use DBI;
use CGI;
+use Locale::Gettext;
#---------- default callbacks ----------
return 0;
}
+sub get_param_list ($$) {
+ my ($c) = @_;
+ my @p = ( );
+ foreach my $name ($c->param()) {
+ foreach my $val ($c->param($name)) {
+ push @p, $name, $val;
+ }
+ }
+ return @p;
+}
+
+sub get_cookie_domain ($$$) {
+ my ($c,$r) = @_;
+ my $uri = new URI $r->_ch('get_url');
+ return $uri->host();
+}
+
+sub construct_cookie ($$$) {
+ my ($c, $r, $cookv) = @_;
+ return $c->cookie(-name => $r->{S}{cookie_name},
+ -value => $cookv,
+ -path => $r->{S}{cookie_path},
+ -domain => $r->_ch('get_cookie_domain'),
+ -expires => '+'.$r->{S}{login_timeout}.'s',
+ -secure => $r->{S}{encrypted_only});
+}
+
+sub do_redirect_cgi ($$$$) {
+ my ($c, $r, $new_url, $cookie) = @_;
+ my @ha = ('text/html',
+ -status => '303 See other',
+ -location => $new_url);
+ push @ha, (-cookie => $cookie) if defined $cookie;
+ $r->_print($c->header(@ha),
+ $r->_ch('gen_start_html')($r->_gt('Redirection')),
+ '<a href="'.escapeHTML($new_url).'">',
+ $r->_gt("If you aren't redirected, click to continue."),
+ "</a>",
+ $c->_ch('gen_end_html'));
+}
+
+sub gen_plain_login_form ($$) {
+ my ($c,$r, $params) = @_;
+ my @form;
+ push @form, ('<form method="POST" action="',
+ escapeHTML($r->_ch('get_url')).'>',
+ '<table>');
+ my $sz = 'size="'.$r->{S}{form_entry_size}.'"';
+ foreach my $up (@{ $r->{S}{username_param_names}}) {
+ push @form, ('<tr><td>',$r->_gt(ucfirst $up),'</td>',
+ '<td><input type="text" ',$sz,
+ ' name=',$up,'></td></tr>');
+ }
+ push @form, ('<tr><td>'.$r->_gt('Password'),'</td>',
+ '<td><input type="password" ',$sz,
+ ' name="'.$r->{S}{password_param_name}.'"></td></tr>');
+ push @form, ('<tr><td colspan="2">',
+ '<input type="submit"'.
+ ' name="'.$r->{S}{login_submit_name}.'"',
+ ' value="'.$r->_gt('Login').'"></td></tr></table>');
+ foreach my $p (@$params) {
+
+
#---------- verifier object methods ----------
sub new_verifier {
login_timeout => 86400, # seconds
assoc_param_name => 'cah_associd',
password_param_name => 'password',
+ username_param_names => [qw(username)],
+ form_entry_size => 60,
logout_param_names => [qw(cah_logout)],
+ login_submit_name => [qw(cah_login)],
loggedout_param_names => [qw(cah_loggedout)],
promise_check_mutate => 0,
get_param => sub { $_[0]->param($_[2]) },
- get_cah_cookie => sub { $_[0]->cookie($s->{S}{cookie_name}) },
+ get_param_list => sub { $_[1]->get_param_list() },
+ get_cookie => sub { $_[0]->cookie($s->{S}{cookie_name}) },
get_method => sub { $_[0]->request_method() },
+ get_url => sub { $_[0]->url(); },
is_login => sub { defined $_[1]->_rp('password_param_name') },
login_ok => sub { die },
is_logout => sub { $_[1]->has_a_param('logout_param_names') },
is_loggedout => sub { $_[1]->has_a_param('loggedout_param_names') },
is_page => sub { return 1 },
+ handle_divert => sub { return 0 },
+ do_redirect => \&do_redirect_cgi, # this hook is allowed to throw
+ cookie_path => "/",
+ get_cookie_domain => \&get_cookie_domain,
+ encrypted_only => 0,
+ gen_start_html => sub { $_[0]->start_html($_[2]); },
+ gen_end_html => sub { $_[0]->end_html(); },
+ gen_login_form => \&gen_plain_login_form,
+ gettext => sub { gettext($_[2]); },
+ };
},
Dbh => undef,
};
sub _rp ($$@) {
my ($r,$pnvb) = @_;
my $pn = $r->{S}{$pnvb};
- my $p = $r->_ch('get_param',$pn)
+ my $p = scalar $r->_ch('get_param',$pn)
}
+sub _gt ($$) { my ($r, $t) = @_; return $r->_ch('gettext')($t); }
+sub _print ($$) { my ($r, @t) = @_; return $r->_ch('print')(join '', @t); }
+
# pages/param-sets are
# n normal non-mutating page
# r retrieval of information for JS, non-mutating
my ($r) = @_;
my $meth = $r->_ch('get_method');
- my $cookv = $r->_ch('get_cah_cookie');
+ my $cookv = $r->_ch('get_cookie');
my $parmv = $r->_rp('assoc_param_name');
my ($cookt,$cooku) = $r->_db_lookup($cookv);
die unless $parmt;
$r->_db_revoke($cookv);
$r->_db_revoke($parmv);
- $r->_queue_set_cookie('');
- return 'REDIRECT-LOGGEDOUT'
+ return ({ Kind => 'REDIRECT-LOGGEDOUT',
+ Message => "Logging out...",
+ Cookie => '',
+ Params => [ ] });
}
if ($r->_ch('is_loggedout')) {
die unless $meth eq 'GET';
die unless $cookt;
die unless $parmt;
- return ('SMALLPAGE-LOGGEDOUT', "You have been logged out.");
+ return ({ Kind => 'SMALLPAGE-LOGGEDOUT',
+ Message => "You have been logged out.",
+ Cookie => '',
+ Params => [ ] });
}
if ($r->_ch('is_login')) {
$r->_must_be_post();
- return ('LOGIN-STALE',
- "This session was stale and you need to log in again.")
+ return ({ Kind => 'LOGIN-STALE',
+ Message => "Stale session; you need to log in again.",
+ Cookie => $r->_fresh_cookie(),
+ Params => [ ] })
if $parmt eq 'n';
die unless $parmt eq 't' || $parmt eq 'y';
- $r->_queue_preserve_params();
- return ('SMALLPAGE-NOCOOKIE',
- "You do not seem to have cookies enabled. ".
- "You must enable cookies as we use them for login.")
+ return ({ Kind => 'SMALLPAGE-NOCOOKIE',
+ Message => "You do not seem to have cookies enabled. ".
+ "You must enable cookies as we use them for login.",
+ Cookie => $r->_fresh_cookie(),
+ Params => $r->_chain_params() })
if !$cookt && $parmt eq 't';
- return ('LOGIN-BAD',
- "Incorrect username/password.")
+ return ({ Kind => 'LOGIN-BAD',
+ Message => "Incorrect username/password.",
+ Cookie => $cookv,
+ Params => $r->_chain_params() })
unless defined $username && length $username;
$r->_db_revoke($cookv)
if defined $cookv && !(defined $parmv && $cookv eq $parmv);
- $r->_queue_set_cookie($parmv);
my $username = $r->_ch('login_ok');
$r->_db_record_login_ok($parmv,$username);
- return 'REDIRECT-LOGGEDIN';
- }
- if (!$r->{S}{promise_check_mutate}) {
- if ($meth ne 'POST') {
- return 'MAINPAGEONLY';
- # NB caller must then ignore params & path!
- # if this is too hard they can spit out a small form
- # with a "click to continue"
- }
+ return ({ Kind => 'REDIRECT-LOGGEDIN',
+ Message => "Logging in...",
+ Cookie => $parmv,
+ Params => $r->_chain_params() });
}
if ($cookt eq 't') {
$cookt = '';
die unless !$cookt || $cookt eq 'n';
die unless !$parmt || $parmt eq 'n' || $parmt eq 'y';
if ($meth eq 'GET') {
- $r->_queue_preserve_params();
- return ('LOGIN-INCOMINGLINK',
- "You need to log in again.");
+ return ({ Kind => 'LOGIN-INCOMINGLINK',
+ Message => "You need to log in again.",
+ Cookie => $parmv,
+ Params => $r->_chain_params() });
} else {
- return ('LOGIN-FRESH',
- "You need to log in again.");
+ return ((Kind => 'LOGIN-FRESH',
+ Message => "You need to log in again.",
+ Cookie => $parmv,
+ Params => [ ]);
+ }
+ }
+
+ if (!$r->{S}{promise_check_mutate}) {
+ if ($meth ne 'POST') {
+ return ({ Kind => 'MAINPAGEONLY',
+ Message => 'Entering via cross-site link.',
+ Cookie => $cookv,
+ Params => [ ] });
+ # NB caller must then ignore params & path!
+ # if this is too hard they can spit out a small form
+ # with a "click to continue"
}
}
die unless $parmt eq 'y';
die unless $cookv eq $parmv;
$r->{UserOK} = $cooku;
- return '';
+ return undef;
}
-
+
+sub _chain_params ($) {
+ my ($r) = @_;
+ my %elim = { };
+ foreach my $pncn (keys %{ $r->{S} }) {
+ if ($pncn =~ m/_param_name$/) {
+ my $name = $r->{S}{$pncn};
+ die "$pncn ?" if ref $name;
+ $names = [ $name ];
+ } elsif ($pncn =~ m/_param_names$/) {
+ $names = $r->{S}{$pncn};
+ } else {
+ next;
+ }
+ foreach my $param (@$names) {
+ $elim{$name} = 1;
+ }
+ }
+ my @p = $r->_ch('get_param_list');
+ my ($name,$val);
+ my @q = ();
+ while (@p) {
+ ($name,$val,@p) = @p;
+ next if $elim{$name};
+ push @q, $name, $val;
+ }
+ return @q;
+}
+
sub _db_lookup ($$) {
# returns ($t,$username)
# where $t is one of "t" "y" "n", or "" (for -)
$v, $user, time);
}
+sub url_with_query_params ($@) {
+ my ($r, @params) = @_;
+ my $uri = URI->new($r->_ch('get_url'));
+ $uri->query_form(\@params);
+ return $uri->as_string();
+}
+
+sub check_ok ($) {
+ my ($r) = @_;
+
+ my ($divert) = $authreq->check_divert();
+ return 1 if $divert;
+
+ my $handled = $r->_ch('handle_divert')($divert);
+ return 0 if $handled;
+
+ my $kind = $divert->{Kind};
+ my $cookie = $divert->{Cookie};
+ my $params = $divert->{Params};
+
+ if ($kind =~ m/^REDIRECT-/) {
+ # for redirects, we honour stored NextParams and SetCookie,
+ # as we would for non-divert
+ if ($divert_kind eq 'REDIRECT-LOGGEDOUT') {
+ push @$params, $r->{S}{cah_loggedout}[0], 1;
+ } elsif ($divert_kind eq 'REDIRECT-LOGOUT') {
+ push @$params, $r->{S}{cah_logout}[0], 1;
+ } elsif ($divert_kind eq 'REDIRECT-LOGGEDIN') {
+ } else {
+ die;
+ }
+ my $new_url = $r->url_with_query_params(@$params);
+ $r->_ch('do_redirect')($new_url, $cookie);
+ return 0;
+ }
+ $kind =~ m/^SMALLPAGE|^LOGIN/ or die;
+
+ my ($title, @body);
+ if ($kind =~ m/^LOGIN-/) {
+ $title = $r->_gt('Login');
+ push @body, $r->_gt($divert->{Message});
+ push @body, $r->_ch('gen_login_form', $params);
+ $body .= $r->_ch(
+
+ $r->_print(
+ $r->_ch('start_html')($title),
+
+
+
+ if ($kind =~ m/^SMALLPAGE
+
+if (defined $cookie) {
+ $r->_ch('header_out')($cookie);
+ }
+
UP TO HERE
sub record_login ($$) {