[system] / trunk / webwork2 / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

View of /trunk/webwork2/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log


Revision 349 - (download) (as text) (annotate)
Fri Jun 7 21:37:33 2002 UTC (17 years, 8 months ago) by malsyned
File size: 3723 byte(s)
The framework for the template system has been laid in ContentGenerator.
Login.pm is the first module converted to work with that framework.
--Dennis

    1 package WeBWorK::Authen;
    2 
    3 use WeBWorK::DB::Auth;
    4 
    5 sub new($$$) {
    6   my $invocant = shift;
    7   my $class = ref($invocant) || $invocant;
    8   my $self = {};
    9   ($self->{r}, $self->{courseEnvironment}) = @_;
   10   bless $self, $class;
   11   return $self;
   12 }
   13 
   14 sub generate_key {
   15   # Package constants.  These should never be changed in other places ever
   16   my $key_length = 40;      # number of chars in each key
   17   my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*');
   18 
   19   my $i = $key_length;
   20   my $key = '';
   21   srand;
   22   while($i) {
   23     $key .= $key_chars[rand(@key_chars)];
   24     $i--;
   25   }
   26   return $key;
   27 }
   28 
   29 # verify will return 1 if the person is who they say the are.
   30 # If the verification failed because of of invalid authentication data,
   31 # a note will be written in the request explaining why it failed.
   32 # If the request failed because no authentication data was provided, however,
   33 # no note will be written, as this is expected to happen whenever someone
   34 # types in a URL manually, and is not considered an error condition.
   35 sub verify($) {
   36   my $self = shift;
   37   my $r = $self->{r};
   38   my $course_env = $self->{courseEnvironment};
   39 
   40   my $user = $r->param('user');
   41   my $passwd = $r->param('passwd');
   42   my $key = $r->param('key');
   43   my $time = time;
   44 
   45   # I wanted to get rid of that passwd up here for security reasons,
   46   # but usability dictates that we not clear out invalid passwords.
   47   #$r->param('passwd',undef);
   48 
   49   my $return, $error;
   50 
   51   my $auth = WeBWorK::DB::Auth->new($course_env);
   52 
   53   # The first part of this big conditional checks to make that we have
   54   # all of the form info that we need. It's pretty boring.  The kooky
   55   # authen stuff comes after that.
   56   if (!defined $user && !defined $passwd && !defined $key) {
   57     # The user hasn't even had a chance to say who he is, so we
   58     # can't hold it against him that we don't know.
   59     undef $error;
   60     $return = 0;
   61   } elsif (!$user) {
   62     $error = "You must specify a username";
   63     $return = 0;
   64   } elsif (!$passwd && !$key) {
   65     $error = "You must enter a password";
   66     $return = 0;
   67   }
   68   # OK, we're done with the trivia.  Now lets authenticate.
   69   elsif ($passwd) {
   70     # A bit of extra logic for practice users
   71     # Practice users are different because:
   72     # - They aren't allowed to log in if an active key exists
   73     #   (except for $debugPracticeUser)
   74     # - They are allowed to log in with any password
   75     $practiceUserPrefix = $course_env->{"practiceUserPrefix"};
   76     $debugPracticeUser = $course_env->{"debugPracticeUser"};
   77     if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) {
   78       if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user
   79         $error = "That practice account does not exist";
   80         $return = 0;
   81       } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) {
   82         $error = "That practice account is in use";
   83         $return = 0;
   84       } else {
   85         $key = generate_key;
   86         $auth->setKey($user, $key);
   87         $r->param('key',$key);
   88         $return = 1;
   89       }
   90     }
   91     # Not a practice user.  Do normal authentication.
   92     elsif ($auth->verifyPassword($user, $passwd)) {
   93       # Remove the passwd field from subsequent requests.
   94       $r->param('passwd',undef);
   95       $key = $auth->getKey($user) || generate_key;
   96       $auth->setKey($user, $key);
   97       $r->param('key',$key);
   98       $return = 1;
   99     } else {
  100       $error = "Incorrect username or password";
  101       $return = 0;
  102     }
  103   } elsif ($key) {
  104     # The timestamp gets updated by verifyKey
  105     if ($auth->verifyKey($user, $key)) {
  106       $return = 1;
  107     } else {
  108       $error = "Your session has expired.  You must login again";
  109       $return = 0;
  110     }
  111   } else {
  112     $error = "Unexpected authentication error!";
  113     $return = 0;
  114   }
  115 
  116 
  117   $r->notes("authen_error",$error);
  118   return $return;
  119 
  120   # Whatever you do, don't delete this!
  121   critical($r);
  122 }
  123 
  124 1;

aubreyja at gmail dot com
ViewVC Help
Powered by ViewVC 1.0.9