| 1 | package WeBWorK::Authen; |
1 | package WeBWorK::Authen; |
| 2 | |
2 | |
| 3 | use WeBWorK::DB::Auth; |
3 | use WeBWorK::DB::Auth; |
|
|
4 | use strict; |
|
|
5 | use warnings; |
| 4 | |
6 | |
| 5 | sub new($$$) { |
7 | sub new($$$) { |
| 6 | my $invocant = shift; |
8 | my $invocant = shift; |
| 7 | my $class = ref($invocant) || $invocant; |
9 | my $class = ref($invocant) || $invocant; |
| 8 | my $self = {}; |
10 | my $self = {}; |
| … | |
… | |
| 44 | |
46 | |
| 45 | # I wanted to get rid of that passwd up here for security reasons, |
47 | # I wanted to get rid of that passwd up here for security reasons, |
| 46 | # but usability dictates that we not clear out invalid passwords. |
48 | # but usability dictates that we not clear out invalid passwords. |
| 47 | #$r->param('passwd',undef); |
49 | #$r->param('passwd',undef); |
| 48 | |
50 | |
|
|
51 | my $error; |
| 49 | my $return, $error; |
52 | my $return; |
| 50 | |
53 | |
| 51 | my $auth = WeBWorK::DB::Auth->new($course_env); |
54 | my $auth = WeBWorK::DB::Auth->new($course_env); |
| 52 | |
55 | |
| 53 | # The first part of this big conditional checks to make that we have |
56 | # The first part of this big conditional checks to make that we have |
| 54 | # all of the form info that we need. It's pretty boring. The kooky |
57 | # all of the form info that we need. It's pretty boring. The kooky |
| … | |
… | |
| 70 | # A bit of extra logic for practice users |
73 | # A bit of extra logic for practice users |
| 71 | # Practice users are different because: |
74 | # Practice users are different because: |
| 72 | # - They aren't allowed to log in if an active key exists |
75 | # - They aren't allowed to log in if an active key exists |
| 73 | # (except for $debugPracticeUser) |
76 | # (except for $debugPracticeUser) |
| 74 | # - They are allowed to log in with any password |
77 | # - They are allowed to log in with any password |
| 75 | $practiceUserPrefix = $course_env->{"practiceUserPrefix"}; |
78 | my $practiceUserPrefix = $course_env->{"practiceUserPrefix"}; |
| 76 | $debugPracticeUser = $course_env->{"debugPracticeUser"}; |
79 | my $debugPracticeUser = $course_env->{"debugPracticeUser"}; |
| 77 | if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) { |
80 | if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) { |
| 78 | if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user |
81 | if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user |
| 79 | $error = "That practice account does not exist"; |
82 | $error = "That practice account does not exist"; |
| 80 | $return = 0; |
83 | $return = 0; |
| 81 | } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) { |
84 | } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) { |
| … | |
… | |
| 111 | } else { |
114 | } else { |
| 112 | $error = "Unexpected authentication error!"; |
115 | $error = "Unexpected authentication error!"; |
| 113 | $return = 0; |
116 | $return = 0; |
| 114 | } |
117 | } |
| 115 | |
118 | |
| 116 | |
|
|
| 117 | $r->notes("authen_error",$error); |
119 | $r->notes("authen_error",$error) if defined($error); |
| 118 | return $return; |
120 | return $return; |
| 119 | |
121 | |
| 120 | # Whatever you do, don't delete this! |
122 | # Whatever you do, don't delete this! |
| 121 | critical($r); |
123 | critical($r); |
| 122 | } |
124 | } |
Parent Directory
| 
Revision Log
| 
Patch