diff options
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
| -rw-r--r-- | lib/VNDB/Util/Auth.pm | 147 |
1 files changed, 55 insertions, 92 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index 6f265253..b520eeba 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -1,133 +1,96 @@ - - - - -# N E E D S M O A R S A L T ! - - package VNDB::Util::Auth; +# This module is just a small improvement of the 1.x equivalent +# and is designed to work with the cookies and database of VNDB 1.x +# without modifications. A proper and more secure (incompatible) +# implementation should be written at some point. + use strict; use warnings; use Exporter 'import'; use Digest::MD5 'md5_hex'; -use Crypt::Lite; # simple, small and easy encryption for cookies +use Crypt::Lite; + -use vars ('$VERSION', '@EXPORT'); -$VERSION = $VNDB::VERSION; -@EXPORT = qw| AuthCheckCookie AuthLogin AuthLogout AuthInfo AuthCan AuthAddTpl |; +our @EXPORT = qw| authInit authLogin authLogout authInfo authCan |; -{ # local data for these 2 methods only - my $crl = Crypt::Lite->new(debug => 0); - my $scrt = md5_hex($VNDB::COOKEY); - -sub AuthCheckCookie { +# initializes authentication information and checks the vndb_auth cookie +sub authInit { my $self = shift; - my $info = $self->{_Req} || $self; - $info->{_auth} = {} if !exists $info->{_auth}; + $self->{_auth} = undef; - my $cookie = $self->ReqCookie('vndb_auth'); + my $cookie = $self->reqCookie('vndb_auth'); return 0 if !$cookie; - my $str = $crl->decrypt($cookie, $scrt); + my $str = Crypt::Lite->new()->decrypt($cookie, md5_hex($self->{cookie_key})); return 0 if length($str) < 36; my $pass = substr($str, 4, 32); my $user = substr($str, 36); - return _AuthCheck($self, $user, $pass); + _authCheck($self, $user, $pass); } - -sub AuthLogin { + + +# login, arguments: user, password, url-to-redirect-to-on-success +# returns 1 on success (redirected), 0 otherwise (no reply sent) +sub authLogin { my $self = shift; my $user = lc(scalar shift); - my $psbk = shift; - my $pass = md5_hex($psbk); - my $keep = shift; + my $pass = md5_hex(shift); my $to = shift; - my $status = _AuthCheck($self, $user, $pass); - if($status == 1) { - (my $cookie = $crl->encrypt("VNDB$pass$user", $scrt)) =~ s/\r?\n//g; - $self->ResRedirect($to, "post"); - $self->ResAddHeader('Set-Cookie', "vndb_auth=$cookie; " . ($keep ? 'expires=Sat, 01-Jan-2030 00:00:00 GMT; ' : ' ') . "path=/; domain=$self->{CookieDomain}"); + + if(_authCheck($self, $user, $pass)) { + (my $cookie = Crypt::Lite->new()->encrypt("VNDB$pass$user", md5_hex($self->{cookie_key}))) =~ s/\r?\n//g; + $self->resRedirect($to, 'post'); + $self->resHeader('Set-Cookie', "vndb_auth=$cookie; expires=Sat, 01-Jan-2030 00:00:00 GMT; path=/; domain=$self->{cookie_domain}"); return 1; } - return $status; + return 0; } -} # end of local data -sub AuthLogout { - my $self = shift; - $self->ResRedirect('/', 'temp'); - $self->ResAddHeader('Set-Cookie', "vndb_auth= ; expires=Sat, 01-Jan-2000 00:00:00 GMT; path=/; domain=$self->{CookieDomain}"); -} -sub AuthInfo { +# clears authentication cookie and redirects to / +sub authLogout { my $self = shift; - my $info = $self->{_Req} || shift; - return $info->{_auth} || {}; + $self->resRedirect('/', 'temp'); + $self->resHeader('Set-Cookie', "vndb_auth= ; expires=Sat, 01-Jan-2000 00:00:00 GMT; path=/; domain=$self->{cookie_domain}"); } -sub AuthCan { - my $self = shift; - my $act = shift; - my $info = $self->{_Req} || shift; - return $self->{ranks}[($info->{_auth}{rank}||0)+1]{$act}; + +# returns a hashref with information about the current loggedin user +# the hash is identical to the hash returned by dbUserGet +# returns empty hash if no user is logged in. +sub authInfo { + return shift->{_auth} || {}; } -sub _AuthCheck { - my $self = shift; - my $user = shift; - my $pass = shift; - my $info = $self->{_Req} || shift; - $info->{_auth} = undef; +# returns whether the currently loggedin or anonymous user can perform +# a certain action. Argument is the action name as defined in global.pl +sub authCan { + my($self, $act) = @_; + my $r = $self->{_auth}{rank}||0; + return scalar grep $_ eq $act, @{$self->{user_ranks}[$r]}[1..$#{$self->{user_ranks}[$r]}]; +} - return 2 if !$user || length($user) > 15 || length($user) < 2; - return 3 if !$pass || length($pass) != 32; - my $d = $self->DBGetUser(username => $user, passwd => $pass)->[0]; - return 4 if !defined $d->{id}; - return 5 if !$d->{rank}; +# Checks for a valid login and writes information in _auth +# Arguments: user, md5_hex(pass) +# Returns: 1 if login is valid, 0 otherwise +sub _authCheck { + my($self, $user, $pass) = @_; - $d->{oldvnlist} = $self->DBGetVNList(uid => $d->{id}, results => 1)->[0] ? 1 : 0; - $info->{_auth} = $d; + return 0 if + !$user || length($user) > 15 || length($user) < 2 + || !$pass || length($pass) != 32; + my $d = $self->dbUserGet(username => $user, passwd => $pass)->[0]; + return 0 if !defined $d->{id} || !$d->{rank}; + + $self->{_auth} = $d; return 1; } -# adds the keys AuthLoggedin, AuthRank, AuthUsername, AuthMail, AuthId -sub AuthAddTpl { - my $self = shift; - my $info = $self->{_Req} || shift; - my %tpl; - - if($info->{_auth}{id}) { - %tpl = ( - AuthLoggedin => 1, - AuthRank => $info->{_auth}{rank}, - AuthRankname => $self->{ranks}[0][0][$info->{_auth}{rank}], - AuthUsername => $info->{_auth}{username}, - AuthMail => $info->{_auth}{mail}, - AuthId => $info->{_auth}{id}, - AuthNsfw => $info->{_auth}{flags} & $VNDB::UFLAGS->{nsfw}, - AuthOldList => $info->{_auth}{oldvnlist}, - ); - } else { - %tpl = ( - AuthLoggedin => 0, - AuthRank => '', - AuthRankname => '', - AuthUsername => '', - AuthMail => '', - AuthId => 0, - AuthNsfw => 0, - ); - } - $tpl{'Auth'.$_} = $self->{ranks}[($info->{_auth}{rank}||0)+1]{$_} - for (keys %{$self->{ranks}[0][1]}); - $self->ResAddTpl(%tpl); -} - 1; |