1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# Compatibility shim around VNWeb::Auth, new code should use that instead.
package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
use TUWF ':html';
use VNWeb::Auth;
our @EXPORT = qw|
authInit authLogin authLogout authInfo authCan authSetPass authAdminSetPass
authResetPass authIsValidToken authGetCode authCheckCode authPref
|;
# login, arguments: user, password, url-to-redirect-to-on-success
# returns 1 on success (redirected), 0 otherwise (no reply sent)
sub authLogin {
my(undef, $user, $pass, $to) = @_;
my $success = auth->login($user, $pass);
tuwf->resRedirect($to, 'post') if $success;
$success
}
# clears authentication cookie and redirects to /
sub authLogout {
auth->logout;
tuwf->resRedirect('/', 'temp');
}
# Replaces the user's password with a random token that can be used to reset the password.
sub authResetPass {
my(undef, $mail) = @_;
auth->resetpass($mail)
}
sub authIsValidToken {
my(undef, $uid, $token) = @_;
auth->isvalidtoken($uid, $token)
}
# uid, new_pass, url_to_redir_to, 'token'|'pass', $token_or_pass
# Changes the user's password, invalidates all existing sessions, creates a new
# session and redirects.
sub authSetPass {
my(undef, $uid, $pass, $redir, $oldtype, $oldpass) = @_;
my $success = auth->setpass($uid, $oldtype eq 'token' ? $oldpass : undef, $oldtype eq 'pass' ? $oldpass : undef, $pass);
tuwf->resRedirect($redir, 'post') if $success;
$success
}
sub authAdminSetPass {
my(undef, $uid, $pass) = @_;
auth->admin_setpass($uid, $pass);
}
sub authInfo {
# Used to return a lot more, but only the id is still used now.
# (code using other fields has been migrated)
+{ id => auth->uid }
}
# returns whether the currently loggedin or anonymous user can perform
# a certain action.
sub authCan {
my(undef, $act) = @_;
auth && auth->{user}{"perm_$act"}
}
# Generate a code to be used later on to validate that the form was indeed
# submitted from our site and by the same user/visitor. Not limited to
# logged-in users.
# Arguments:
# form-id (ignored nowadyas)
# time (also ignored)
sub authGetCode {
auth->csrftoken;
}
# Validates the correctness of the returned code, creates an error page and
# returns false if it's invalid, returns true otherwise. Codes are valid for at
# least two and at most three hours.
# Arguments:
# [ form-id, [ code ] ]
# If the code is not given, uses the 'formcode' form parameter instead. If
# form-id is not given, the path of the current requests is used.
sub authCheckCode {
my $self = shift;
my $id = shift;
my $code = shift || $self->reqParam('formcode');
return _incorrectcode($self) if !auth->csrfcheck($code);
1;
}
sub _incorrectcode {
my $self = shift;
$self->resInit;
$self->htmlHeader(title => 'Validation code expired', noindex => 1);
div class => 'mainbox';
h1 'Validation code expired';
div class => 'warning';
p 'Please hit the back-button of your browser, refresh the page and try again.';
end;
end;
$self->htmlFooter;
return 0;
}
sub authPref {
my(undef, $key, $val) = @_;
@_ == 2 ? auth->pref($key)||'' : auth->prefSet($key, $val);
}
1;
|