summaryrefslogtreecommitdiff
path: root/lib/VNDB/Util/Auth.pm
blob: b05c86f9a05540b7a0ffe17f05ce1526677977d2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Compatibility shim around VNWeb::Auth, new code should use that instead.
package VNDB::Util::Auth;


use strict;
use warnings;
use Exporter 'import';
use TUWF ':html';
use VNWeb::Auth;


our @EXPORT = qw|
  authInit authLogin authLogout authInfo authCan authSetPass authAdminSetPass
  authResetPass authIsValidToken authGetCode authCheckCode authPref
|;


# login, arguments: user, password, url-to-redirect-to-on-success
# returns 1 on success (redirected), 0 otherwise (no reply sent)
sub authLogin {
  my(undef, $user, $pass, $to) = @_;
  my $success = auth->login($user, $pass);
  tuwf->resRedirect($to, 'post') if $success;
  $success
}

# clears authentication cookie and redirects to /
sub authLogout {
  auth->logout;
  tuwf->resRedirect('/', 'temp');
}


# Replaces the user's password with a random token that can be used to reset the password.
sub authResetPass {
  my(undef, $mail) = @_;
  auth->resetpass($mail)
}


sub authIsValidToken {
  my(undef, $uid, $token) = @_;
  auth->isvalidtoken($uid, $token)
}


# uid, new_pass, url_to_redir_to, 'token'|'pass', $token_or_pass
# Changes the user's password, invalidates all existing sessions, creates a new
# session and redirects.
sub authSetPass {
  my(undef, $uid, $pass, $redir, $oldtype, $oldpass) = @_;

  my $success = auth->setpass($uid, $oldtype eq 'token' ? $oldpass : undef, $oldtype eq 'pass' ? $oldpass : undef, $pass);
  tuwf->resRedirect($redir, 'post') if $success;
  $success
}


sub authAdminSetPass {
  my(undef, $uid, $pass) = @_;
  auth->admin_setpass($uid, $pass);
}


sub authInfo {
  # Used to return a lot more, but only the id is still used now.
  # (code using other fields has been migrated)
  +{ id => auth->uid }
}


# returns whether the currently loggedin or anonymous user can perform
# a certain action.
sub authCan {
  my(undef, $act) = @_;
  auth && auth->{user}{"perm_$act"}
}


# Generate a code to be used later on to validate that the form was indeed
# submitted from our site and by the same user/visitor. Not limited to
# logged-in users.
# Arguments:
#   form-id (ignored nowadyas)
#   time (also ignored)
sub authGetCode {
  auth->csrftoken;
}


# Validates the correctness of the returned code, creates an error page and
# returns false if it's invalid, returns true otherwise. Codes are valid for at
# least two and at most three hours.
# Arguments:
#   [ form-id, [ code ] ]
# If the code is not given, uses the 'formcode' form parameter instead. If
# form-id is not given, the path of the current requests is used.
sub authCheckCode {
  my $self = shift;
  my $id = shift;
  my $code = shift || $self->reqParam('formcode');
  return _incorrectcode($self) if !auth->csrfcheck($code);
  1;
}


sub _incorrectcode {
  my $self = shift;
  $self->resInit;
  $self->htmlHeader(title => 'Validation code expired', noindex => 1);

  div class => 'mainbox';
   h1 'Validation code expired';
   div class => 'warning';
    p 'Please hit the back-button of your browser, refresh the page and try again.';
   end;
  end;

  $self->htmlFooter;
  return 0;
}


sub authPref {
  my(undef, $key, $val) = @_;
  @_ == 2 ? auth->pref($key)||'' : auth->prefSet($key, $val);
}

1;