[system] / trunk / webwork2 / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

Annotation of /trunk/webwork2/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log

Revision 455 - (view) (download) (as text)

1 : sh002i 455 ################################################################################
2 :     # WeBWorK mod_perl (c) 1995-2002 WeBWorK Team, Univeristy of Rochester
3 :     # $Id$
4 :     ################################################################################
5 :    
6 : malsyned 305 package WeBWorK::Authen;
7 :    
8 : sh002i 455 =head1 NAME
9 :    
10 :     WeBWorK::Authen - Check user identity, manage session keys.
11 :    
12 :     =cut
13 :    
14 : malsyned 441 use strict;
15 :     use warnings;
16 : sh002i 455 use WeBWorK::DB::Auth;
17 : malsyned 335
18 : malsyned 305 sub new($$$) {
19 : malsyned 323 my $invocant = shift;
20 :     my $class = ref($invocant) || $invocant;
21 : malsyned 305 my $self = {};
22 :     ($self->{r}, $self->{courseEnvironment}) = @_;
23 :     bless $self, $class;
24 :     return $self;
25 :     }
26 :    
27 : malsyned 323 sub generate_key {
28 : malsyned 343 # Package constants. These should never be changed in other places ever
29 :     my $key_length = 40; # number of chars in each key
30 :     my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*');
31 :    
32 : malsyned 323 my $i = $key_length;
33 :     my $key = '';
34 :     srand;
35 :     while($i) {
36 :     $key .= $key_chars[rand(@key_chars)];
37 :     $i--;
38 :     }
39 :     return $key;
40 :     }
41 :    
42 : malsyned 313 # verify will return 1 if the person is who they say the are.
43 :     # If the verification failed because of of invalid authentication data,
44 :     # a note will be written in the request explaining why it failed.
45 :     # If the request failed because no authentication data was provided, however,
46 :     # no note will be written, as this is expected to happen whenever someone
47 :     # types in a URL manually, and is not considered an error condition.
48 : malsyned 305 sub verify($) {
49 :     my $self = shift;
50 :     my $r = $self->{r};
51 : malsyned 335 my $course_env = $self->{courseEnvironment};
52 : malsyned 305
53 : malsyned 313 my $user = $r->param('user');
54 :     my $passwd = $r->param('passwd');
55 :     my $key = $r->param('key');
56 : malsyned 323 my $time = time;
57 : malsyned 313
58 : malsyned 343 # I wanted to get rid of that passwd up here for security reasons,
59 :     # but usability dictates that we not clear out invalid passwords.
60 :     #$r->param('passwd',undef);
61 : malsyned 313
62 : malsyned 441 my $error;
63 :     my $return;
64 : malsyned 313
65 : malsyned 335 my $auth = WeBWorK::DB::Auth->new($course_env);
66 :    
67 : malsyned 313 # The first part of this big conditional checks to make that we have
68 :     # all of the form info that we need. It's pretty boring. The kooky
69 :     # authen stuff comes after that.
70 :     if (!defined $user && !defined $passwd && !defined $key) {
71 :     # The user hasn't even had a chance to say who he is, so we
72 :     # can't hold it against him that we don't know.
73 :     undef $error;
74 :     $return = 0;
75 :     } elsif (!$user) {
76 :     $error = "You must specify a username";
77 :     $return = 0;
78 :     } elsif (!$passwd && !$key) {
79 :     $error = "You must enter a password";
80 :     $return = 0;
81 : malsyned 305 }
82 : malsyned 313 # OK, we're done with the trivia. Now lets authenticate.
83 : malsyned 335 elsif ($passwd) {
84 : malsyned 349 # A bit of extra logic for practice users
85 :     # Practice users are different because:
86 :     # - They aren't allowed to log in if an active key exists
87 :     # (except for $debugPracticeUser)
88 :     # - They are allowed to log in with any password
89 : malsyned 441 my $practiceUserPrefix = $course_env->{"practiceUserPrefix"};
90 :     my $debugPracticeUser = $course_env->{"debugPracticeUser"};
91 : malsyned 349 if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) {
92 :     if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user
93 :     $error = "That practice account does not exist";
94 :     $return = 0;
95 :     } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) {
96 :     $error = "That practice account is in use";
97 :     $return = 0;
98 :     } else {
99 :     $key = generate_key;
100 :     $auth->setKey($user, $key);
101 :     $r->param('key',$key);
102 :     $return = 1;
103 :     }
104 :     }
105 :     # Not a practice user. Do normal authentication.
106 :     elsif ($auth->verifyPassword($user, $passwd)) {
107 : malsyned 343 # Remove the passwd field from subsequent requests.
108 :     $r->param('passwd',undef);
109 : malsyned 349 $key = $auth->getKey($user) || generate_key;
110 :     $auth->setKey($user, $key);
111 : malsyned 323 $r->param('key',$key);
112 : malsyned 313 $return = 1;
113 :     } else {
114 : malsyned 335 $error = "Incorrect username or password";
115 : malsyned 313 $return = 0;
116 :     }
117 :     } elsif ($key) {
118 : malsyned 349 # The timestamp gets updated by verifyKey
119 :     if ($auth->verifyKey($user, $key)) {
120 : malsyned 313 $return = 1;
121 :     } else {
122 : malsyned 329 $error = "Your session has expired. You must login again";
123 : malsyned 313 $return = 0;
124 :     }
125 :     } else {
126 :     $error = "Unexpected authentication error!";
127 :     $return = 0;
128 : malsyned 305 }
129 : malsyned 313
130 : malsyned 441 $r->notes("authen_error",$error) if defined($error);
131 : malsyned 313 return $return;
132 :    
133 :     # Whatever you do, don't delete this!
134 :     critical($r);
135 : malsyned 305 }
136 :    
137 :     1;
aubreyja at gmail dot com
 ViewVC Help
Powered by ViewVC 1.0.9