[system] / trunk / webwork-modperl / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

View of /trunk/webwork-modperl/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log

Revision 522 - (download) (as text) (annotate)
Thu Aug 29 17:42:39 2002 UTC (10 years, 9 months ago) by malsyned
File size: 4167 byte(s) 
Debugging of the templating system and some other misc. changes.
--dennis

    1 ################################################################################
    2 # WeBWorK mod_perl (c) 2000-2002 WeBWorK Project
    3 # $Id$
    4 ################################################################################
    5 
    6 package WeBWorK::Authen;
    7 
    8 =head1 NAME
    9 
   10 WeBWorK::Authen - Check user identity, manage session keys.
   11 
   12 =cut
   13 
   14 use strict;
   15 use warnings;
   16 use WeBWorK::DB::Auth;
   17 
   18 sub new($$$) {
   19   my $invocant = shift;
   20   my $class = ref($invocant) || $invocant;
   21   my $self = {};
   22   ($self->{r}, $self->{courseEnvironment}) = @_;
   23   bless $self, $class;
   24   return $self;
   25 }
   26 
   27 sub generate_key {
   28   # Package constants.  These should never be changed in other places ever
   29   my $key_length = 40;      # number of chars in each key
   30   my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*');
   31 
   32   my $i = $key_length;
   33   my $key = '';
   34   srand;
   35   while($i) {
   36     $key .= $key_chars[rand(@key_chars)];
   37     $i--;
   38   }
   39   return $key;
   40 }
   41 
   42 # verify will return 1 if the person is who they say the are.
   43 # If the verification failed because of of invalid authentication data,
   44 # a note will be written in the request explaining why it failed.
   45 # If the request failed because no authentication data was provided, however,
   46 # no note will be written, as this is expected to happen whenever someone
   47 # types in a URL manually, and is not considered an error condition.
   48 sub verify($) {
   49   my $self = shift;
   50   my $r = $self->{r};
   51   my $course_env = $self->{courseEnvironment};
   52 
   53   my $user = $r->param('user');
   54   my $passwd = $r->param('passwd');
   55   my $key = $r->param('key');
   56   my $time = time;
   57 
   58   # I wanted to get rid of that passwd up here for security reasons,
   59   # but usability dictates that we not clear out invalid passwords.
   60   #$r->param('passwd',undef);
   61 
   62   my $error;
   63   my $return;
   64 
   65   my $auth = WeBWorK::DB::Auth->new($course_env);
   66 
   67   # The first part of this big conditional checks to make that we have
   68   # all of the form info that we need. It's pretty boring.  The kooky
   69   # authen stuff comes after that.
   70   if (!defined $user && !defined $passwd && !defined $key) {
   71     # The user hasn't even had a chance to say who he is, so we
   72     # can't hold it against him that we don't know.
   73     undef $error;
   74     $return = 0;
   75   } elsif (!$user) {
   76     $error = "You must specify a username";
   77     $return = 0;
   78   } elsif (!$passwd && !$key) {
   79     $error = "You must enter a password";
   80     $return = 0;
   81   }
   82   # OK, we're done with the trivia.  Now lets authenticate.
   83   elsif ($passwd) {
   84     # A bit of extra logic for practice users
   85     # Practice users are different because:
   86     # - They aren't allowed to log in if an active key exists
   87     #   (except for $debugPracticeUser)
   88     # - They are allowed to log in with any password
   89     my $practiceUserPrefix = $course_env->{"practiceUserPrefix"};
   90     my $debugPracticeUser = $course_env->{"debugPracticeUser"};
   91     if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) {
   92       if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user
   93         $error = "That practice account does not exist";
   94         $return = 0;
   95       } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) {
   96         $error = "That practice account is in use";
   97         $return = 0;
   98       } else {
   99         $key = generate_key;
  100         $auth->setKey($user, $key);
  101         $r->param('key',$key);
  102         $return = 1;
  103       }
  104     }
  105     # Not a practice user.  Do normal authentication.
  106     elsif ($auth->verifyPassword($user, $passwd)) {
  107       # Remove the passwd field from subsequent requests.
  108       $r->param('passwd',undef);
  109       $key = $auth->getKey($user) || generate_key;
  110       $auth->setKey($user, $key);
  111       $r->param('key',$key);
  112       $return = 1;
  113     } else {
  114       $error = "Incorrect username or password";
  115       $return = 0;
  116     }
  117   } elsif ($key) {
  118     # The timestamp gets updated by verifyKey
  119     if ($auth->verifyKey($user, $key)) {
  120       $return = 1;
  121     } else {
  122       $error = "Your session has expired.  You must login again";
  123       $return = 0;
  124     }
  125   } else {
  126     $error = "Unexpected authentication error!";
  127     $return = 0;
  128   }
  129 
  130   $r->notes("authen_error",$error) if defined($error);
  131   return $return;
  132 
  133   # Whatever you do, don't delete this!
  134   critical($r);
  135 }
  136 
  137 1;
  138 
  139 __END__
  140 
  141 =head1 AUTHOR
  142 
  143 Written by Dennis Lambe Jr., malsyned (at) math.rochester.edu
  144 
  145 =cut
aubreyja at gmail dot com
 ViewVC Help
Powered by ViewVC 1.0.9