-07|||||||advantica|OPEN|Advantica|User|Mr|User|100|PERS diff --git a/InstallMIP.cmd b/InstallMIP.cmd index 6449662..e147fb5 100644 --- a/InstallMIP.cmd +++ b/InstallMIP.cmd @@ -23,7 +23,8 @@ cd ..\.. if "%6"=="" goto :done -goto "%6" +if "%6"=="demo" goto :demo +if "%6"=="test" doto :test :demo @echo Demo diff --git a/Modules/mip_security.pck b/Modules/mip_security.pck index d8dd6f4..81450b8 100644 --- a/Modules/mip_security.pck +++ b/Modules/mip_security.pck @@ -6,7 +6,7 @@ CREATE OR REPLACE PACKAGE mip_security AS /** Perform user authentication and login An authenticated login for an expired password will result in flow to the 'Change Password' page. - %param p_uname username + %param p_uname username %param p_password password %param p_session_id APEX session number %param p_flow_page the app:page to which flow should pass on successful authentication @@ -19,25 +19,25 @@ CREATE OR REPLACE PACKAGE mip_security AS /** Generate a hash from the given username and password The system does not record users passwords 'in the plain', instead we -recordThe resultant hash is recorded as the username 'password hash' +recordThe resultant hash is recorded as the username 'password hash' */ FUNCTION get_hash(p_username IN VARCHAR2 ,p_password IN VARCHAR2) RETURN VARCHAR2; - /** + /** %obs private function */ PROCEDURE valid_user2(p_username IN VARCHAR2 ,p_password IN VARCHAR2); - /** + /** %obs replaced by authenticate_user */ FUNCTION valid_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2) RETURN BOOLEAN; /** Authenticates the given username and password - + %return TRUE for authenticated username and password combination %rep valid_user, valid_user2 */ @@ -88,7 +88,7 @@ END mip_security; / CREATE OR REPLACE PACKAGE BODY mip_security AS - /* + /* returns the current status of the user */ FUNCTION get_user_status(p_username IN VARCHAR2) RETURN VARCHAR2 AS @@ -98,7 +98,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS INTO l_status FROM parties p WHERE upper(p.username) = upper(p_username); - + RETURN l_status; EXCEPTION WHEN no_data_found THEN @@ -110,7 +110,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS /** Logs the user into the system and registers with APEX. - + if the user account is 'OPEN', log them in and flow to the requested page if the user account is 'EXPIRED', log them in and flow to the 'Change Password' page if the user account is 'LOCKED', log the user out and flow to the 'Locked' page @@ -133,16 +133,16 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS ,p_session_id => p_session_id ,p_flow_page => v('APP_ID') || ':102'); ELSE - -- user password has been locked. Log them off and tell them + -- user password has been locked. Log them off and tell them wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID') ,p_next_flow_page_sess => v('APP_ID') || ':501'); END IF; - + END login; /** Produce a 'password hash' from the given username and password - + Uses the dbms_obfuscation_toolkit to produce the hash. */ FUNCTION get_hash(p_username IN VARCHAR2 @@ -153,7 +153,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END get_hash; /** Authenticates the given username and password - + %return TRUE for authenticated username and password combination %rep valid_user, valid_user2 */ @@ -174,7 +174,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS WHERE pwd.created_on = pwd.latest_pwd_date AND pwd.password_hash = get_hash(p_username ,p_password); - + RETURN TRUE; EXCEPTION WHEN no_data_found THEN @@ -182,10 +182,10 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END authenticate_user; /** Authenticates the given p_username and p_password - - Checks the {%link passwords} table for a hash value matching that produced from the + + Checks the {%link passwords} table for a hash value matching that produced from the given p_username and p_password. - + %raises -20000 when unable to authenticate %obs Replaced by authenticate_user */ @@ -206,7 +206,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS WHERE pwd.created_on = pwd.latest_pwd_date AND pwd.password_hash = get_hash(p_username ,p_password); - + EXCEPTION WHEN no_data_found THEN raise_application_error(-20000 @@ -214,7 +214,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END valid_user2; /** Authenticates the given username and password - + %obs Replaced by authenticate_user */ FUNCTION valid_user(p_username IN VARCHAR2 @@ -230,16 +230,16 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END valid_user; /** Checks for authorization to access the given component - + %param p_app_user username %param p_component_name name of the component to be accessed %param p_component_type the type of component to be accessed %param p_privilege the access privilege being sought %return TRUE if the given p_app_user is authorized - + Checks the roles assigned to the given p_app_user to see whether they are authorized to access the given component. - + If configuration item APEX_AUTHORIZATION_DEFAULT_MODE = PUBLIC, all components are considered to be accessible to all unless specifically listed in the apex_authorization table. Otherwise, the requested access must be listed in the @@ -252,7 +252,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS RETURN BOOLEAN IS l_access_allowed VARCHAR2(3); BEGIN - + -- -- for development purposes, assume that all components are unprotected unless they are -- specifically recorded in the authorization table @@ -274,7 +274,8 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS RETURN TRUE; END; END IF; - + --JP added block here due to error when no data found + BEGIN SELECT access_allowed INTO l_access_allowed FROM (SELECT auth.component_name @@ -302,7 +303,11 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS AND auth.component_type = p_component_type ORDER BY parl.rt_code) WHERE rownum < 2; - + EXCEPTION + WHEN no_data_found THEN + -- no access if we can't find any data + RETURN FALSE; + END; IF nvl(l_access_allowed ,'NO') = 'YES' THEN RETURN TRUE; @@ -312,9 +317,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END authorization; /** Checks for authorization to access the given page - + Calls the authorization function to perform the check - + %param p_app_user username %param p_page_id page number to be accessed %param p_privilege the access privilege being sought @@ -333,9 +338,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END page_authorization; /** Checks for authorization to access the given component - + Calls the authorization function to perform the check - + %param p_app_user username %param p_component_name name of the component to be accessed %param p_privilege the access privilege being sought @@ -346,7 +351,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS ,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A') RETURN BOOLEAN IS BEGIN - + RETURN authorization(p_app_user => p_app_user ,p_component_name => p_component_name ,p_component_type => 'C' @@ -354,9 +359,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS END component_authorization; /** Checks for authorization to access the given page - + Calls the authorization function to perform the check - + %param p_app_user username %param p_component_name name of the region to be accessed %param p_privilege the access privilege being sought @@ -367,7 +372,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS ,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A') RETURN BOOLEAN IS BEGIN - + RETURN authorization(p_app_user => p_app_user ,p_component_name => p_component_name ,p_component_type => 'R' @@ -382,7 +387,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS FROM parties au WHERE upper(username) = upper(p_username); --AND upper(au.role) IN ('ADMIN', 'USER'); - + RETURN TRUE; EXCEPTION WHEN OTHERS THEN @@ -397,7 +402,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS FROM parties au WHERE upper(username) = upper(p_username); --AND upper(au.role) = 'ADMIN'; - + RETURN TRUE; EXCEPTION WHEN OTHERS THEN @@ -417,7 +422,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS INTO l_prty_id FROM parties WHERE upper(username) = upper(p_username); - + INSERT INTO passwords (prty_id ,password_hash @@ -429,12 +434,12 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS ,p_password) ,SYSDATE ,NULL); - + -- now we ned to update the user's status to OPEN UPDATE parties SET status = 'OPEN' WHERE id = l_prty_id; - + EXCEPTION WHEN OTHERS THEN raise_application_error(-20002