[system] / trunk / webwork2 / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

Diff of /trunk/webwork2/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 322 Revision 323
1package WeBWorK::Authen; 1package WeBWorK::Authen;
2 2
3# Package constants. These should never be changed in other places ever
4my $key_length = 40; # number of chars in each key
5my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*');
6
3sub new($$$) { 7sub new($$$) {
4 my $proto = shift; 8 my $invocant = shift;
5 my $class = ref($proto) || $proto; 9 my $class = ref($invocant) || $invocant;
6 my $self = {}; 10 my $self = {};
7 ($self->{r}, $self->{courseEnvironment}) = @_; 11 ($self->{r}, $self->{courseEnvironment}) = @_;
8 bless $self, $class; 12 bless $self, $class;
9 return $self; 13 return $self;
14}
15
16sub generate_key {
17 my $i = $key_length;
18 my $key = '';
19 srand;
20 while($i) {
21 $key .= $key_chars[rand(@key_chars)];
22 $i--;
23 }
24 return $key;
10} 25}
11 26
12# verify will return 1 if the person is who they say the are. 27# verify will return 1 if the person is who they say the are.
13# If the verification failed because of of invalid authentication data, 28# If the verification failed because of of invalid authentication data,
14# a note will be written in the request explaining why it failed. 29# a note will be written in the request explaining why it failed.
15# If the request failed because no authentication data was provided, however, 30# If the request failed because no authentication data was provided, however,
16# no note will be written, as this is expected to happen whenever someone 31# no note will be written, as this is expected to happen whenever someone
17# types in a URL manually, and is not considered an error condition. 32# types in a URL manually, and is not considered an error condition.
18sub verify($) { 33sub verify($) {
19 # Definition: "magic data": passwd or key
20 my $self = shift; 34 my $self = shift;
21 my $r = $self->{r}; 35 my $r = $self->{r};
22 36
23 my $user = $r->param('user'); 37 my $user = $r->param('user');
24 my $passwd = $r->param('passwd'); 38 my $passwd = $r->param('passwd');
25 my $key = $r->param('key'); 39 my $key = $r->param('key');
40 my $time = time;
26 41
27 # Get this out of the way first thing. We don't want anything else 42 # Get this out of the way first thing. We don't want anything else
28 # having access to this. It's bad enough that it goes over the wire 43 # having access to this. It's bad enough that it goes over the wire
29 # plaintext. 44 # plaintext.
45 # I wish there was a way to delete this entirely, rather than just
46 # undefining it, just because it would be neater.
30 $r->param('passwd',undef); 47 $r->param('passwd',undef);
31 48
32 my $return, $error; 49 my $return, $error;
33 50
34 # The first part of this big conditional checks to make that we have 51 # The first part of this big conditional checks to make that we have
52 elsif ($user ne "dennis") { 69 elsif ($user ne "dennis") {
53 $error = "Unknown user"; 70 $error = "Unknown user";
54 $return = 0; 71 $return = 0;
55 } elsif ($passwd) { 72 } elsif ($passwd) {
56 if ($passwd eq "helloworld") { 73 if ($passwd eq "helloworld") {
57 $r->param('key','tH1siS@pH0n3Yk3y'); 74 $key = generate_key;
75 #TODO: enter $key and $time into the database
76 $r->param('key',$key);
58 $return = 1; 77 $return = 1;
59 } else { 78 } else {
60 $error = "Incorrect password"; 79 $error = "Incorrect password";
61 $return = 0; 80 $return = 0;
62 } 81 }
63 } elsif ($key) { 82 } elsif ($key) {
64 if ($key eq 'tH1siS@pH0n3Yk3y') { 83 if ($key ne 'invalidkeyhahaha') {
65 $return = 1; 84 $return = 1;
66 } else { 85 } else {
67 $error = "Your session has expired. You must re-login"; 86 $error = "Your session has expired. You must re-login";
68 $return = 0; 87 $return = 0;
69 } 88 }

Legend:
Removed from v.322  
changed lines
  Added in v.323

aubreyja at gmail dot com
ViewVC Help
Powered by ViewVC 1.0.9