[system] / branches / rel-2-4-patches / webwork2 / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

View of /branches/rel-2-4-patches/webwork2/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log

Revision 441 - (download) (as text) (annotate)
Thu Jul 25 21:58:22 2002 UTC (10 years, 9 months ago) by malsyned
Original Path: trunk/webwork2/lib/WeBWorK/Authen.pm
File size: 3775 byte(s) 
Added use strict and use warnings, then cleaned up much of the mess that
revealed.
--Dennis

    1 package WeBWorK::Authen;
    2 
    3 use WeBWorK::DB::Auth;
    4 use strict;
    5 use warnings;
    6 
    7 sub new($$$) {
    8   my $invocant = shift;
    9   my $class = ref($invocant) || $invocant;
   10   my $self = {};
   11   ($self->{r}, $self->{courseEnvironment}) = @_;
   12   bless $self, $class;
   13   return $self;
   14 }
   15 
   16 sub generate_key {
   17   # Package constants.  These should never be changed in other places ever
   18   my $key_length = 40;      # number of chars in each key
   19   my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*');
   20 
   21   my $i = $key_length;
   22   my $key = '';
   23   srand;
   24   while($i) {
   25     $key .= $key_chars[rand(@key_chars)];
   26     $i--;
   27   }
   28   return $key;
   29 }
   30 
   31 # verify will return 1 if the person is who they say the are.
   32 # If the verification failed because of of invalid authentication data,
   33 # a note will be written in the request explaining why it failed.
   34 # If the request failed because no authentication data was provided, however,
   35 # no note will be written, as this is expected to happen whenever someone
   36 # types in a URL manually, and is not considered an error condition.
   37 sub verify($) {
   38   my $self = shift;
   39   my $r = $self->{r};
   40   my $course_env = $self->{courseEnvironment};
   41 
   42   my $user = $r->param('user');
   43   my $passwd = $r->param('passwd');
   44   my $key = $r->param('key');
   45   my $time = time;
   46 
   47   # I wanted to get rid of that passwd up here for security reasons,
   48   # but usability dictates that we not clear out invalid passwords.
   49   #$r->param('passwd',undef);
   50 
   51   my $error;
   52   my $return;
   53 
   54   my $auth = WeBWorK::DB::Auth->new($course_env);
   55 
   56   # The first part of this big conditional checks to make that we have
   57   # all of the form info that we need. It's pretty boring.  The kooky
   58   # authen stuff comes after that.
   59   if (!defined $user && !defined $passwd && !defined $key) {
   60     # The user hasn't even had a chance to say who he is, so we
   61     # can't hold it against him that we don't know.
   62     undef $error;
   63     $return = 0;
   64   } elsif (!$user) {
   65     $error = "You must specify a username";
   66     $return = 0;
   67   } elsif (!$passwd && !$key) {
   68     $error = "You must enter a password";
   69     $return = 0;
   70   }
   71   # OK, we're done with the trivia.  Now lets authenticate.
   72   elsif ($passwd) {
   73     # A bit of extra logic for practice users
   74     # Practice users are different because:
   75     # - They aren't allowed to log in if an active key exists
   76     #   (except for $debugPracticeUser)
   77     # - They are allowed to log in with any password
   78     my $practiceUserPrefix = $course_env->{"practiceUserPrefix"};
   79     my $debugPracticeUser = $course_env->{"debugPracticeUser"};
   80     if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) {
   81       if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user
   82         $error = "That practice account does not exist";
   83         $return = 0;
   84       } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) {
   85         $error = "That practice account is in use";
   86         $return = 0;
   87       } else {
   88         $key = generate_key;
   89         $auth->setKey($user, $key);
   90         $r->param('key',$key);
   91         $return = 1;
   92       }
   93     }
   94     # Not a practice user.  Do normal authentication.
   95     elsif ($auth->verifyPassword($user, $passwd)) {
   96       # Remove the passwd field from subsequent requests.
   97       $r->param('passwd',undef);
   98       $key = $auth->getKey($user) || generate_key;
   99       $auth->setKey($user, $key);
  100       $r->param('key',$key);
  101       $return = 1;
  102     } else {
  103       $error = "Incorrect username or password";
  104       $return = 0;
  105     }
  106   } elsif ($key) {
  107     # The timestamp gets updated by verifyKey
  108     if ($auth->verifyKey($user, $key)) {
  109       $return = 1;
  110     } else {
  111       $error = "Your session has expired.  You must login again";
  112       $return = 0;
  113     }
  114   } else {
  115     $error = "Unexpected authentication error!";
  116     $return = 0;
  117   }
  118 
  119   $r->notes("authen_error",$error) if defined($error);
  120   return $return;
  121 
  122   # Whatever you do, don't delete this!
  123   critical($r);
  124 }
  125 
  126 1;
aubreyja at gmail dot com
 ViewVC Help
Powered by ViewVC 1.0.9