Parent Directory
| 
Revision Log
Revision 313 - (view) (download) (as text)
| 1 : | malsyned | 305 | package WeBWorK::Authen; |
| 2 : | |||
| 3 : | sub new($$$) { | ||
| 4 : | malsyned | 313 | my $proto = shift; |
| 5 : | my $class = ref($proto) || $proto; | ||
| 6 : | malsyned | 305 | my $self = {}; |
| 7 : | ($self->{r}, $self->{courseEnvironment}) = @_; | ||
| 8 : | bless $self, $class; | ||
| 9 : | return $self; | ||
| 10 : | } | ||
| 11 : | |||
| 12 : | malsyned | 313 | # verify will return 1 if the person is who they say the are. |
| 13 : | # If the verification failed because of of invalid authentication data, | ||
| 14 : | # a note will be written in the request explaining why it failed. | ||
| 15 : | # If the request failed because no authentication data was provided, however, | ||
| 16 : | # no note will be written, as this is expected to happen whenever someone | ||
| 17 : | # types in a URL manually, and is not considered an error condition. | ||
| 18 : | malsyned | 305 | sub verify($) { |
| 19 : | malsyned | 313 | # Definition: "magic data": passwd or key |
| 20 : | malsyned | 305 | my $self = shift; |
| 21 : | my $r = $self->{r}; | ||
| 22 : | |||
| 23 : | malsyned | 313 | my $user = $r->param('user'); |
| 24 : | my $passwd = $r->param('passwd'); | ||
| 25 : | my $key = $r->param('key'); | ||
| 26 : | |||
| 27 : | # Get this out of the way first thing. We don't want anything else | ||
| 28 : | # having access to this. It's bad enough that it goes over the wire | ||
| 29 : | # plaintext. | ||
| 30 : | $r->param('passwd',undef); | ||
| 31 : | |||
| 32 : | my $return, $error; | ||
| 33 : | |||
| 34 : | # The first part of this big conditional checks to make that we have | ||
| 35 : | # all of the form info that we need. It's pretty boring. The kooky | ||
| 36 : | # authen stuff comes after that. | ||
| 37 : | if (!defined $user && !defined $passwd && !defined $key) { | ||
| 38 : | # The user hasn't even had a chance to say who he is, so we | ||
| 39 : | # can't hold it against him that we don't know. | ||
| 40 : | undef $error; | ||
| 41 : | $return = 0; | ||
| 42 : | } elsif (!$user) { | ||
| 43 : | $error = "You must specify a username"; | ||
| 44 : | $return = 0; | ||
| 45 : | } elsif (!$passwd && !$key) { | ||
| 46 : | $error = "You must enter a password"; | ||
| 47 : | $return = 0; | ||
| 48 : | malsyned | 305 | } |
| 49 : | malsyned | 313 | # OK, we're done with the trivia. Now lets authenticate. |
| 50 : | # This is the part that will get rewritten after Sam finishes | ||
| 51 : | # his work on the database stuff. | ||
| 52 : | elsif ($user ne "dennis") { | ||
| 53 : | $error = "Unknown user"; | ||
| 54 : | $return = 0; | ||
| 55 : | } elsif ($passwd) { | ||
| 56 : | if ($passwd eq "helloworld") { | ||
| 57 : | $r->param('key','tH1siS@pH0n3Yk3y'); | ||
| 58 : | $return = 1; | ||
| 59 : | } else { | ||
| 60 : | $error = "Incorrect password"; | ||
| 61 : | $return = 0; | ||
| 62 : | } | ||
| 63 : | } elsif ($key) { | ||
| 64 : | if ($key eq 'tH1siS@pH0n3Yk3y') { | ||
| 65 : | $return = 1; | ||
| 66 : | } else { | ||
| 67 : | $error = "Your session has expired. You must re-login"; | ||
| 68 : | $return = 0; | ||
| 69 : | } | ||
| 70 : | } else { | ||
| 71 : | $error = "Unexpected authentication error!"; | ||
| 72 : | $return = 0; | ||
| 73 : | malsyned | 305 | } |
| 74 : | malsyned | 313 | |
| 75 : | |||
| 76 : | $r->notes("authen_error",$error); | ||
| 77 : | return $return; | ||
| 78 : | |||
| 79 : | # Whatever you do, don't delete this! | ||
| 80 : | critical($r); | ||
| 81 : | malsyned | 305 | } |
| 82 : | |||
| 83 : | 1; |
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |