Display user friendly authentication error

author: Benjamin Kellermann <Benjamin.Kellermann@gmx.de> 2010-07-21 07:22:53 +0200
committer: Benjamin Kellermann <Benjamin.Kellermann@gmx.de> 2010-07-21 07:22:53 +0200
commit: f93f4abf2da5b5d60b217da82e26d42456f894cb (patch)
tree: 4da74518015b3b5dd152541ba87625cffda1fc56
parent: 52298159da3d1f87049a9d365825938825557d53 (diff)
7 files changed, 205 insertions, 76 deletions
diff --git a/.htaccess b/.htaccess
index a4833aa..0fdd10c 100644
--- a/.htaccess
+++ b/.htaccess
@@ -10,3 +10,4 @@ DirectoryIndex index.cgi
 
 ErrorDocument 500 /error.cgi
 ErrorDocument 404 /not_found.cgi
+ErrorDocument 401 /authorization_required.cgi
diff --git a/access_control.rb b/access_control.rb
index 7b253e1..ccb1f00 100755
--- a/access_control.rb
+++ b/access_control.rb
@@ -41,6 +41,7 @@ AuthType digest
 AuthName "dudle"
 AuthUserFile "#{File.expand_path(".").gsub('"','\\\\"')}/.htdigest"
 Require user admin
+ErrorDocument 401 /authorization_required.cgi?user=admin&poll=#{CGI.escape($d.urlsuffix)}
 </Files>
 HTACCESS
 		end
@@ -50,6 +51,7 @@ AuthType digest
 AuthName "dudle"
 AuthUserFile "#{File.expand_path(".").gsub('"','\\\\"')}/.htdigest"
 Require valid-user
+ErrorDocument 401 /authorization_required.cgi?user=participant&poll=#{CGI.escape($d.urlsuffix)}
 HTACCESS
 		end
 	}
@@ -142,7 +144,7 @@ if $cgi.include?("ac_user")
 	else
 		if $cgi.include?("ac_create")
 			add_to_htdigest(user,$cgi["ac_password0"])
-			acusers[user] = type 
+			acusers[user] = true 
 			write_htaccess(acusers)
 		end
 
diff --git a/authorization_required.cgi b/authorization_required.cgi
new file mode 100755
index 0000000..9d2303a
--- /dev/null
+++ b/authorization_required.cgi
@@ -0,0 +1,64 @@
+#!/usr/bin/env ruby
+
+############################################################################
+# Copyright 2009,2010 Benjamin Kellermann                                  #
+#                                                                          #
+# This file is part of dudle.                                              #
+#                                                                          #
+# Dudle is free software: you can redistribute it and/or modify it under   #
+# the terms of the GNU Affero General Public License as published by       #
+# the Free Software Foundation, either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# Dudle is distributed in the hope that it will be useful, but WITHOUT ANY #
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or        #
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public     #
+# License for more details.                                                #
+#                                                                          #
+# You should have received a copy of the GNU Affero General Public License #
+# along with dudle.  If not, see <http://www.gnu.org/licenses/>.           #
+############################################################################
+
+require "dudle"
+
+
+if $cgi.include?("poll")
+
+Dir.chdir($cgi["poll"])
+	$d = Dudle.new
+
+	$d << "<h2>" + _("Authorization Required") + "</h2>"
+	case $cgi["user"]
+	when "admin"
+		$d << _("The configuration of this Poll is protected by password!")
+	when "participant"
+		$d << _("This Poll is protected by password!")
+	end
+	$d << _("In order to proceed, you have to give the password for user %{user}.") % {:user => "<code>#{$cgi["user"]}</code>"}
+
+	$d.out
+else
+	GetText.bindtextdomain("dudle",:path => "./locale/")
+	title = _("Authorization Required")
+	$h = HTML.new(title)
+	$h.add_css("/default.css","default",true)
+	returnstr = _("Return to dudle home and Schedule a new Poll")
+	authstr = _("You have to authorize in order to request this page!")
+	$h << <<END
+	<div id='main'>
+		<div id='content'>
+			<h1>#{title}</h1>
+			<p>#{authstr}</p>
+			<ul>
+				<li><a href='#{SITEURL}'>#{returnstr}</a></li>
+			</ul>
+			</p>
+		</div>
+	</div>
+END
+
+	$h.out($cgi)
+
+end
+
+
diff --git a/index.cgi b/index.cgi
index 5585f67..59d24bd 100755
--- a/index.cgi
+++ b/index.cgi
@@ -38,7 +38,7 @@ if $cgi.include?("create_poll") && $cgi.include?("poll_url")
 	else
 		if $cgi["poll_url"] == ""
 			guessurl = POLLTITLE.gsub(" ","_").gsub(/[\?\!\.]/,"")
-			if guessurl =~ /^[\w\-_]*$/ && !File.exist?(guessurl)
+			if guessurl =~ /^[a-zA-Z0-9_-]*$/ && !File.exist?(guessurl)
 				POLLURL = guessurl
 			else
 				chars = ("a".."z").to_a + ("1".."9").to_a 
diff --git a/locale/cs/dudle.po b/locale/cs/dudle.po
index 7733958..4d8e656 100644
--- a/locale/cs/dudle.po
+++ b/locale/cs/dudle.po
@@ -19,7 +19,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"POT-Creation-Date: 2010-07-20 10:29+0200\n"
+"POT-Creation-Date: 2010-07-21 07:20+0200\n"
 "PO-Revision-Date: \n"
 "Last-Translator: \n"
 "Language-Team: \n"
@@ -59,6 +59,30 @@ msgstr ""
 "Zdrojový kód lze získat pomocí nástroje <a href='http://bazaar-vcs."
 "org/'>bazaar</a>:"
 
+#: authorization_required.cgi:30 authorization_required.cgi:42
+msgid "Authorization Required"
+msgstr ""
+
+#: authorization_required.cgi:33
+msgid "The configuration of this Poll is protected by password!"
+msgstr ""
+
+#: authorization_required.cgi:35
+msgid "This Poll is protected by password!"
+msgstr ""
+
+#: authorization_required.cgi:37
+msgid "In order to proceed, you have to give the password for user %{user}."
+msgstr ""
+
+#: authorization_required.cgi:45 not_found.cgi:34 delete_poll.rb:51
+msgid "Return to dudle home and Schedule a new Poll"
+msgstr "Návrat zpět na domovskou stránku dudle a naplánovat nové hlasování"
+
+#: authorization_required.cgi:46
+msgid "You have to authorize in order to request this page!"
+msgstr ""
+
 #: customize.cgi:31 customize.rb:31
 msgid "Customize Personal Settings"
 msgstr "Upravte své osobní nastavení"
@@ -104,7 +128,7 @@ msgstr "Šablona"
 msgid "Default Username"
 msgstr "Implicitní uživatelské jméno:"
 
-#: customize.cgi:87 access_control.rb:74 customize.rb:87
+#: customize.cgi:87 access_control.rb:76 customize.rb:87
 msgid "Username:"
 msgstr "Uživatelské jméno:"
 
@@ -112,11 +136,11 @@ msgstr "Uživatelské jméno:"
 msgid "Edit"
 msgstr "Upravit"
 
-#: customize.cgi:121 access_control.rb:121 customize.rb:121 poll.rb:293
+#: customize.cgi:121 access_control.rb:123 customize.rb:121 poll.rb:293
 msgid "Save"
 msgstr "Uložit"
 
-#: customize.cgi:124 access_control.rb:117 customize.rb:124 delete_poll.rb:103
+#: customize.cgi:124 access_control.rb:119 customize.rb:124 delete_poll.rb:103
 #: poll.rb:314
 msgid "Delete"
 msgstr "Smazat"
@@ -256,59 +280,55 @@ msgid ""
 "adminsistrator of the system."
 msgstr ""
 
-#: not_found.cgi:34 delete_poll.rb:51
-msgid "Return to dudle home and Schedule a new Poll"
-msgstr "Návrat zpět na domovskou stránku dudle a naplánovat nové hlasování"
-
-#: access_control.rb:87
+#: access_control.rb:89
 msgid "Password"
 msgstr "Heslo"
 
-#: access_control.rb:88
+#: access_control.rb:90
 msgid "repeat"
 msgstr "opakovat"
 
-#: access_control.rb:114
+#: access_control.rb:116
 msgid ""
 "You have to remove the participant user before you can remove the "
 "administrator."
 msgstr ""
 "Je potřeba smazat uživatele před tím, než je možné smazat administrátora."
 
-#: access_control.rb:139
+#: access_control.rb:141
 msgid "Only letters and digits are allowed in the username."
 msgstr "Uživatelské jméno může obsahovat pouze písmena a čísla."
 
-#: access_control.rb:141
+#: access_control.rb:143
 msgid "Passwords did not match."
 msgstr "Heslo neodpovídá."
 
-#: access_control.rb:174
+#: access_control.rb:176
 msgid "Change Access Control Settings"
 msgstr "Změnit nastavení přístupových práv"
 
-#: access_control.rb:178
+#: access_control.rb:180
 msgid "not activated"
 msgstr "neaktivní"
 
-#: access_control.rb:180
+#: access_control.rb:182
 msgid "Activate"
 msgstr "Aktivovat"
 
-#: access_control.rb:183
+#: access_control.rb:185
 msgid "will be activated when at least an admin user is configured"
 msgstr ""
 "bude aktivováno pokud je nakonfigurován alespoň administrátorský uživatel"
 
-#: access_control.rb:185
+#: access_control.rb:187
 msgid "Deactivate"
 msgstr "Deaktivovat"
 
-#: access_control.rb:187
+#: access_control.rb:189
 msgid "activated"
 msgstr "aktivní"
 
-#: access_control.rb:188
+#: access_control.rb:190
 msgid ""
 "You have to remove all users before you can deactivate the access control "
 "settings."
@@ -316,22 +336,22 @@ msgstr ""
 "Je potřeba smazat všechny uživatele před tím, než je možné deaktivovat "
 "nastavení přístopových práv."
 
-#: access_control.rb:192
+#: access_control.rb:194
 msgid ""
 "You will be asked for the password you entered here after pressing save!"
 msgstr "Bude očekáváno vložení hesla po stisknutí tlačítka ulož!"
 
-#: access_control.rb:195
+#: access_control.rb:197
 msgid ""
 "The user ‘admin’ has access to the vote as well as the configuration "
 "interface."
 msgstr "Uživatel ‘admin’ má přístup k hlasu a také ke konfiguračnímu rozhraní."
 
-#: access_control.rb:201
+#: access_control.rb:203
 msgid "The user ‘participant’ has only access to the vote interface."
 msgstr "Pouze uživatel ‘účastník’ má přístup k hlasovacímu rozhraní."
 
-#: access_control.rb:207
+#: access_control.rb:209
 msgid "Access control:"
 msgstr "Řízení přístupu:"
 
diff --git a/locale/de/dudle.po b/locale/de/dudle.po
index 56ecd2f..13f6b99 100644
--- a/locale/de/dudle.po
+++ b/locale/de/dudle.po
@@ -19,8 +19,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"POT-Creation-Date: 2010-07-20 10:29+0200\n"
-"PO-Revision-Date: 2010-07-20 10:31+0100\n"
+"POT-Creation-Date: 2010-07-21 07:20+0200\n"
+"PO-Revision-Date: 2010-07-21 07:21+0100\n"
 "Last-Translator: Benjamin Kellermann <Benjamin.Kellermann@tu-dresden.de>\n"
 "Language-Team: \n"
 "MIME-Version: 1.0\n"
@@ -48,6 +48,33 @@ msgstr "Der Sourcecode zu dieser Applikation ist unter der Lizenz <a href='http:
 msgid "You can get the sourcecode, using <a href='http://bazaar-vcs.org/'>bazaar</a>:"
 msgstr "Sie können sich den Quellcode mit <a href='http://bazaar-vcs.org/'>bazaar</a> herunterladen:"
 
+#: authorization_required.cgi:30
+#: authorization_required.cgi:42
+msgid "Authorization Required"
+msgstr "Anmeldung Erforderlich"
+
+#: authorization_required.cgi:33
+msgid "The configuration of this Poll is protected by password!"
+msgstr "Die Konfiguration dieser Umfrage ist passwortgeschützt!"
+
+#: authorization_required.cgi:35
+msgid "This Poll is protected by password!"
+msgstr "Diese Umfrage ist passwortgeschützt!"
+
+#: authorization_required.cgi:37
+msgid "In order to proceed, you have to give the password for user %{user}."
+msgstr "Um fortzufahren müssen Sie das Passwort für den Benutzer %{user} eingeben."
+
+#: authorization_required.cgi:45
+#: not_found.cgi:34
+#: delete_poll.rb:51
+msgid "Return to dudle home and Schedule a new Poll"
+msgstr "Zurück zur dudle Hauptseite um eine neue Umfrage zu erstellen"
+
+#: authorization_required.cgi:46
+msgid "You have to authorize in order to request this page!"
+msgstr "Um auf diese Seite zugreifen zu können müssen Sie sich autorisieren."
+
 #: customize.cgi:31
 #: customize.rb:31
 msgid "Customize Personal Settings"
@@ -105,7 +132,7 @@ msgid "Default Username"
 msgstr "Voreingestellter Benutzername"
 
 #: customize.cgi:87
-#: access_control.rb:74
+#: access_control.rb:76
 #: customize.rb:87
 msgid "Username:"
 msgstr "Benutzername:"
@@ -116,14 +143,14 @@ msgid "Edit"
 msgstr "Bearbeiten"
 
 #: customize.cgi:121
-#: access_control.rb:121
+#: access_control.rb:123
 #: customize.rb:121
 #: poll.rb:293
 msgid "Save"
 msgstr "Speichern"
 
 #: customize.cgi:124
-#: access_control.rb:117
+#: access_control.rb:119
 #: customize.rb:124
 #: delete_poll.rb:103
 #: poll.rb:314
@@ -264,72 +291,67 @@ msgstr "Die Umfrage wurde vom Administrator gelöscht, weil lange nicht auf sie
 msgid "If you think, the deletion was done by error, please contact the adminsistrator of the system."
 msgstr "Bitte kontaktieren Sie den Administrator des Systems, wenn Sie denken, dass die Umfrage versehentlich gelöscht wurde."
 
-#: not_found.cgi:34
-#: delete_poll.rb:51
-msgid "Return to dudle home and Schedule a new Poll"
-msgstr "Zurück zur dudle Hauptseite um eine neue Umfrage zu erstellen"
-
-#: access_control.rb:87
+#: access_control.rb:89
 msgid "Password"
 msgstr "Passwort"
 
-#: access_control.rb:88
+#: access_control.rb:90
 msgid "repeat"
 msgstr "wiederholen"
 
-#: access_control.rb:114
+#: access_control.rb:116
 msgid "You have to remove the participant user before you can remove the administrator."
 msgstr "Der Benutzer „participant“ muss entfernt werden, bevor Sie den Administrator entfernen können."
 
-#: access_control.rb:139
+#: access_control.rb:141
 msgid "Only letters and digits are allowed in the username."
 msgstr "Der Benutzername darf nur Buchstaben und Zahlen enthalten."
 
-#: access_control.rb:141
+#: access_control.rb:143
 msgid "Passwords did not match."
 msgstr "Die Passwörter stimmen nicht überein."
 
-#: access_control.rb:174
+#: access_control.rb:176
 msgid "Change Access Control Settings"
 msgstr "Einstellungen der Zugriffskontrolle"
 
-#: access_control.rb:178
+#: access_control.rb:180
 msgid "not activated"
 msgstr "nicht aktiviert"
 
-#: access_control.rb:180
+#: access_control.rb:182
 msgid "Activate"
 msgstr "Aktivieren"
 
-#: access_control.rb:183
+#: access_control.rb:185
 msgid "will be activated when at least an admin user is configured"
 msgstr "wird aktiviert, wenn ein Administrator (Benutzername: „admin“) konfiguriert wurde"
 
-#: access_control.rb:185
+#: access_control.rb:187
 msgid "Deactivate"
 msgstr "Deaktivieren"
 
-#: access_control.rb:187
+#: access_control.rb:189
 msgid "activated"
 msgstr "aktiviert"
 
-#: access_control.rb:188
+#: access_control.rb:190
 msgid "You have to remove all users before you can deactivate the access control settings."
 msgstr "Sie müssen alle Benutzer entfernen, bevor Sie die Zugriffskontrolle deaktivieren können."
 
-#: access_control.rb:192
+#: access_control.rb:194
 msgid "You will be asked for the password you entered here after pressing save!"
 msgstr "Nach dem Speichern werden Sie nach dem Benutzernamen und diesem Passwort gefragt!"
 
-#: access_control.rb:195
+#: access_control.rb:197
 msgid "The user ‘admin’ has access to the vote as well as the configuration interface."
 msgstr "Der Benutzer „admin“ hat sowohl zur Abstimmungs- als auch zur Konfigurationsoberfläche Zugriff."
 
-#: access_control.rb:201
+#: access_control.rb:203
 msgid "The user ‘participant’ has only access to the vote interface."
 msgstr "Der Benutzer „participant“ hat nur zur Abstimmungsoberfläche Zugriff."
 
-#: access_control.rb:207
+#: access_control.rb:209
 msgid "Access control:"
 msgstr "Zugriffskontrolle:"
 
diff --git a/locale/sv/dudle.po b/locale/sv/dudle.po
index 2e021d3..0bc2b36 100644
--- a/locale/sv/dudle.po
+++ b/locale/sv/dudle.po
@@ -19,7 +19,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"POT-Creation-Date: 2010-07-20 10:29+0200\n"
+"POT-Creation-Date: 2010-07-21 07:20+0200\n"
 "PO-Revision-Date: \n"
 "Last-Translator: Benjamin Kellermann <Benjamin.Kellermann@tu-dresden.de>\n"
 "Language-Team: \n"
@@ -58,6 +58,30 @@ msgstr ""
 "Du kan få tillgång till koden om du använder <a href='http://bazaar-vcs."
 "org/'>bazaar</a>:"
 
+#: authorization_required.cgi:30 authorization_required.cgi:42
+msgid "Authorization Required"
+msgstr ""
+
+#: authorization_required.cgi:33
+msgid "The configuration of this Poll is protected by password!"
+msgstr ""
+
+#: authorization_required.cgi:35
+msgid "This Poll is protected by password!"
+msgstr ""
+
+#: authorization_required.cgi:37
+msgid "In order to proceed, you have to give the password for user %{user}."
+msgstr ""
+
+#: authorization_required.cgi:45 not_found.cgi:34 delete_poll.rb:51
+msgid "Return to dudle home and Schedule a new Poll"
+msgstr "Tillbaka till dudle hem och skapa en ny omröstning"
+
+#: authorization_required.cgi:46
+msgid "You have to authorize in order to request this page!"
+msgstr ""
+
 #: customize.cgi:31 customize.rb:31
 msgid "Customize Personal Settings"
 msgstr "Administrera Personliga Inställningar"
@@ -103,7 +127,7 @@ msgstr "Stilmall"
 msgid "Default Username"
 msgstr "Standard användarnamn"
 
-#: customize.cgi:87 access_control.rb:74 customize.rb:87
+#: customize.cgi:87 access_control.rb:76 customize.rb:87
 msgid "Username:"
 msgstr "Användarnamn:"
 
@@ -111,11 +135,11 @@ msgstr "Användarnamn:"
 msgid "Edit"
 msgstr "Redigera"
 
-#: customize.cgi:121 access_control.rb:121 customize.rb:121 poll.rb:293
+#: customize.cgi:121 access_control.rb:123 customize.rb:121 poll.rb:293
 msgid "Save"
 msgstr "Spara"
 
-#: customize.cgi:124 access_control.rb:117 customize.rb:124 delete_poll.rb:103
+#: customize.cgi:124 access_control.rb:119 customize.rb:124 delete_poll.rb:103
 #: poll.rb:314
 msgid "Delete"
 msgstr "Radera"
@@ -255,57 +279,53 @@ msgid ""
 "adminsistrator of the system."
 msgstr ""
 
-#: not_found.cgi:34 delete_poll.rb:51
-msgid "Return to dudle home and Schedule a new Poll"
-msgstr "Tillbaka till dudle hem och skapa en ny omröstning"
-
-#: access_control.rb:87
+#: access_control.rb:89
 msgid "Password"
 msgstr "Lösenord"
 
-#: access_control.rb:88
+#: access_control.rb:90
 msgid "repeat"
 msgstr "upprepa"
 
-#: access_control.rb:114
+#: access_control.rb:116
 msgid ""
 "You have to remove the participant user before you can remove the "
 "administrator."
 msgstr "Du måste ta bort deltagaren innan du kan radera administratören "
 
-#: access_control.rb:139
+#: access_control.rb:141
 msgid "Only letters and digits are allowed in the username."
 msgstr "Bara bokstäver och siffror är tillåtet i användarnamnet"
 
-#: access_control.rb:141
+#: access_control.rb:143
 msgid "Passwords did not match."
 msgstr "Lösenorden matchar inte."
 
-#: access_control.rb:174
+#: access_control.rb:176
 msgid "Change Access Control Settings"
 msgstr "Ändra inställningarna för åtkomstkontroll"
 
-#: access_control.rb:178
+#: access_control.rb:180
 msgid "not activated"
 msgstr "inte aktiverad"
 
-#: access_control.rb:180
+#: access_control.rb:182
 msgid "Activate"
 msgstr "Aktivera"
 
-#: access_control.rb:183
+#: access_control.rb:185
 msgid "will be activated when at least an admin user is configured"
 msgstr "aktiveras när minst en administratör är konfigurerad"
 
-#: access_control.rb:185
+#: access_control.rb:187
 msgid "Deactivate"
 msgstr "Avaktivera"
 
-#: access_control.rb:187
+#: access_control.rb:189
 msgid "activated"
 msgstr "aktiverad"
 
-#: access_control.rb:188
+#: access_control.rb:190
 msgid ""
 "You have to remove all users before you can deactivate the access control "
 "settings."
@@ -313,14 +333,14 @@ msgstr ""
 "Du måste radera alla användare innan du kan avaktivera inställningarna för "
 "åtkomstkontrollen."
 
-#: access_control.rb:192
+#: access_control.rb:194
 msgid ""
 "You will be asked for the password you entered here after pressing save!"
 msgstr ""
 "Efter att du har klickat på spara kommer du kommer att frågas efter "
 "lösenordet du nu skrev in! "
 
-#: access_control.rb:195
+#: access_control.rb:197
 msgid ""
 "The user ‘admin’ has access to the vote as well as the configuration "
 "interface."
@@ -328,11 +348,11 @@ msgstr ""
 "’Admin’ har access till omröstningen såväl som till gränssnittet för "
 "konfigurering."
 
-#: access_control.rb:201
+#: access_control.rb:203
 msgid "The user ‘participant’ has only access to the vote interface."
 msgstr "’Deltagare’ har bara access till gränssnittet för omröstning"
 
-#: access_control.rb:207
+#: access_control.rb:209
 msgid "Access control:"
 msgstr "Åtkomstkontroll:"
author	Benjamin Kellermann <Benjamin.Kellermann@gmx.de>	2010-07-21 07:22:53 +0200
committer	Benjamin Kellermann <Benjamin.Kellermann@gmx.de>	2010-07-21 07:22:53 +0200
commit	f93f4abf2da5b5d60b217da82e26d42456f894cb (patch)
tree	4da74518015b3b5dd152541ba87625cffda1fc56
parent	52298159da3d1f87049a9d365825938825557d53 (diff)