| 1 | package WeBWorK::Authen; |
1 | package WeBWorK::Authen; |
| 2 | |
2 | |
| 3 | use WeBWorK::DB::Auth |
3 | use WeBWorK::DB::Auth; |
| 4 | |
|
|
| 5 | # Package constants. These should never be changed in other places ever |
|
|
| 6 | my $key_length = 40; # number of chars in each key |
|
|
| 7 | my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*'); |
|
|
| 8 | |
4 | |
| 9 | sub new($$$) { |
5 | sub new($$$) { |
| 10 | my $invocant = shift; |
6 | my $invocant = shift; |
| 11 | my $class = ref($invocant) || $invocant; |
7 | my $class = ref($invocant) || $invocant; |
| 12 | my $self = {}; |
8 | my $self = {}; |
| … | |
… | |
| 14 | bless $self, $class; |
10 | bless $self, $class; |
| 15 | return $self; |
11 | return $self; |
| 16 | } |
12 | } |
| 17 | |
13 | |
| 18 | sub generate_key { |
14 | sub generate_key { |
|
|
15 | # Package constants. These should never be changed in other places ever |
|
|
16 | my $key_length = 40; # number of chars in each key |
|
|
17 | my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*'); |
|
|
18 | |
| 19 | my $i = $key_length; |
19 | my $i = $key_length; |
| 20 | my $key = ''; |
20 | my $key = ''; |
| 21 | srand; |
21 | srand; |
| 22 | while($i) { |
22 | while($i) { |
| 23 | $key .= $key_chars[rand(@key_chars)]; |
23 | $key .= $key_chars[rand(@key_chars)]; |
| … | |
… | |
| 40 | my $user = $r->param('user'); |
40 | my $user = $r->param('user'); |
| 41 | my $passwd = $r->param('passwd'); |
41 | my $passwd = $r->param('passwd'); |
| 42 | my $key = $r->param('key'); |
42 | my $key = $r->param('key'); |
| 43 | my $time = time; |
43 | my $time = time; |
| 44 | |
44 | |
| 45 | # Get this out of the way first thing. We don't want anything else |
45 | # I wanted to get rid of that passwd up here for security reasons, |
| 46 | # having access to this. It's bad enough that it goes over the wire |
46 | # but usability dictates that we not clear out invalid passwords. |
| 47 | # plaintext. |
|
|
| 48 | # I wish there was a way to delete this entirely, rather than just |
|
|
| 49 | # undefining it, just because it would be neater. |
|
|
| 50 | $r->param('passwd',undef); |
47 | #$r->param('passwd',undef); |
| 51 | |
48 | |
| 52 | my $return, $error; |
49 | my $return, $error; |
| 53 | |
50 | |
| 54 | my $auth = WeBWorK::DB::Auth->new($course_env); |
51 | my $auth = WeBWorK::DB::Auth->new($course_env); |
| 55 | |
52 | |
| … | |
… | |
| 71 | # OK, we're done with the trivia. Now lets authenticate. |
68 | # OK, we're done with the trivia. Now lets authenticate. |
| 72 | # This is the part that will get rewritten after Sam finishes |
69 | # This is the part that will get rewritten after Sam finishes |
| 73 | # his work on the database stuff. |
70 | # his work on the database stuff. |
| 74 | elsif ($passwd) { |
71 | elsif ($passwd) { |
| 75 | if ($auth->verifyPassword($user, $passwd)) { |
72 | if ($auth->verifyPassword($user, $passwd)) { |
|
|
73 | # Remove the passwd field from subsequent requests. |
|
|
74 | $r->param('passwd',undef); |
| 76 | $key = generate_key; |
75 | $key = generate_key; |
| 77 | $auth->setKey($user, $key, time); |
76 | $auth->setKey($user, $key, time); |
| 78 | $r->param('key',$key); |
77 | $r->param('key',$key); |
| 79 | $return = 1; |
78 | $return = 1; |
| 80 | } else { |
79 | } else { |
Parent Directory
| 
Revision Log
| 
Patch