Parent Directory
| 
Revision Log
Revision 349 -
(view)
(download)
(as text)
Original Path: trunk/webwork-modperl/lib/WeBWorK/Authen.pm
| 1 : | malsyned | 305 | package WeBWorK::Authen; |
| 2 : | |||
| 3 : | malsyned | 343 | use WeBWorK::DB::Auth; |
| 4 : | malsyned | 335 | |
| 5 : | malsyned | 305 | sub new($$$) { |
| 6 : | malsyned | 323 | my $invocant = shift; |
| 7 : | my $class = ref($invocant) || $invocant; | ||
| 8 : | malsyned | 305 | my $self = {}; |
| 9 : | ($self->{r}, $self->{courseEnvironment}) = @_; | ||
| 10 : | bless $self, $class; | ||
| 11 : | return $self; | ||
| 12 : | } | ||
| 13 : | |||
| 14 : | malsyned | 323 | sub generate_key { |
| 15 : | malsyned | 343 | # Package constants. These should never be changed in other places ever |
| 16 : | my $key_length = 40; # number of chars in each key | ||
| 17 : | my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*'); | ||
| 18 : | |||
| 19 : | malsyned | 323 | my $i = $key_length; |
| 20 : | my $key = ''; | ||
| 21 : | srand; | ||
| 22 : | while($i) { | ||
| 23 : | $key .= $key_chars[rand(@key_chars)]; | ||
| 24 : | $i--; | ||
| 25 : | } | ||
| 26 : | return $key; | ||
| 27 : | } | ||
| 28 : | |||
| 29 : | malsyned | 313 | # verify will return 1 if the person is who they say the are. |
| 30 : | # If the verification failed because of of invalid authentication data, | ||
| 31 : | # a note will be written in the request explaining why it failed. | ||
| 32 : | # If the request failed because no authentication data was provided, however, | ||
| 33 : | # no note will be written, as this is expected to happen whenever someone | ||
| 34 : | # types in a URL manually, and is not considered an error condition. | ||
| 35 : | malsyned | 305 | sub verify($) { |
| 36 : | my $self = shift; | ||
| 37 : | my $r = $self->{r}; | ||
| 38 : | malsyned | 335 | my $course_env = $self->{courseEnvironment}; |
| 39 : | malsyned | 305 | |
| 40 : | malsyned | 313 | my $user = $r->param('user'); |
| 41 : | my $passwd = $r->param('passwd'); | ||
| 42 : | my $key = $r->param('key'); | ||
| 43 : | malsyned | 323 | my $time = time; |
| 44 : | malsyned | 313 | |
| 45 : | malsyned | 343 | # I wanted to get rid of that passwd up here for security reasons, |
| 46 : | # but usability dictates that we not clear out invalid passwords. | ||
| 47 : | #$r->param('passwd',undef); | ||
| 48 : | malsyned | 313 | |
| 49 : | my $return, $error; | ||
| 50 : | |||
| 51 : | malsyned | 335 | my $auth = WeBWorK::DB::Auth->new($course_env); |
| 52 : | |||
| 53 : | malsyned | 313 | # The first part of this big conditional checks to make that we have |
| 54 : | # all of the form info that we need. It's pretty boring. The kooky | ||
| 55 : | # authen stuff comes after that. | ||
| 56 : | if (!defined $user && !defined $passwd && !defined $key) { | ||
| 57 : | # The user hasn't even had a chance to say who he is, so we | ||
| 58 : | # can't hold it against him that we don't know. | ||
| 59 : | undef $error; | ||
| 60 : | $return = 0; | ||
| 61 : | } elsif (!$user) { | ||
| 62 : | $error = "You must specify a username"; | ||
| 63 : | $return = 0; | ||
| 64 : | } elsif (!$passwd && !$key) { | ||
| 65 : | $error = "You must enter a password"; | ||
| 66 : | $return = 0; | ||
| 67 : | malsyned | 305 | } |
| 68 : | malsyned | 313 | # OK, we're done with the trivia. Now lets authenticate. |
| 69 : | malsyned | 335 | elsif ($passwd) { |
| 70 : | malsyned | 349 | # A bit of extra logic for practice users |
| 71 : | # Practice users are different because: | ||
| 72 : | # - They aren't allowed to log in if an active key exists | ||
| 73 : | # (except for $debugPracticeUser) | ||
| 74 : | # - They are allowed to log in with any password | ||
| 75 : | $practiceUserPrefix = $course_env->{"practiceUserPrefix"}; | ||
| 76 : | $debugPracticeUser = $course_env->{"debugPracticeUser"}; | ||
| 77 : | if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) { | ||
| 78 : | if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user | ||
| 79 : | $error = "That practice account does not exist"; | ||
| 80 : | $return = 0; | ||
| 81 : | } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) { | ||
| 82 : | $error = "That practice account is in use"; | ||
| 83 : | $return = 0; | ||
| 84 : | } else { | ||
| 85 : | $key = generate_key; | ||
| 86 : | $auth->setKey($user, $key); | ||
| 87 : | $r->param('key',$key); | ||
| 88 : | $return = 1; | ||
| 89 : | } | ||
| 90 : | } | ||
| 91 : | # Not a practice user. Do normal authentication. | ||
| 92 : | elsif ($auth->verifyPassword($user, $passwd)) { | ||
| 93 : | malsyned | 343 | # Remove the passwd field from subsequent requests. |
| 94 : | $r->param('passwd',undef); | ||
| 95 : | malsyned | 349 | $key = $auth->getKey($user) || generate_key; |
| 96 : | $auth->setKey($user, $key); | ||
| 97 : | malsyned | 323 | $r->param('key',$key); |
| 98 : | malsyned | 313 | $return = 1; |
| 99 : | } else { | ||
| 100 : | malsyned | 335 | $error = "Incorrect username or password"; |
| 101 : | malsyned | 313 | $return = 0; |
| 102 : | } | ||
| 103 : | } elsif ($key) { | ||
| 104 : | malsyned | 349 | # The timestamp gets updated by verifyKey |
| 105 : | if ($auth->verifyKey($user, $key)) { | ||
| 106 : | malsyned | 313 | $return = 1; |
| 107 : | } else { | ||
| 108 : | malsyned | 329 | $error = "Your session has expired. You must login again"; |
| 109 : | malsyned | 313 | $return = 0; |
| 110 : | } | ||
| 111 : | } else { | ||
| 112 : | $error = "Unexpected authentication error!"; | ||
| 113 : | $return = 0; | ||
| 114 : | malsyned | 305 | } |
| 115 : | malsyned | 313 | |
| 116 : | |||
| 117 : | $r->notes("authen_error",$error); | ||
| 118 : | return $return; | ||
| 119 : | |||
| 120 : | # Whatever you do, don't delete this! | ||
| 121 : | critical($r); | ||
| 122 : | malsyned | 305 | } |
| 123 : | |||
| 124 : | 1; |
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |