| 1 | package WeBWorK::Authen; |
1 | package WeBWorK::Authen; |
| 2 | |
2 | |
| 3 | sub new($$$) { |
3 | sub new($$$) { |
| 4 | my $class = shift; |
4 | my $proto = shift; |
|
|
5 | my $class = ref($proto) || $proto; |
| 5 | my $self = {}; |
6 | my $self = {}; |
| 6 | ($self->{r}, $self->{courseEnvironment}) = @_; |
7 | ($self->{r}, $self->{courseEnvironment}) = @_; |
| 7 | bless $self, $class; |
8 | bless $self, $class; |
| 8 | return $self; |
9 | return $self; |
| 9 | } |
10 | } |
| 10 | |
11 | |
|
|
12 | # verify will return 1 if the person is who they say the are. |
|
|
13 | # If the verification failed because of of invalid authentication data, |
|
|
14 | # a note will be written in the request explaining why it failed. |
|
|
15 | # If the request failed because no authentication data was provided, however, |
|
|
16 | # no note will be written, as this is expected to happen whenever someone |
|
|
17 | # types in a URL manually, and is not considered an error condition. |
| 11 | sub verify($) { |
18 | sub verify($) { |
|
|
19 | # Definition: "magic data": passwd or key |
| 12 | my $self = shift; |
20 | my $self = shift; |
| 13 | my $r = $self->{r}; |
21 | my $r = $self->{r}; |
| 14 | if (!$r->param('user')) { |
22 | |
|
|
23 | my $user = $r->param('user'); |
|
|
24 | my $passwd = $r->param('passwd'); |
|
|
25 | my $key = $r->param('key'); |
|
|
26 | |
|
|
27 | # Get this out of the way first thing. We don't want anything else |
|
|
28 | # having access to this. It's bad enough that it goes over the wire |
|
|
29 | # plaintext. |
|
|
30 | $r->param('passwd',undef); |
|
|
31 | |
|
|
32 | my $return, $error; |
|
|
33 | |
|
|
34 | # The first part of this big conditional checks to make that we have |
|
|
35 | # all of the form info that we need. It's pretty boring. The kooky |
|
|
36 | # authen stuff comes after that. |
|
|
37 | if (!defined $user && !defined $passwd && !defined $key) { |
|
|
38 | # The user hasn't even had a chance to say who he is, so we |
|
|
39 | # can't hold it against him that we don't know. |
|
|
40 | undef $error; |
| 15 | return 0; |
41 | $return = 0; |
|
|
42 | } elsif (!$user) { |
|
|
43 | $error = "You must specify a username"; |
|
|
44 | $return = 0; |
|
|
45 | } elsif (!$passwd && !$key) { |
|
|
46 | $error = "You must enter a password"; |
|
|
47 | $return = 0; |
| 16 | } |
48 | } |
|
|
49 | # OK, we're done with the trivia. Now lets authenticate. |
|
|
50 | # This is the part that will get rewritten after Sam finishes |
|
|
51 | # his work on the database stuff. |
|
|
52 | elsif ($user ne "dennis") { |
|
|
53 | $error = "Unknown user"; |
|
|
54 | $return = 0; |
|
|
55 | } elsif ($passwd) { |
|
|
56 | if ($passwd eq "helloworld") { |
|
|
57 | $r->param('key','tH1siS@pH0n3Yk3y'); |
|
|
58 | $return = 1; |
|
|
59 | } else { |
|
|
60 | $error = "Incorrect password"; |
|
|
61 | $return = 0; |
|
|
62 | } |
|
|
63 | } elsif ($key) { |
|
|
64 | if ($key eq 'tH1siS@pH0n3Yk3y') { |
|
|
65 | $return = 1; |
|
|
66 | } else { |
|
|
67 | $error = "Your session has expired. You must re-login"; |
|
|
68 | $return = 0; |
|
|
69 | } |
|
|
70 | } else { |
|
|
71 | $error = "Unexpected authentication error!"; |
|
|
72 | $return = 0; |
|
|
73 | } |
|
|
74 | |
|
|
75 | |
|
|
76 | $r->notes("authen_error",$error); |
|
|
77 | return $return; |
| 17 | |
78 | |
| 18 | if ($r->param('key')) { |
79 | # Whatever you do, don't delete this! |
| 19 | $r->param('passwd',''); |
80 | critical($r); |
| 20 | return 1; |
|
|
| 21 | } |
|
|
| 22 | if ($r->param('passwd')) { |
|
|
| 23 | $r->param('passwd',''); |
|
|
| 24 | $r->param('key','tH1siS@pH0n3Yk3y'); |
|
|
| 25 | return 1; |
|
|
| 26 | } |
|
|
| 27 | return 0; |
|
|
| 28 | } |
81 | } |
| 29 | |
82 | |
| 30 | 1; |
83 | 1; |
Parent Directory
| 
Revision Log
| 
Patch