[system] / branches / wheeler / webwork2 / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

Diff of /branches/wheeler/webwork2/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 7141 Revision 7144
1################################################################################ 1################################################################################
2# WeBWorK Online Homework Delivery System 2# WeBWorK Online Homework Delivery System
3# Copyright 2000-2007 The WeBWorK Project, http://openwebwork.sf.net/ 3# Copyright 2000-2007 The WeBWorK Project, http://openwebwork.sf.net/
4# $CVSHeader: webwork2/lib/WeBWorK/Authen.pm,v 1.62 2007/03/06 22:03:15 glarose Exp $ 4# $CVSHeader: webwork2/lib/WeBWorK/Authen.pm,v 1.63 2012/06/06 22:03:15 wheeler Exp $
5# 5#
6# This program is free software; you can redistribute it and/or modify it under 6# This program is free software; you can redistribute it and/or modify it under
7# the terms of either: (a) the GNU General Public License as published by the 7# the terms of either: (a) the GNU General Public License as published by the
8# Free Software Foundation; either version 2, or (at your option) any later 8# Free Software Foundation; either version 2, or (at your option) any later
9# version, or (b) the "Artistic License" which comes with this package. 9# version, or (b) the "Artistic License" which comes with this package.
55use Socket qw/unpack_sockaddr_in inet_ntoa/; # for logging 55use Socket qw/unpack_sockaddr_in inet_ntoa/; # for logging
56use WeBWorK::Debug; 56use WeBWorK::Debug;
57use WeBWorK::Utils qw/writeCourseLog runtime_use/; 57use WeBWorK::Utils qw/writeCourseLog runtime_use/;
58use WeBWorK::Localize; 58use WeBWorK::Localize;
59use URI::Escape; 59use URI::Escape;
60use Carp;
60 61
61use mod_perl; 62use mod_perl;
62use constant MP2 => ( exists $ENV{MOD_PERL_API_VERSION} and $ENV{MOD_PERL_API_VERSION} >= 2 ); 63use constant MP2 => ( exists $ENV{MOD_PERL_API_VERSION} and $ENV{MOD_PERL_API_VERSION} >= 2 );
63 64
64 65
196=over 197=over
197 198
198=cut 199=cut
199 200
200sub request_has_data_for_this_verification_module { 201sub request_has_data_for_this_verification_module {
202 #debug("Authen::request_has_data_for_this_verification_module will return a 1");
201 return(1); 203 return(1);
202} 204}
203 205
204sub verify { 206sub verify {
205 debug("BEGIN VERIFY"); 207 debug("BEGIN VERIFY");
206 my $self = shift; 208 my $self = shift;
207 my $r = $self->{r}; 209 my $r = $self->{r};
208 210
209 if (! ($self-> request_has_data_for_this_verification_module)) { 211 if (! ($self-> request_has_data_for_this_verification_module)) {
210 return ( $self -> call_next_authen_method()); 212 return ( $self -> call_next_authen_method());
211 } 213 }
214
212 my $result = $self->do_verify; 215 my $result = $self->do_verify;
213 my $error = $self->{error}; 216 my $error = $self->{error};
214 my $log_error = $self->{log_error}; 217 my $log_error = $self->{log_error};
215 218
216 $self->{was_verified} = $result ? 1 : 0; 219 $self->{was_verified} = $result ? 1 : 0;
225 $self->set_params; 228 $self->set_params;
226 } else { 229 } else {
227 if (defined $log_error) { 230 if (defined $log_error) {
228 $self->write_log_entry("LOGIN FAILED $log_error"); 231 $self->write_log_entry("LOGIN FAILED $log_error");
229 } 232 }
233 if (!defined($error) or !$error) {
234 $error = $r->maketext("Your authentication failed. Please try again."
235 . " Please speak with your instructor if you need help.")
236 }
230 $self->maybe_kill_cookie; 237 $self->maybe_kill_cookie;
231 if ($error) { 238 if ($error) {
232 MP2 ? $r->notes->set(authen_error => $error) : $r->notes("authen_error" => $error); 239 MP2 ? $r->notes->set(authen_error => $error) : $r->notes("authen_error" => $error);
233 } 240 }
234 } 241 }
256 263
257=cut 264=cut
258 265
259sub forget_verification { 266sub forget_verification {
260 my ($self) = @_; 267 my ($self) = @_;
268 my $r = $self -> {r};
269 my $ce = $r -> {ce};
261 270
262 $self->{was_verified} = 0; 271 $self->{was_verified} = 0;
272
263} 273}
264 274
265=back 275=back
266 276
267=cut 277=cut
330 if (defined $cookieUser and defined $r->param("user") ) { 340 if (defined $cookieUser and defined $r->param("user") ) {
331 if ($cookieUser ne $r->param("user")) { 341 if ($cookieUser ne $r->param("user")) {
332 croak ("cookieUser = $cookieUser and paramUser = ". $r->param("user") . " are different."); 342 croak ("cookieUser = $cookieUser and paramUser = ". $r->param("user") . " are different.");
333 } 343 }
334 if (defined $cookieKey and defined $r->param("key")) { 344 if (defined $cookieKey and defined $r->param("key")) {
335 if ($cookieKey ne $r->param("key")) {
336 croak ("cookieKey = $cookieKey and param key = " . $r -> param("key") . "are different.");
337 }
338 $self -> {user_id} = $cookieUser; 345 $self -> {user_id} = $cookieUser;
339 $self -> {session_key} = $cookieKey;
340 $self -> {password} = $r->param("passwd"); 346 $self -> {password} = $r->param("passwd");
341 $self -> {cookie_timestamp} = $cookieTimeStamp;
342 $self -> {login_type} = "normal"; 347 $self -> {login_type} = "normal";
343 $self -> {credential_source} = "params_and_cookie"; 348 $self -> {credential_source} = "params_and_cookie";
344 debug("params and cookie user '", $self->{user_id}, "' params and cookie session key = '", 349 $self -> {session_key} = $cookieKey;
350 $self -> {cookie_timestamp} = $cookieTimeStamp;
351 if ($cookieKey ne $r->param("key")) {
352 warn ("cookieKey = $cookieKey and param key = " . $r -> param("key") . " are different, perhaps"
353 ." because you opened several windows for the same site and then backed up from a newer one to an older one."
354 ." Avoid doing so.");
355 $self -> {credential_source} = "conflicting_params_and_cookie";
356 }
357 debug("params and cookie user '", $self->{user_id}, "' credential_source = '", $self->{credential_source},
345 $self->{session_key}, "' cookie_timestamp '", $self->{cookieTimeStamp}, "'"); 358 "' params and cookie session key = '", $self->{session_key}, "' cookie_timestamp '", $self->{cookieTimeStamp}, "'");
346 return 1; 359 return 1;
347 } elsif (defined $r -> param("key")) { 360 } elsif (defined $r -> param("key")) {
348 $self->{user_id} = $r->param("user"); 361 $self->{user_id} = $r->param("user");
349 $self->{session_key} = $r->param("key"); 362 $self->{session_key} = $r->param("key");
350 $self->{password} = $r->param("passwd"); 363 $self->{password} = $r->param("passwd");
403 416
404 my $user_id = $self->{user_id}; 417 my $user_id = $self->{user_id};
405 418
406 if (defined $user_id and $user_id eq "") { 419 if (defined $user_id and $user_id eq "") {
407 $self->{log_error} = "no user id specified"; 420 $self->{log_error} = "no user id specified";
408 $self->{error} = $r->maketext("You must specify a user ID."); 421 $self->{error} .= $r->maketext("You must specify a user ID.");
409 return 0; 422 return 0;
410 } 423 }
411 424
412 my $User = $db->getUser($user_id); 425 my $User = $db->getUser($user_id);
413 426
502 $self->{log_error} = "authentication failed"; 515 $self->{log_error} = "authentication failed";
503 $self->{error} = $GENERIC_ERROR_MESSAGE; 516 $self->{error} = $GENERIC_ERROR_MESSAGE;
504 return 0; 517 return 0;
505 } else { # ($auth_result < 0) => required data was not present 518 } else { # ($auth_result < 0) => required data was not present
506 if ($keyMatches and not $timestampValid) { 519 if ($keyMatches and not $timestampValid) {
507 $self->{error} = $r->maketext("Your session has timed out due to inactivity. Please log in again."); 520 $self->{error} .= $r->maketext("Your session has timed out due to inactivity. Please log in again.");
508 } 521 }
509 return 0; 522 return 0;
510 } 523 }
511 } 524 }
512} 525}
557 570
558 debug("used_cookie='", $used_cookie, "' unused_valid_cookie='", $unused_valid_cookie, "' user_requests_cookie='", $user_requests_cookie, 571 debug("used_cookie='", $used_cookie, "' unused_valid_cookie='", $unused_valid_cookie, "' user_requests_cookie='", $user_requests_cookie,
559 "' session_management_via_cookies ='", $session_management_via_cookies, "'"); 572 "' session_management_via_cookies ='", $session_management_via_cookies, "'");
560 573
561 if ($used_cookie or $unused_valid_cookie or $user_requests_cookie or $session_management_via_cookies) { 574 if ($used_cookie or $unused_valid_cookie or $user_requests_cookie or $session_management_via_cookies) {
575 #debug("Authen::maybe_send_cookie is sending a cookie");
562 $self->sendCookie($self->{user_id}, $self->{session_key}); 576 $self->sendCookie($self->{user_id}, $self->{session_key});
563 } else { 577 } else {
564 $self->killCookie; 578 $self->killCookie;
565 } 579 }
566} 580}
726 } 740 }
727 } 741 }
728 return (1, $keyMatches, $timestampValid); 742 return (1, $keyMatches, $timestampValid);
729} 743}
730 744
745sub killSession {
746 my $self = shift;
747
748 my $r = $self -> {r};
749 my $ce = $r -> {ce};
750 my $db = $r -> {db};
751
752 $self -> forget_verification;
753 if ($ce -> {session_management_via} eq "session_cookie") {
754 $self -> killCookie();
755 }
756
757 my $userID = $r -> {user_id};
758 if (defined($userID)) {
759 $db -> deleteKey($userID);
760 }
761}
762
763
731################################################################################ 764################################################################################
732# Cookie management 765# Cookie management
733################################################################################ 766################################################################################
734 767
735sub fetchCookie { 768sub fetchCookie {
808 } 841 }
809 if ($r->hostname ne "localhost" && $r->hostname ne "127.0.0.1") { 842 if ($r->hostname ne "localhost" && $r->hostname ne "127.0.0.1") {
810 $cookie -> domain($r->hostname); # if $r->hostname = "localhost" or "127.0.0.1", then this must be omitted. 843 $cookie -> domain($r->hostname); # if $r->hostname = "localhost" or "127.0.0.1", then this must be omitted.
811 } 844 }
812 845
813 debug("about to add Set-Cookie header with this string: '", $cookie->as_string, "'"); 846 #debug("about to add Set-Cookie header with this string: '", $cookie->as_string, "'");
814 eval {$r->headers_out->set("Set-Cookie" => $cookie->as_string);}; 847 eval {$r->headers_out->set("Set-Cookie" => $cookie->as_string);};
815 if ($@) {croak $@; } 848 if ($@) {croak $@; }
816} 849}
817 850
818sub killCookie { 851sub killCookie {
828 -value => "\t", 861 -value => "\t",
829 -expires => $expires, 862 -expires => $expires,
830 -path => $ce->{webworkURLRoot}, 863 -path => $ce->{webworkURLRoot},
831 -secure => 0, 864 -secure => 0,
832 ); 865 );
833 if ($ce->{session_management_via} ne "session_cookie") {
834 my $expires = time2str("%a, %d-%h-%Y %H:%M:%S %Z", time+COOKIE_LIFESPAN, "GMT");
835 $cookie -> expires($expires);
836 }
837 if ($r->hostname ne "localhost" && $r->hostname ne "127.0.0.1") { 866 if ($r->hostname ne "localhost" && $r->hostname ne "127.0.0.1") {
838 $cookie -> domain($r->hostname); # if $r->hostname = "localhost" or "127.0.0.1", then this must be omitted. 867 $cookie -> domain($r->hostname); # if $r->hostname = "localhost" or "127.0.0.1", then this must be omitted.
839 } 868 }
840 869
870 #debug( "killCookie is about to set an expired cookie");
841 debug("about to add Set-Cookie header with this string: '", $cookie->as_string, "'"); 871 #debug("about to add Set-Cookie header with this string: '", $cookie->as_string, "'");
842 eval {$r->headers_out->set("Set-Cookie" => $cookie->as_string);}; 872 eval {$r->headers_out->set("Set-Cookie" => $cookie->as_string);};
843 if ($@) {croak $@; } 873 if ($@) {croak $@; }
844} 874}
845 875
846################################################################################ 876################################################################################

Legend:
Removed from v.7141  
changed lines
  Added in v.7144

aubreyja at gmail dot com
ViewVC Help
Powered by ViewVC 1.0.9