summaryrefslogtreecommitdiff
path: root/lib/VNDB/Util/Auth.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2016-01-10 11:05:59 +0100
committerYorhel <git@yorhel.nl>2016-01-10 11:18:39 +0100
commit8994032a68da279acdcc22963d7d6eda2d0e59f8 (patch)
tree95d94a0ad55ed66f889f13c72f583b19b3c5419f /lib/VNDB/Util/Auth.pm
parent48bbb8d0c3b121568c580dfd7c78f9dd0528cd8a (diff)
Require current password on /u+/edit + only hash password once on /u+/setpass
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
-rw-r--r--lib/VNDB/Util/Auth.pm35
1 files changed, 22 insertions, 13 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 0c3b5b73..9c742dc7 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -14,7 +14,7 @@ use VNDB::Func;
our @EXPORT = qw|
- authInit authLogin authLogout authInfo authCan authPreparePass
+ authInit authLogin authLogout authInfo authCan authPreparePass authCreateSession authCheck
authPrepareReset authValidateReset authGetCode authCheckCode authPref
|;
@@ -50,18 +50,10 @@ sub authInit {
# login, arguments: user, password, url-to-redirect-to-on-success
# returns 1 on success (redirected), 0 otherwise (no reply sent)
sub authLogin {
- my $self = shift;
- my $user = lc(scalar shift);
- my $pass = shift;
- my $to = shift;
-
- if(_authCheck($self, $user, $pass)) {
- my $token = urandom(20);
- my $cookie = unpack('H*', $token).'.'.$self->{_auth}{id};
- $self->dbSessionAdd($self->{_auth}{id}, sha1 $token);
+ my($self, $user, $pass, $to) = @_;
- $self->resRedirect($to, 'post');
- $self->resCookie(auth => $cookie, httponly => 1, expires => time + 31536000); # keep the cookie for 1 year
+ if($self->authCheck($user, $pass)) {
+ $self->authCreateSession($user, $to);
return 1;
}
@@ -69,6 +61,23 @@ sub authLogin {
}
+# Args: user, url-to-redirect-to-on-success
+# Should only be called if the user is already authenticated (i.e. after authCheck or when the user just confirmed his email address).
+sub authCreateSession {
+ my($self, $user, $to) = @_;
+
+ $self->{_auth} = $self->dbUserGet(username => $user, what => 'extended notifycount')->[0] if $user;
+ die "No valid user!" if !$self->{_auth}{id};
+
+ my $token = urandom(20);
+ my $cookie = unpack('H*', $token).'.'.$self->{_auth}{id};
+ $self->dbSessionAdd($self->{_auth}{id}, sha1 $token);
+
+ $self->resRedirect($to, 'post');
+ $self->resCookie(auth => $cookie, httponly => 1, expires => time + 31536000); # keep the cookie for 1 year
+}
+
+
# clears authentication cookie and redirects to /
sub authLogout {
my $self = shift;
@@ -104,7 +113,7 @@ sub authCan {
# Checks for a valid login and writes information in _auth
# Arguments: user, pass
# Returns: 1 if login is valid, 0 otherwise
-sub _authCheck {
+sub authCheck {
my($self, $user, $pass) = @_;
return 0 if !$user || length($user) > 15 || length($user) < 2 || !$pass;