andy/mip
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

MIP_ENQUIRY.pck - address back-end of #439.

Browse Source 
mip_quotation.pck - address back-end of #442.

mip_security.pck - track CGI environment variables as part of #454.

mip_quotation.pck - store files with the correct flow_id;

git-svn-id: http://locode01.ad.dom/svn/WEBMIP/trunk@4733 248e525c-4dfb-0310-94bc-949c084e9493
This commit is contained in:
hardya
2008-04-07 15:25:13 +00:00
parent e9a95704c2
commit 759f63c635
4 changed files with 504 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

267
Modules/mip_security.pck
View File

@@ -16,11 +16,11 @@ CREATE OR REPLACE PACKAGE mip_security AS
,p_session_id IN VARCHAR2
,p_flow_page IN VARCHAR2);
/** Generate a hash from the given username and password
The system does not record users passwords 'in the plain', instead we
recordThe resultant hash is recorded as the username 'password hash'
*/
/** Generate a hash from the given username and password
The system does not record users passwords 'in the plain', instead we
recordThe resultant hash is recorded as the username 'password hash'
*/
FUNCTION get_hash(p_username IN VARCHAR2
,p_password IN VARCHAR2) RETURN VARCHAR2;
@@ -54,15 +54,16 @@ recordThe resultant hash is recorded as the username 'password hash'
/*
creates a new password for another user
*/
PROCEDURE other_user_password(p_prty_id IN number,
p_username IN VARCHAR2,
p_password IN VARCHAR2);
PROCEDURE other_user_password(p_prty_id IN NUMBER
,p_username IN VARCHAR2
,p_password IN VARCHAR2);
--
FUNCTION get_user_status(p_username IN VARCHAR2) RETURN VARCHAR2;
/** Updates the user status
*/
PROCEDURE set_user_status(p_username IN VARCHAR2, p_status IN VARCHAR2);
*/
PROCEDURE set_user_status(p_username IN VARCHAR2
,p_status IN VARCHAR2);
--
/** Authorize access to the given page
@@ -97,12 +98,22 @@ recordThe resultant hash is recorded as the username 'password hash'
,p_component_name IN apex_authorization.component_name%TYPE
,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A')
RETURN BOOLEAN;
END mip_security;
/
CREATE OR REPLACE PACKAGE BODY mip_security AS
PROCEDURE pl(p_in VARCHAR2
,p_line IN NUMBER DEFAULT NULL) IS
BEGIN
NULL;
/* $IF mip_debug_constants.debugging OR mip_debug_constants.security
$THEN*/
mip_debug.pl(p_unit => $$PLSQL_UNIT
,p_line => p_line
,p_in => p_in);
/* $END*/
END pl;
/*
returns the current status of the user
*/
@@ -124,44 +135,52 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
--
/** Updates the user status
*/
PROCEDURE set_user_status(p_username IN VARCHAR2, p_status IN VARCHAR2) IS
*/
PROCEDURE set_user_status(p_username IN VARCHAR2
,p_status IN VARCHAR2) IS
BEGIN
UPDATE parties prty
SET prty.status = upper(p_status)
WHERE upper(prty.username) = upper(p_username);
END;
PROCEDURE update_status_on_login(p_uname IN VARCHAR2, p_password IN VARCHAR2) IS
l_password_days NUMBER;
END;
PROCEDURE update_status_on_login(p_uname IN VARCHAR2
,p_password IN VARCHAR2) IS
l_password_days NUMBER;
l_password_created_on DATE;
BEGIN
-- check that the account is still valid (password etc.).
l_password_created_on := mip_parties.get_user_password_created(p_uname, p_password);
l_password_created_on := mip_parties.get_user_password_created(p_uname
,p_password);
--
l_password_days := to_date(SYSDATE,'dd/mm/rrrr') - to_date(l_password_created_on,'dd/mm/rrrr');
l_password_days := to_date(SYSDATE
,'dd/mm/rrrr') -
to_date(l_password_created_on
,'dd/mm/rrrr');
-- check the user's password/account has not expired
IF NOT l_password_days
< to_number(cout_system_configuration.get_configuration_item(p_parameter => 'USER_ACCOUNT_LOCK')) THEN
-- user account has expired, set the user account to locked and continue on our journey
set_user_status(p_username => p_uname
,p_status => 'LOCKED');
ELSIF NOT l_password_days
< to_number(cout_system_configuration.get_configuration_item(p_parameter => 'PASSWORD_EXPIRY_LIMIT')) THEN
-- user password has expired, set the user account to expired and continue on our journey
set_user_status(p_username => p_uname
,p_status => 'EXPIRED');
END IF;
--
EXCEPTION
WHEN no_data_found THEN
NULL; -- no password/user exists to update the status of.
END update_status_on_login;
--
IF NOT
l_password_days <
to_number(cout_system_configuration.get_configuration_item(p_parameter => 'USER_ACCOUNT_LOCK')) THEN
-- user account has expired, set the user account to locked and continue on our journey
set_user_status(p_username => p_uname
,p_status => 'LOCKED');
ELSIF NOT
l_password_days <
to_number(cout_system_configuration.get_configuration_item(p_parameter => 'PASSWORD_EXPIRY_LIMIT')) THEN
-- user password has expired, set the user account to expired and continue on our journey
set_user_status(p_username => p_uname
,p_status => 'EXPIRED');
END IF;
--
EXCEPTION
WHEN no_data_found THEN
NULL; -- no password/user exists to update the status of.
END update_status_on_login;
--
/**
Logs the user into the system and registers with APEX.
@@ -173,31 +192,103 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,p_password IN VARCHAR2
,p_session_id IN VARCHAR2
,p_flow_page IN VARCHAR2) IS
BEGIN
pl('login:entry:' || p_uname || ':' || p_session_id || ':' ||
p_flow_page
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('PLSQL_GATEWAY')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('GATEWAY_IVERSION')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('SERVER_SOFTWARE')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('GATEWAY_INTERFACE')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('SERVER_PORT')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('SERVER_NAME')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('REQUEST_METHOD')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('PATH_INFO')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('SCRIPT_NAME')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('REMOTE_ADDR')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('SERVER_PROTOCOL')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('REQUEST_PROTOCOL')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('REMOTE_USER')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_USER_AGENT')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_HOST')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_ACCEPT')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_ACCEPT_ENCODING')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_ACCEPT_LANGUAGE')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_ACCEPT_CHARSET')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_ORACLE_ECID')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_AUTHORIZATION')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('WEB_AUTHENT_PREFIX')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('DAD_NAME')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('DOC_ACCESS_PATH')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('DOCUMENT_TABLE')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('PATH_ALIAS')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('REQUEST_CHARSET')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('REQUEST_IANA_CHARSET')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('SCRIPT_PREFIX')
,$$PLSQL_LINE);
pl(owa_util.get_cgi_env('HTTP_COOKIE')
,$$PLSQL_LINE);
-- check that the account is still valid (password etc.).
update_status_on_login(p_uname, p_password);
update_status_on_login(p_uname
,p_password);
--
IF get_user_status(p_uname) = 'OPEN' THEN
pl('login:exit:OPEN'
,$$PLSQL_LINE);
-- log in and flow to the requested page
wwv_flow_custom_auth_std.login(p_uname => p_uname
,p_password => p_password
,p_session_id => p_session_id
,p_flow_page => p_flow_page);
ELSIF get_user_status(p_uname) = 'EXPIRED' THEN
pl('login:exit:EXPIRED'
,$$PLSQL_LINE);
-- we need to update the password
wwv_flow_custom_auth_std.login(p_uname => p_uname
,p_password => p_password
,p_session_id => p_session_id
,p_flow_page => v('APP_ID') || ':102');
ELSE
pl('login:exit:LOGOUT'
,$$PLSQL_LINE);
-- user password has been locked. Log them off and tell them
wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID')
,p_next_flow_page_sess => v('APP_ID') ||
':501');
END IF;
pl('login:exit:UNEXPECTED');
END login;
/** Produce a 'password hash' from the given username and password
@@ -234,8 +325,6 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
AND pwd.password_hash = get_hash(p_username
,p_password);
RETURN TRUE;
EXCEPTION
WHEN no_data_found THEN
@@ -337,44 +426,44 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END IF;
-- added block around this to catch no data.
BEGIN
SELECT access_allowed
INTO l_access_allowed
FROM (SELECT auth.component_name
,auth.rt_code
,parl.rt_code
,CASE
WHEN auth.rt_code IS NULL THEN
'YES'
WHEN auth.rt_code = parl.rt_code THEN
'YES'
ELSE
'NO'
END access_allowed
FROM (SELECT prty.username
,rt_code
FROM parties prty
,party_roles parl
WHERE parl.prty_id = prty.id
AND upper(prty.username) = upper(p_app_user)) parl
,apex_authorization auth
WHERE (auth.privilege = p_privilege OR
auth.privilege IS NULL AND p_privilege IS NULL)
AND auth.rt_code = parl.rt_code(+)
AND auth.component_name = p_component_name
AND auth.component_type = p_component_type
ORDER BY parl.rt_code)
WHERE rownum < 2;
IF nvl(l_access_allowed
,'NO') = 'YES' THEN
RETURN TRUE;
ELSE
RETURN FALSE;
END IF;
EXCEPTION
WHEN no_data_found THEN
RETURN FALSE;
END;
SELECT access_allowed
INTO l_access_allowed
FROM (SELECT auth.component_name
,auth.rt_code
,parl.rt_code
,CASE
WHEN auth.rt_code IS NULL THEN
'YES'
WHEN auth.rt_code = parl.rt_code THEN
'YES'
ELSE
'NO'
END access_allowed
FROM (SELECT prty.username
,rt_code
FROM parties prty
,party_roles parl
WHERE parl.prty_id = prty.id
AND upper(prty.username) = upper(p_app_user)) parl
,apex_authorization auth
WHERE (auth.privilege = p_privilege OR
auth.privilege IS NULL AND p_privilege IS NULL)
AND auth.rt_code = parl.rt_code(+)
AND auth.component_name = p_component_name
AND auth.component_type = p_component_type
ORDER BY parl.rt_code)
WHERE rownum < 2;
IF nvl(l_access_allowed
,'NO') = 'YES' THEN
RETURN TRUE;
ELSE
RETURN FALSE;
END IF;
EXCEPTION
WHEN no_data_found THEN
RETURN FALSE;
END;
END authorization;
/** Checks for authorization to access the given page
@@ -507,13 +596,13 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,SQLERRM);
END new_password;
--
/*
creates a new password for another user
*/
PROCEDURE other_user_password(p_prty_id IN number,
p_username IN VARCHAR2,
p_password IN VARCHAR2) IS
PROCEDURE other_user_password(p_prty_id IN NUMBER
,p_username IN VARCHAR2
,p_password IN VARCHAR2) IS
BEGIN
INSERT INTO passwords
(prty_id
@@ -526,14 +615,14 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,p_password)
,SYSDATE
,NULL);
EXCEPTION
WHEN OTHERS THEN
raise_application_error(-20002
,SQLERRM);
END other_user_password;
--
--
PROCEDURE redirect_on_expired_account(p_username IN VARCHAR2) IS
BEGIN