chiark
/
gitweb
/
~ian
/
cgi-auth-flexible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Cleanup: Remove an old piece of junk
[cgi-auth-flexible.git]
/
cgi-auth-flexible.pm
diff --git
a/cgi-auth-flexible.pm
b/cgi-auth-flexible.pm
index e52441b802b1647dff1f927fd7018ee7aa959827..74c20b69b347d7327a69cc8bbf62623a8c4678af 100644
(file)
--- a/
cgi-auth-flexible.pm
+++ b/
cgi-auth-flexible.pm
@@
-1,21
+1,26
@@
# -*- perl -*-
# This is part of CGI::Auth::Flexible, a perl CGI authentication module.
# -*- perl -*-
# This is part of CGI::Auth::Flexible, a perl CGI authentication module.
-# Copyright (C) 2012 Ian Jackson.
-# Copyright (C) 2012 Citrix.
+#
+# Copyright (C) 2012,2013,2015 Ian Jackson.
+# Copyright (C) 2012,2013,2015 Citrix.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# (at your option) any later version, with the "CAF Login Exception"
+# as published by Ian Jackson (version 1, or at your option any
+# later version) as an Additional Permission.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# You should have received a copy of the GNU Affero General Public
+# License and the CAF Login Exception along with this program, in the
+# file AGPLv3+CAFv1. If not, email Ian Jackson
+# <ijackson@chiark.greenend.org.uk>.
use strict;
use warnings FATAL => 'all';
use strict;
use warnings FATAL => 'all';
@@
-184,11
+189,14
@@
sub gen_srcdump_link_html ($$$$) {
}
sub gen_plain_licence_link_html ($$) {
my ($c,$r) = @_;
}
sub gen_plain_licence_link_html ($$) {
my ($c,$r) = @_;
- gen_srcdump_link_html($c,$r, 'GNU Affero GPL', 'licence');
+ gen_srcdump_link_html($c,$r, 'GNU Affero GPL with CAF Login Exception',
+ 'licence');
}
sub gen_plain_source_link_html ($$) {
my ($c,$r) = @_;
}
sub gen_plain_source_link_html ($$) {
my ($c,$r) = @_;
- gen_srcdump_link_html($c,$r, 'Source available', 'source');
+ my $msg = 'Source available';
+ $msg .= " to logged-in users" if $r->{S}{srcdump_needlogin};
+ gen_srcdump_link_html($c,$r, $msg, 'source');
}
sub gen_plain_footer_html ($$) {
}
sub gen_plain_footer_html ($$) {
@@
-468,10
+476,11
@@
sub new_verifier {
gen_login_form => \&gen_plain_login_form,
gen_login_link => \&gen_plain_login_link,
gen_postmainpage_form => \&gen_postmainpage_form,
gen_login_form => \&gen_plain_login_form,
gen_login_link => \&gen_plain_login_link,
gen_postmainpage_form => \&gen_postmainpage_form,
+ srcdump_needlogin => 0,
srcdump_dump => \&srcdump_dump,
srcdump_prepare => \&srcdump_dirscan_prepare,
srcdump_licence_path => undef,
srcdump_dump => \&srcdump_dump,
srcdump_prepare => \&srcdump_dirscan_prepare,
srcdump_licence_path => undef,
- srcdump_licence_files => [qw(AGPLv3
CGI/Auth/Flexible/AGPLv3
)],
+ srcdump_licence_files => [qw(AGPLv3
+CAFv1 CGI/Auth/Flexible/AGPLv3+CAFv1
)],
srcdump_listitems => sub { (@INC, $ENV{'SCRIPT_FILENAME'}, $0); },
srcdump_filter_cwd => 1,
srcdump_system_dir => sub {
srcdump_listitems => sub { (@INC, $ENV{'SCRIPT_FILENAME'}, $0); },
srcdump_filter_cwd => 1,
srcdump_system_dir => sub {
@@
-482,7
+491,7
@@
sub new_verifier {
srcdump_vcsscript => {git => "
git ls-files -z
git ls-files -z --others --exclude-from=.gitignore
srcdump_vcsscript => {git => "
git ls-files -z
git ls-files -z --others --exclude-from=.gitignore
- find .git -print0
+ find .git
! -name \\*~
-print0
"},
srcdump_byvcs => \&srcdump_byvcs,
srcdump_novcs => \&srcdump_novcs,
"},
srcdump_byvcs => \&srcdump_byvcs,
srcdump_novcs => \&srcdump_novcs,
@@
-785,11
+794,18
@@
sub _check_divert_core ($) {
my $srcdump = $r->_rp('srcdump_param_name');
if ($srcdump) {
die if $srcdump =~ m/\W/;
my $srcdump = $r->_rp('srcdump_param_name');
if ($srcdump) {
die if $srcdump =~ m/\W/;
- return ({ Kind => 'SRCDUMP-'.uc $srcdump,
- Message => undef,
- _CookieRaw => undef,
- Params => { } });
+ $srcdump= {
+ Kind => 'SRCDUMP-'.uc $srcdump,
+ Message => undef,
+ _CookieRaw => undef,
+ Params => { },
+ };
+ }
+ print STDERR "$r->{S}{srcdump_needlogin}\n";
+ if ($srcdump && !$r->{S}{srcdump_needlogin}) {
+ return ($srcdump);
}
}
+ print STDERR "NOT NOW\n";
my $cooksraw = $r->_ch('get_cookie');
my $cooks = $r->_unblind($cooksraw);
my $cooksraw = $r->_ch('get_cookie');
my $cooks = $r->_unblind($cooksraw);
@@
-909,13
+925,27
@@
sub _check_divert_core ($) {
}
die unless $cookt eq 'y';
}
die unless $cookt eq 'y';
- unless ($r->{S}{promise_check_mutate} && $meth eq 'GET') {
+ unless (($r->{S}{promise_check_mutate} && $meth eq 'GET')
+ || $srcdump) {
+ if ($parmt eq 't' || $parmt eq 'n') {
+ return ({ Kind => 'STALE',
+ Message => $r->_gt("Login session interrupted."),
+ _CookieRaw => $cooks,
+ Params => { } });
+ }
die unless $parmt eq 'y';
die unless $cookh eq $parmh;
}
die unless $parmt eq 'y';
die unless $cookh eq $parmh;
}
+ $r->_db_update_last($cooku,$parmh);
+
+ if ($srcdump) {
+ return ($srcdump);
+ }
+
$r->{ParmT} = $parmt;
$r->{AssocRaw} = $cooks;
$r->{UserOK} = $cooku;
$r->{ParmT} = $parmt;
$r->{AssocRaw} = $cooks;
$r->{UserOK} = $cooku;
+
#print STDERR "C-D-C OK\n";
return undef;
}
#print STDERR "C-D-C OK\n";
return undef;
}
@@
-925,7
+955,9
@@
sub chain_params ($) {
my %p = %{ $r->_ch('get_params') };
foreach my $pncn (keys %{ $r->{S} }) {
my $names;
my %p = %{ $r->_ch('get_params') };
foreach my $pncn (keys %{ $r->{S} }) {
my $names;
- if ($pncn =~ m/_param_name$/) {
+ if ($pncn =~ m/^srcdump_/) {
+ next;
+ } elsif ($pncn =~ m/_param_name$/) {
my $name = $r->{S}{$pncn};
die "$pncn ?" if ref $name;
$names = [ $name ];
my $name = $r->{S}{$pncn};
die "$pncn ?" if ref $name;
$names = [ $name ];
@@
-1018,6
+1050,16
@@
sub _db_record_login_ok ($$$) {
$h, $user, time);
}
$h, $user, time);
}
+sub _db_update_last ($$) {
+ # revokes $h if it's valid; no-op if it's not
+ my ($r,$user,$h) = @_;
+ my $dbh = $r->{Dbh};
+ $dbh->do("UPDATE $r->{S}{db_prefix}_assocs".
+ " SET last = ?".
+ " WHERE username = ? AND assochash = ?", {},
+ time, $user, $h);
+}
+
sub check_divert ($) {
my ($r) = @_;
if (exists $r->{Divert}) {
sub check_divert ($) {
my ($r) = @_;
if (exists $r->{Divert}) {
@@
-1121,6
+1163,10
@@
sub check_ok ($) {
$title = $r->_gt('Not logged in');
push @body, $divert->{Message};
push @body, $r->_ch('gen_login_link', $params);
$title = $r->_gt('Not logged in');
push @body, $divert->{Message};
push @body, $r->_ch('gen_login_link', $params);
+ } elsif ($kind =~ m/^STALE/) {
+ $title = $r->_gt('Re-entering secure site.');
+ push @body, $divert->{Message};
+ push @body, $r->_ch('gen_postmainpage_form', $params);
} elsif ($kind =~ m/^MAINPAGEONLY$/) {
$title = $r->_gt('Entering secure site.');
push @body, $divert->{Message};
} elsif ($kind =~ m/^MAINPAGEONLY$/) {
$title = $r->_gt('Entering secure site.');
push @body, $divert->{Message};