| 1 | package WeBWorK::Authen; |
1 | package WeBWorK::Authen; |
|
|
2 | |
|
|
3 | use WeBWorK::DB::Auth |
| 2 | |
4 | |
| 3 | # Package constants. These should never be changed in other places ever |
5 | # Package constants. These should never be changed in other places ever |
| 4 | my $key_length = 40; # number of chars in each key |
6 | my $key_length = 40; # number of chars in each key |
| 5 | my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*'); |
7 | my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*'); |
| 6 | |
8 | |
| … | |
… | |
| 31 | # no note will be written, as this is expected to happen whenever someone |
33 | # no note will be written, as this is expected to happen whenever someone |
| 32 | # types in a URL manually, and is not considered an error condition. |
34 | # types in a URL manually, and is not considered an error condition. |
| 33 | sub verify($) { |
35 | sub verify($) { |
| 34 | my $self = shift; |
36 | my $self = shift; |
| 35 | my $r = $self->{r}; |
37 | my $r = $self->{r}; |
|
|
38 | my $course_env = $self->{courseEnvironment}; |
| 36 | |
39 | |
| 37 | my $user = $r->param('user'); |
40 | my $user = $r->param('user'); |
| 38 | my $passwd = $r->param('passwd'); |
41 | my $passwd = $r->param('passwd'); |
| 39 | my $key = $r->param('key'); |
42 | my $key = $r->param('key'); |
| 40 | my $time = time; |
43 | my $time = time; |
| … | |
… | |
| 45 | # I wish there was a way to delete this entirely, rather than just |
48 | # I wish there was a way to delete this entirely, rather than just |
| 46 | # undefining it, just because it would be neater. |
49 | # undefining it, just because it would be neater. |
| 47 | $r->param('passwd',undef); |
50 | $r->param('passwd',undef); |
| 48 | |
51 | |
| 49 | my $return, $error; |
52 | my $return, $error; |
|
|
53 | |
|
|
54 | my $auth = WeBWorK::DB::Auth->new($course_env); |
| 50 | |
55 | |
| 51 | # The first part of this big conditional checks to make that we have |
56 | # The first part of this big conditional checks to make that we have |
| 52 | # all of the form info that we need. It's pretty boring. The kooky |
57 | # all of the form info that we need. It's pretty boring. The kooky |
| 53 | # authen stuff comes after that. |
58 | # authen stuff comes after that. |
| 54 | if (!defined $user && !defined $passwd && !defined $key) { |
59 | if (!defined $user && !defined $passwd && !defined $key) { |
| … | |
… | |
| 64 | $return = 0; |
69 | $return = 0; |
| 65 | } |
70 | } |
| 66 | # OK, we're done with the trivia. Now lets authenticate. |
71 | # OK, we're done with the trivia. Now lets authenticate. |
| 67 | # This is the part that will get rewritten after Sam finishes |
72 | # This is the part that will get rewritten after Sam finishes |
| 68 | # his work on the database stuff. |
73 | # his work on the database stuff. |
| 69 | elsif ($user ne "dennis") { |
|
|
| 70 | $error = "Unknown user"; |
|
|
| 71 | $return = 0; |
|
|
| 72 | } elsif ($passwd) { |
74 | elsif ($passwd) { |
| 73 | if ($passwd eq "helloworld") { |
75 | if ($auth->verifyPassword($user, $passwd)) { |
| 74 | $key = generate_key; |
76 | $key = generate_key; |
| 75 | #TODO: enter $key and $time into the database |
77 | $auth->setKey($user, $key, time); |
| 76 | $r->param('key',$key); |
78 | $r->param('key',$key); |
| 77 | $return = 1; |
79 | $return = 1; |
| 78 | } else { |
80 | } else { |
| 79 | $error = "Incorrect password"; |
81 | $error = "Incorrect username or password"; |
| 80 | $return = 0; |
82 | $return = 0; |
| 81 | } |
83 | } |
| 82 | } elsif ($key) { |
84 | } elsif ($key) { |
| 83 | if ($key ne 'invalidkeyhahaha') { |
85 | # The timestamp gets updated by verifyKey with the time passed in |
|
|
86 | if ($auth->verifyKey($user, $key, time)) { |
| 84 | $return = 1; |
87 | $return = 1; |
| 85 | } else { |
88 | } else { |
| 86 | $error = "Your session has expired. You must login again"; |
89 | $error = "Your session has expired. You must login again"; |
| 87 | $return = 0; |
90 | $return = 0; |
| 88 | } |
91 | } |
Parent Directory
| 
Revision Log
| 
Patch