diff options
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
-rw-r--r-- | lib/VNDB/Util/Auth.pm | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm deleted file mode 100644 index b05c86f9..00000000 --- a/lib/VNDB/Util/Auth.pm +++ /dev/null @@ -1,129 +0,0 @@ -# Compatibility shim around VNWeb::Auth, new code should use that instead. -package VNDB::Util::Auth; - - -use strict; -use warnings; -use Exporter 'import'; -use TUWF ':html'; -use VNWeb::Auth; - - -our @EXPORT = qw| - authInit authLogin authLogout authInfo authCan authSetPass authAdminSetPass - authResetPass authIsValidToken authGetCode authCheckCode authPref -|; - - -# login, arguments: user, password, url-to-redirect-to-on-success -# returns 1 on success (redirected), 0 otherwise (no reply sent) -sub authLogin { - my(undef, $user, $pass, $to) = @_; - my $success = auth->login($user, $pass); - tuwf->resRedirect($to, 'post') if $success; - $success -} - -# clears authentication cookie and redirects to / -sub authLogout { - auth->logout; - tuwf->resRedirect('/', 'temp'); -} - - -# Replaces the user's password with a random token that can be used to reset the password. -sub authResetPass { - my(undef, $mail) = @_; - auth->resetpass($mail) -} - - -sub authIsValidToken { - my(undef, $uid, $token) = @_; - auth->isvalidtoken($uid, $token) -} - - -# uid, new_pass, url_to_redir_to, 'token'|'pass', $token_or_pass -# Changes the user's password, invalidates all existing sessions, creates a new -# session and redirects. -sub authSetPass { - my(undef, $uid, $pass, $redir, $oldtype, $oldpass) = @_; - - my $success = auth->setpass($uid, $oldtype eq 'token' ? $oldpass : undef, $oldtype eq 'pass' ? $oldpass : undef, $pass); - tuwf->resRedirect($redir, 'post') if $success; - $success -} - - -sub authAdminSetPass { - my(undef, $uid, $pass) = @_; - auth->admin_setpass($uid, $pass); -} - - -sub authInfo { - # Used to return a lot more, but only the id is still used now. - # (code using other fields has been migrated) - +{ id => auth->uid } -} - - -# returns whether the currently loggedin or anonymous user can perform -# a certain action. -sub authCan { - my(undef, $act) = @_; - auth && auth->{user}{"perm_$act"} -} - - -# Generate a code to be used later on to validate that the form was indeed -# submitted from our site and by the same user/visitor. Not limited to -# logged-in users. -# Arguments: -# form-id (ignored nowadyas) -# time (also ignored) -sub authGetCode { - auth->csrftoken; -} - - -# Validates the correctness of the returned code, creates an error page and -# returns false if it's invalid, returns true otherwise. Codes are valid for at -# least two and at most three hours. -# Arguments: -# [ form-id, [ code ] ] -# If the code is not given, uses the 'formcode' form parameter instead. If -# form-id is not given, the path of the current requests is used. -sub authCheckCode { - my $self = shift; - my $id = shift; - my $code = shift || $self->reqParam('formcode'); - return _incorrectcode($self) if !auth->csrfcheck($code); - 1; -} - - -sub _incorrectcode { - my $self = shift; - $self->resInit; - $self->htmlHeader(title => 'Validation code expired', noindex => 1); - - div class => 'mainbox'; - h1 'Validation code expired'; - div class => 'warning'; - p 'Please hit the back-button of your browser, refresh the page and try again.'; - end; - end; - - $self->htmlFooter; - return 0; -} - - -sub authPref { - my(undef, $key, $val) = @_; - @_ == 2 ? auth->pref($key)||'' : auth->prefSet($key, $val); -} - -1; |