| 1 | ################################################################################ |
1 | ################################################################################ |
| 2 | # WeBWorK Online Homework Delivery System |
2 | # WeBWorK Online Homework Delivery System |
| 3 | # Copyright © 2000-2003 The WeBWorK Project, http://openwebwork.sf.net/ |
3 | # Copyright © 2000-2003 The WeBWorK Project, http://openwebwork.sf.net/ |
| 4 | # $CVSHeader: webwork-modperl/lib/WeBWorK/Authen.pm,v 1.22 2003/12/23 06:03:33 sh002i Exp $ |
4 | # $CVSHeader: webwork-modperl/lib/WeBWorK/Authen.pm,v 1.23 2003/12/24 00:59:25 sh002i Exp $ |
| 5 | # |
5 | # |
| 6 | # This program is free software; you can redistribute it and/or modify it under |
6 | # This program is free software; you can redistribute it and/or modify it under |
| 7 | # the terms of either: (a) the GNU General Public License as published by the |
7 | # the terms of either: (a) the GNU General Public License as published by the |
| 8 | # Free Software Foundation; either version 2, or (at your option) any later |
8 | # Free Software Foundation; either version 2, or (at your option) any later |
| 9 | # version, or (b) the "Artistic License" which comes with this package. |
9 | # version, or (b) the "Artistic License" which comes with this package. |
| … | |
… | |
| 23 | =cut |
23 | =cut |
| 24 | |
24 | |
| 25 | use strict; |
25 | use strict; |
| 26 | use warnings; |
26 | use warnings; |
| 27 | use Apache::Cookie; |
27 | use Apache::Cookie; |
|
|
28 | use Apache::Util qw(unescape_uri_info); |
| 28 | use Data::Dumper; |
29 | use Data::Dumper; |
| 29 | |
30 | |
| 30 | sub new($$$) { |
31 | sub new($$$) { |
| 31 | my $invocant = shift; |
32 | my $invocant = shift; |
| 32 | my $class = ref($invocant) || $invocant; |
33 | my $class = ref($invocant) || $invocant; |
| … | |
… | |
| 114 | -secure => 0, |
115 | -secure => 0, |
| 115 | ); |
116 | ); |
| 116 | $r->headers_out->set("Set-Cookie" => $cookie->as_string); |
117 | $r->headers_out->set("Set-Cookie" => $cookie->as_string); |
| 117 | } |
118 | } |
| 118 | |
119 | |
|
|
120 | sub killCookie { |
|
|
121 | my ($self) = @_; |
|
|
122 | my $r = $self->{r}; |
|
|
123 | my $ce = $self->{ce}; |
|
|
124 | my $cookie = Apache::Cookie->new($r, |
|
|
125 | -name => "WeBWorKAuthentication", |
|
|
126 | -value => "user=&key=", |
|
|
127 | -expires => "-1D", |
|
|
128 | -domain => $r->hostname, |
|
|
129 | -path => $ce->{webworkURLRoot}, |
|
|
130 | -secure => 0, |
|
|
131 | ); |
|
|
132 | $r->headers_out->set("Set-Cookie" => $cookie->as_string); |
|
|
133 | } |
|
|
134 | |
| 119 | # verify will return 1 if the person is who they say the are. If the |
135 | # verify will return 1 if the person is who they say the are. If the |
| 120 | # verification failed because of of invalid authentication data, a note will be |
136 | # verification failed because of of invalid authentication data, a note will be |
| 121 | # written in the request explaining why it failed. If the request failed because |
137 | # written in the request explaining why it failed. If the request failed because |
| 122 | # no authentication data was provided, however, no note will be written, as this |
138 | # no authentication data was provided, however, no note will be written, as this |
| 123 | # is expected to happen whenever someone types in a URL manually, and is not |
139 | # is expected to happen whenever someone types in a URL manually, and is not |
| … | |
… | |
| 129 | my $db = $self->{db}; |
145 | my $db = $self->{db}; |
| 130 | |
146 | |
| 131 | my $practiceUserPrefix = $ce->{practiceUserPrefix}; |
147 | my $practiceUserPrefix = $ce->{practiceUserPrefix}; |
| 132 | my $debugPracticeUser = $ce->{debugPracticeUser}; |
148 | my $debugPracticeUser = $ce->{debugPracticeUser}; |
| 133 | |
149 | |
|
|
150 | my $force_passwd_authen = $r->param('force_passwd_authen'); |
|
|
151 | my $login_practice_user = $r->param('login_practice_user'); |
|
|
152 | my $send_cookie = $r->param("send_cookie"); |
|
|
153 | |
|
|
154 | my $error; |
|
|
155 | my $failWithoutError = 0; |
|
|
156 | my $credentialSource = "params"; |
|
|
157 | |
| 134 | my $user = $r->param('user'); |
158 | my $user = $r->param('user'); |
| 135 | my $passwd = $r->param('passwd'); |
159 | my $passwd = $r->param('passwd'); |
| 136 | my $key = $r->param('key'); |
160 | my $key = $r->param('key'); |
| 137 | my $force_passwd_authen = $r->param('force_passwd_authen'); |
161 | |
| 138 | my $login_practice_user = $r->param('login_practice_user'); |
162 | my ($cookieUser, $cookieKey) = $self->checkCookie; |
| 139 | my $send_cookie = $r->param("send_cookie"); |
163 | $cookieUser ||= ""; |
| 140 | my $error; |
164 | $cookieKey ||= ""; |
| 141 | my $failWithoutError = 0; |
|
|
| 142 | |
165 | |
| 143 | VERIFY: { |
166 | VERIFY: { |
| 144 | # This block is here so we can "last" out of it when we've |
167 | # This block is here so we can "last" out of it when we've |
| 145 | # decided whether we're going to succeed or fail. |
168 | # decided whether we're going to succeed or fail. |
| 146 | |
169 | |
| … | |
… | |
| 166 | # no authentication data was given. this is OK. |
189 | # no authentication data was given. this is OK. |
| 167 | unless (defined $user or defined $passwd or defined $key) { |
190 | unless (defined $user or defined $passwd or defined $key) { |
| 168 | # check to see if a cookie was sent by the browser. if so, use the |
191 | # check to see if a cookie was sent by the browser. if so, use the |
| 169 | # user and key from the cookie for authentication. note that the |
192 | # user and key from the cookie for authentication. note that the |
| 170 | # cookie is only used if no credentials are sent as parameters. |
193 | # cookie is only used if no credentials are sent as parameters. |
| 171 | my ($cookieUser, $cookieKey) = $self->checkCookie; |
|
|
| 172 | if ($cookieUser and $cookieKey) { |
194 | if ($cookieUser and $cookieKey) { |
| 173 | $user = $cookieUser; |
195 | $user = $cookieUser; |
| 174 | $key = $cookieKey; |
196 | $key = $cookieKey; |
| 175 | $r->param("user", $user); |
197 | $r->param("user", $user); |
| 176 | $r->param("key", $key); |
198 | $r->param("key", $key); |
|
|
199 | $credentialSource = "cookie"; |
| 177 | } else { |
200 | } else { |
| 178 | $failWithoutError = 1; |
201 | $failWithoutError = 1; |
| 179 | last VERIFY; |
202 | last VERIFY; |
| 180 | } |
203 | } |
| 181 | } |
204 | } |
| … | |
… | |
| 282 | # neither a key or a password were supplied. |
305 | # neither a key or a password were supplied. |
| 283 | $error = "You must enter a password." |
306 | $error = "You must enter a password." |
| 284 | } |
307 | } |
| 285 | |
308 | |
| 286 | if (defined $error) { |
309 | if (defined $error) { |
| 287 | # authentication failed, in a bad way |
310 | # authentication failed, store the error message |
| 288 | $r->notes("authen_error",$error); |
311 | $r->notes("authen_error",$error); |
|
|
312 | |
|
|
313 | # if we got a cookie, it probably has incorrect information in it. so |
|
|
314 | # we want to get rid of it |
|
|
315 | if ($cookieUser or $cookieKey) { |
|
|
316 | #warn "fail with error: killing cookie"; |
|
|
317 | $self->killCookie; |
|
|
318 | } |
|
|
319 | |
| 289 | return 0; |
320 | return 0; |
| 290 | } elsif ($failWithoutError) { |
321 | } elsif ($failWithoutError) { |
| 291 | # authentication failed, but not in a bad way |
322 | # authentication failed, but we don't have any error message to report |
|
|
323 | |
|
|
324 | # if we got a cookie, it probably has incorrect information in it. so |
|
|
325 | # we want to get rid of it |
|
|
326 | if ($cookieUser or $cookieKey) { |
|
|
327 | #warn "fail without error: killing cookie"; |
|
|
328 | $self->killCookie; |
|
|
329 | } |
|
|
330 | |
| 292 | return 0; |
331 | return 0; |
| 293 | } else { |
332 | } else { |
| 294 | # autentication succeeded! |
333 | # autentication succeeded! |
| 295 | # send a cookie with the user and key that were accepted. |
334 | |
|
|
335 | # we send a cookie if any of these conditions are met: |
|
|
336 | # (a) a cookie was used for authentication |
|
|
337 | # (b) a cookie was sent but not used for authentication, and the |
|
|
338 | # credentials used for authentication were the same as those in |
|
|
339 | # the cookie |
|
|
340 | # (c) the user asked to have a cookie sent and is not a guest user. |
|
|
341 | my $usedCookie = ($credentialSource eq "cookie") || 0; |
|
|
342 | my $unusedCookieMatched = ($user eq $cookieUser and $key eq $cookieKey) || 0; |
| 296 | if ($send_cookie and not $login_practice_user) { |
343 | my $userRequestsCookie = ($send_cookie and not $login_practice_user) || 0; |
|
|
344 | #warn "usedCookie=$usedCookie\n"; |
|
|
345 | #warn "unusedCookieMatched=$unusedCookieMatched\n"; |
|
|
346 | #warn "userRequestsCookie=$userRequestsCookie\n"; |
|
|
347 | if ($usedCookie or $unusedCookieMatched or $userRequestsCookie) { |
|
|
348 | #warn "succeed: sending cookie"; |
| 297 | $self->sendCookie($r->param("user"), $r->param("key")); |
349 | $self->sendCookie($r->param("user"), $r->param("key")); |
|
|
350 | } elsif ($cookieUser or $cookieKey) { |
|
|
351 | # otherwise, we don't want any bad cookies sticking around |
|
|
352 | #warn "succeed: killing cookie"; |
|
|
353 | $self->killCookie; |
| 298 | } |
354 | } |
| 299 | return 1; |
355 | return 1; |
| 300 | } |
356 | } |
| 301 | |
357 | |
| 302 | # Whatever you do, don't delete this! |
358 | # Whatever you do, don't delete this! |
Parent Directory
| 
Revision Log
| 
Patch