logout_param_names => [qw(logout)],
promise_check_mutate => 0,
get_param => sub { $_[0]->param($_[2]) },
- get_cookie => sub { $_[0]->cookie($s->{S}{cookie_name}) },
+ get_cah_cookie => sub { $_[0]->cookie($s->{S}{cookie_name}) },
get_method => sub { $_[0]->request_method() },
is_login => sub { defined $_[1]->_rp('password_param_name') },
login_ok => sub { die },
sub _rp ($$@) {
my ($r,$pnvb) = @_;
- my $pn = $r->{S}{"${pnvb}_param_name"};
+ my $pn = $r->{S}{$pnvb};
my $p = $r->_ch('get_param',$pn)
}
# no) cookie.
# Case analysis, cookie mode, app promises re mutate:
- # cook par meth form
+ # cook parm meth form
#
# any - POST nrmuoi bug or attack, fail
# any - GET rmuoi bug or attack, fail
#
# - t POST i complain about cookies being disabled
#
- # - n POST i complain about stale login form
+ # any n POST i complain about stale login form
# show new login form
#
- # x1 x2 POST i login (or switch user)
- # revoke x1 if it was valid and !=x2
- # upgrade x2 to y2 in our db (setting username)
- # set cookie to x2
+ # x1 t2 POST i login (or switch user)
+ # revoke x1 if it was valid and !=t2
+ # upgrade t2 to y2 in our db (setting username)
+ # set cookie to t2
# redirect to GET of remaining params
#
# t1 a2 ANY nrmu treat as - a2 ANY
# -/n n POST nrmu user not logged in
# fail
+sub check_divert ($) {
+ my ($r) = @_;
+
+ my $cookv = $r->_ch('get_cah_cookie');
+ my $parmv = $r->_rp('assoc_param_name');
+
+ my $cookt = $r->_db_lookup($cookv);
+ my $parmt = $r->_db_lookup($parmv);
+
+ if ($r->_ch('is_logout')) {
+ $r->_must_be_post();
+ die unless $parmt;
+ $r->_db_perhaps_revoke($cookv);
+ $r->_db_perhaps_revoke($parmv);
+ return 'LOGOUT';
+ }
+ if ($r->_ch('is_login')) {
+ return 'NOCOOKIE' if !$cookt && $parmt eq 't';
+ return 'LOGIN-STALE' if $parmt eq 'n';
+ $r->_db_perhpa
+ my $username = $r->_ch('login_ok');
+ return 'LOGIN-BAD' unless defined $username && length $username;
+ $r->_db_
+
+ }
+
+
+ $r->_will_set_cookie('');
+
+ }
+
+
UP TO HERE
sub _check_core ($) {