Altered install scripts to add a base user in the seed data. Also altered install script to correctly accept a 6th parameter. Edited mip_security.authorize so that if no data is returned the system returns false.
git-svn-id: http://locode01.ad.dom/svn/WEBMIP/trunk@2894 248e525c-4dfb-0310-94bc-949c084e9493
This commit is contained in:
PriestJ
@@ -6,7 +6,7 @@ CREATE OR REPLACE PACKAGE mip_security AS
|
||||
/** Perform user authentication and login
|
||||
An authenticated login for an expired password will result in flow to the 'Change Password'
|
||||
page.
|
||||
%param p_uname username
|
||||
%param p_uname username
|
||||
%param p_password password
|
||||
%param p_session_id APEX session number
|
||||
%param p_flow_page the app:page to which flow should pass on successful authentication
|
||||
@@ -19,25 +19,25 @@ CREATE OR REPLACE PACKAGE mip_security AS
|
||||
/** Generate a hash from the given username and password
|
||||
|
||||
The system does not record users passwords 'in the plain', instead we
|
||||
recordThe resultant hash is recorded as the username 'password hash'
|
||||
recordThe resultant hash is recorded as the username 'password hash'
|
||||
*/
|
||||
FUNCTION get_hash(p_username IN VARCHAR2
|
||||
,p_password IN VARCHAR2) RETURN VARCHAR2;
|
||||
|
||||
/**
|
||||
/**
|
||||
%obs private function
|
||||
*/
|
||||
PROCEDURE valid_user2(p_username IN VARCHAR2
|
||||
,p_password IN VARCHAR2);
|
||||
|
||||
/**
|
||||
/**
|
||||
%obs replaced by authenticate_user
|
||||
*/
|
||||
FUNCTION valid_user(p_username IN VARCHAR2
|
||||
,p_password IN VARCHAR2) RETURN BOOLEAN;
|
||||
|
||||
/** Authenticates the given username and password
|
||||
|
||||
|
||||
%return TRUE for authenticated username and password combination
|
||||
%rep valid_user, valid_user2
|
||||
*/
|
||||
@@ -88,7 +88,7 @@ END mip_security;
|
||||
/
|
||||
CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
|
||||
/*
|
||||
/*
|
||||
returns the current status of the user
|
||||
*/
|
||||
FUNCTION get_user_status(p_username IN VARCHAR2) RETURN VARCHAR2 AS
|
||||
@@ -98,7 +98,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
INTO l_status
|
||||
FROM parties p
|
||||
WHERE upper(p.username) = upper(p_username);
|
||||
|
||||
|
||||
RETURN l_status;
|
||||
EXCEPTION
|
||||
WHEN no_data_found THEN
|
||||
@@ -110,7 +110,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
|
||||
/**
|
||||
Logs the user into the system and registers with APEX.
|
||||
|
||||
|
||||
if the user account is 'OPEN', log them in and flow to the requested page
|
||||
if the user account is 'EXPIRED', log them in and flow to the 'Change Password' page
|
||||
if the user account is 'LOCKED', log the user out and flow to the 'Locked' page
|
||||
@@ -133,16 +133,16 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
,p_session_id => p_session_id
|
||||
,p_flow_page => v('APP_ID') || ':102');
|
||||
ELSE
|
||||
-- user password has been locked. Log them off and tell them
|
||||
-- user password has been locked. Log them off and tell them
|
||||
wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID')
|
||||
,p_next_flow_page_sess => v('APP_ID') ||
|
||||
':501');
|
||||
END IF;
|
||||
|
||||
|
||||
END login;
|
||||
|
||||
/** Produce a 'password hash' from the given username and password
|
||||
|
||||
|
||||
Uses the dbms_obfuscation_toolkit to produce the hash.
|
||||
*/
|
||||
FUNCTION get_hash(p_username IN VARCHAR2
|
||||
@@ -153,7 +153,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END get_hash;
|
||||
|
||||
/** Authenticates the given username and password
|
||||
|
||||
|
||||
%return TRUE for authenticated username and password combination
|
||||
%rep valid_user, valid_user2
|
||||
*/
|
||||
@@ -174,7 +174,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
WHERE pwd.created_on = pwd.latest_pwd_date
|
||||
AND pwd.password_hash = get_hash(p_username
|
||||
,p_password);
|
||||
|
||||
|
||||
RETURN TRUE;
|
||||
EXCEPTION
|
||||
WHEN no_data_found THEN
|
||||
@@ -182,10 +182,10 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END authenticate_user;
|
||||
|
||||
/** Authenticates the given p_username and p_password
|
||||
|
||||
Checks the {%link passwords} table for a hash value matching that produced from the
|
||||
|
||||
Checks the {%link passwords} table for a hash value matching that produced from the
|
||||
given p_username and p_password.
|
||||
|
||||
|
||||
%raises -20000 when unable to authenticate
|
||||
%obs Replaced by authenticate_user
|
||||
*/
|
||||
@@ -206,7 +206,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
WHERE pwd.created_on = pwd.latest_pwd_date
|
||||
AND pwd.password_hash = get_hash(p_username
|
||||
,p_password);
|
||||
|
||||
|
||||
EXCEPTION
|
||||
WHEN no_data_found THEN
|
||||
raise_application_error(-20000
|
||||
@@ -214,7 +214,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END valid_user2;
|
||||
|
||||
/** Authenticates the given username and password
|
||||
|
||||
|
||||
%obs Replaced by authenticate_user
|
||||
*/
|
||||
FUNCTION valid_user(p_username IN VARCHAR2
|
||||
@@ -230,16 +230,16 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END valid_user;
|
||||
|
||||
/** Checks for authorization to access the given component
|
||||
|
||||
|
||||
%param p_app_user username
|
||||
%param p_component_name name of the component to be accessed
|
||||
%param p_component_type the type of component to be accessed
|
||||
%param p_privilege the access privilege being sought
|
||||
%return TRUE if the given p_app_user is authorized
|
||||
|
||||
|
||||
Checks the roles assigned to the given p_app_user to see whether they are authorized
|
||||
to access the given component.
|
||||
|
||||
|
||||
If configuration item APEX_AUTHORIZATION_DEFAULT_MODE = PUBLIC, all components
|
||||
are considered to be accessible to all unless specifically listed in the
|
||||
apex_authorization table. Otherwise, the requested access must be listed in the
|
||||
@@ -252,7 +252,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
RETURN BOOLEAN IS
|
||||
l_access_allowed VARCHAR2(3);
|
||||
BEGIN
|
||||
|
||||
|
||||
--
|
||||
-- for development purposes, assume that all components are unprotected unless they are
|
||||
-- specifically recorded in the authorization table
|
||||
@@ -274,7 +274,8 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
RETURN TRUE;
|
||||
END;
|
||||
END IF;
|
||||
|
||||
--JP added block here due to error when no data found
|
||||
BEGIN
|
||||
SELECT access_allowed
|
||||
INTO l_access_allowed
|
||||
FROM (SELECT auth.component_name
|
||||
@@ -302,7 +303,11 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
AND auth.component_type = p_component_type
|
||||
ORDER BY parl.rt_code)
|
||||
WHERE rownum < 2;
|
||||
|
||||
EXCEPTION
|
||||
WHEN no_data_found THEN
|
||||
-- no access if we can't find any data
|
||||
RETURN FALSE;
|
||||
END;
|
||||
IF nvl(l_access_allowed
|
||||
,'NO') = 'YES' THEN
|
||||
RETURN TRUE;
|
||||
@@ -312,9 +317,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END authorization;
|
||||
|
||||
/** Checks for authorization to access the given page
|
||||
|
||||
|
||||
Calls the authorization function to perform the check
|
||||
|
||||
|
||||
%param p_app_user username
|
||||
%param p_page_id page number to be accessed
|
||||
%param p_privilege the access privilege being sought
|
||||
@@ -333,9 +338,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END page_authorization;
|
||||
|
||||
/** Checks for authorization to access the given component
|
||||
|
||||
|
||||
Calls the authorization function to perform the check
|
||||
|
||||
|
||||
%param p_app_user username
|
||||
%param p_component_name name of the component to be accessed
|
||||
%param p_privilege the access privilege being sought
|
||||
@@ -346,7 +351,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A')
|
||||
RETURN BOOLEAN IS
|
||||
BEGIN
|
||||
|
||||
|
||||
RETURN authorization(p_app_user => p_app_user
|
||||
,p_component_name => p_component_name
|
||||
,p_component_type => 'C'
|
||||
@@ -354,9 +359,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
END component_authorization;
|
||||
|
||||
/** Checks for authorization to access the given page
|
||||
|
||||
|
||||
Calls the authorization function to perform the check
|
||||
|
||||
|
||||
%param p_app_user username
|
||||
%param p_component_name name of the region to be accessed
|
||||
%param p_privilege the access privilege being sought
|
||||
@@ -367,7 +372,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A')
|
||||
RETURN BOOLEAN IS
|
||||
BEGIN
|
||||
|
||||
|
||||
RETURN authorization(p_app_user => p_app_user
|
||||
,p_component_name => p_component_name
|
||||
,p_component_type => 'R'
|
||||
@@ -382,7 +387,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
FROM parties au
|
||||
WHERE upper(username) = upper(p_username);
|
||||
--AND upper(au.role) IN ('ADMIN', 'USER');
|
||||
|
||||
|
||||
RETURN TRUE;
|
||||
EXCEPTION
|
||||
WHEN OTHERS THEN
|
||||
@@ -397,7 +402,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
FROM parties au
|
||||
WHERE upper(username) = upper(p_username);
|
||||
--AND upper(au.role) = 'ADMIN';
|
||||
|
||||
|
||||
RETURN TRUE;
|
||||
EXCEPTION
|
||||
WHEN OTHERS THEN
|
||||
@@ -417,7 +422,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
INTO l_prty_id
|
||||
FROM parties
|
||||
WHERE upper(username) = upper(p_username);
|
||||
|
||||
|
||||
INSERT INTO passwords
|
||||
(prty_id
|
||||
,password_hash
|
||||
@@ -429,12 +434,12 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
|
||||
,p_password)
|
||||
,SYSDATE
|
||||
,NULL);
|
||||
|
||||
|
||||
-- now we ned to update the user's status to OPEN
|
||||
UPDATE parties
|
||||
SET status = 'OPEN'
|
||||
WHERE id = l_prty_id;
|
||||
|
||||
|
||||
EXCEPTION
|
||||
WHEN OTHERS THEN
|
||||
raise_application_error(-20002
|
||||
|
||||
Reference in New Issue
Block a user