X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=8f0538fbf1931ddd87447e583995034dec08a845;hp=dd917c77e24355e0a9b3b110a3d1ba045dec0253;hb=b37d19f1e7d367efa91b213dae72fbeeda736aa4;hpb=ef6bf73ea7ca6e945c9673bc2a6fd711d0d8e9d1 diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm index dd917c7..8f0538f 100644 --- a/cgi-auth-flexible.pm +++ b/cgi-auth-flexible.pm @@ -31,8 +31,6 @@ BEGIN { @ISA = qw(Exporter); @EXPORT = qw(); %EXPORT_TAGS = ( ); # eg: TAG => [ qw!name1 name2! ], - - @EXPORT_OK = qw(@default_db_setup_stmts); } our @EXPORT_OK; @@ -202,18 +200,6 @@ sub gen_plain_footer_html ($$) { ''); } -our @default_db_setup_stmts = - ("CREATE TABLE $v->{S}{db_prefix}_assocs (". - " assochash VARCHAR PRIMARY KEY,". - " username VARCHAR NOT NULL,". - " last INTEGER NOT NULL". - ")" - , - "CREATE INDEX $v->{S}{db_prefix}_assocs_timeout_index". - " ON $v->{S}{db_prefix}_assocs". - " (last)" - ); - #---------- licence and source code ---------- sub srcdump_dump ($$$) { @@ -367,6 +353,7 @@ sub srcdump_dirscan_prepare ($$) { }; my %dirsdone; foreach my $item ($v->_ch('srcdump_listitems')) { + next unless defined $item; if ($item eq '.' && $v->{S}{srcdump_filter_cwd}) { my @bad = grep { !m#^/# } values %INC; die "filtering . from srcdump items and \@INC but already". @@ -439,7 +426,6 @@ sub new_verifier { db_user => '', db_password => '', db_prefix => 'caf', - db_setup_stmts => [@_default_db_setup_statements], random_source => '/dev/urandom', secretbits => 128, # bits hash_algorithm => "SHA-256", @@ -492,11 +478,11 @@ sub new_verifier { }, srcdump_process_item => \&srcdump_process_item, srcdump_vcs_dirs => [qw(.git .hg .bzr .svn)], - srcdump_vcsscript => [git => " + srcdump_vcsscript => {git => " git ls-files -z git ls-files -z --others --exclude-from=.gitignore find .git -print0 - "], + "}, srcdump_byvcs => \&srcdump_byvcs, srcdump_novcs => \&srcdump_novcs, srcdump_excludes => [qw(*~ *.bak *.tmp), '#*#'], @@ -514,6 +500,17 @@ sub new_verifier { exists $verifier->{S}{$k}; $verifier->{S}{$k} = $v; } + $verifier->{S}{db_setup_stmts} //= + ["CREATE TABLE $verifier->{S}{db_prefix}_assocs (". + " assochash VARCHAR PRIMARY KEY,". + " username VARCHAR NOT NULL,". + " last INTEGER NOT NULL". + ")" + , + "CREATE INDEX $verifier->{S}{db_prefix}_assocs_timeout_index". + " ON $verifier->{S}{db_prefix}_assocs". + " (last)" + ]; bless $verifier, $class; $verifier->_dbopen(); $verifier->_ch('srcdump_prepare'); @@ -556,7 +553,7 @@ sub _dbopen ($) { } $v->{Dbh} = $dbh; - foreach my $stmt (@default_db_setup_stmts) { + foreach my $stmt (@{ $v->{S}{db_setup_stmts} }) { $v->_db_setup_do($stmt); } return $dbh; @@ -659,12 +656,14 @@ sub construct_cookie ($$$) { my ($r, $cooks) = @_; return undef unless $cooks; my $c = $r->{Cgi}; -my @ca = (-name => $r->{S}{cookie_name}, - -value => $cooks, - -path => $r->{S}{cookie_path}, - -domain => $r->_ch('get_cookie_domain'), - -expires => '+'.$r->{S}{login_timeout}.'s', - -secure => $r->{S}{encrypted_only}); + my @ca = ( + -name => $r->{S}{cookie_name}, + -value => $cooks, + -path => $r->{S}{cookie_path}, + -domain => $r->_ch('get_cookie_domain'), + -expires => '+'.$r->{S}{login_timeout}.'s', + -secure => $r->{S}{encrypted_only} + ); my $cookie = $c->cookie(@ca); #print STDERR "CC $r $c $cooks $cookie (@ca).\n"; return $cookie; @@ -788,7 +787,7 @@ sub _check_divert_core ($) { die if $srcdump =~ m/\W/; return ({ Kind => 'SRCDUMP-'.uc $srcdump, Message => undef, - CookieSecret => undef, + _CookieRaw => undef, Params => { } }); } @@ -797,7 +796,7 @@ sub _check_divert_core ($) { if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) { return ({ Kind => 'REDIRECT-HTTPS', Message => $r->_gt("Redirecting to secure server..."), - CookieSecret => undef, + _CookieRaw => undef, Params => { } }); } @@ -819,7 +818,7 @@ sub _check_divert_core ($) { $r->_db_revoke($parmh); return ({ Kind => 'REDIRECT-LOGGEDOUT', Message => $r->_gt("Logging out..."), - CookieSecret => '', + _CookieRaw => '', Params => { } }); } if ($r->_ch('is_loggedout')) { @@ -828,7 +827,7 @@ sub _check_divert_core ($) { die if $parmt; return ({ Kind => 'SMALLPAGE-LOGGEDOUT', Message => $r->_gt("You have been logged out."), - CookieSecret => '', + _CookieRaw => '', Params => { } }); } if ($r->_ch('is_login')) { @@ -839,7 +838,7 @@ sub _check_divert_core ($) { Message => $r->_gt("You do not seem to have cookies". " enabled. You must enable cookies". " as we use them for login."), - CookieSecret => $r->_fresh_secret(), + _CookieRaw => $r->_fresh_secret(), Params => $r->_chain_params() }) } if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) { @@ -847,7 +846,7 @@ sub _check_divert_core ($) { return ({ Kind => 'LOGIN-STALE', Message => $r->_gt("Stale session;". " you need to log in again."), - CookieSecret => $r->_fresh_secret(), + _CookieRaw => $r->_fresh_secret(), Params => { } }) } die unless $parmt eq 't' || $parmt eq 'y'; @@ -857,13 +856,13 @@ sub _check_divert_core ($) { if !$login_errormessage; return ({ Kind => 'LOGIN-BAD', Message => $login_errormessage, - CookieSecret => $cooks, + _CookieRaw => $cooks, Params => $r->_chain_params() }) } $r->_db_record_login_ok($parmh,$username); return ({ Kind => 'REDIRECT-LOGGEDIN', Message => $r->_gt("Logging in..."), - CookieSecret => $cooks, + _CookieRaw => $cooks, Params => $r->_chain_params() }); } if ($cookt eq 't') { @@ -883,13 +882,13 @@ sub _check_divert_core ($) { if ($meth eq 'GET') { return ({ Kind => 'LOGIN-INCOMINGLINK', Message => $r->_gt("You need to log in."), - CookieSecret => $news, + _CookieRaw => $news, Params => $r->_chain_params() }); } else { $r->_db_revoke($parmh); return ({ Kind => 'LOGIN-FRESH', Message => $r->_gt("You need to log in."), - CookieSecret => $news, + _CookieRaw => $news, Params => { } }); } } @@ -898,7 +897,7 @@ sub _check_divert_core ($) { if ($meth ne 'POST') { return ({ Kind => 'MAINPAGEONLY', Message => $r->_gt('Entering via cross-site link.'), - CookieSecret => $cooks, + _CookieRaw => $cooks, Params => { } }); # NB caller must then ignore params & path! # if this is too hard they can spit out a small form @@ -1031,6 +1030,10 @@ sub check_divert ($) { my $dbh = $r->{Dbh}; $r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); }); $dbh->commit(); + + my $cookraw = $r->{_CookieRaw}; + $r->{CookieSecret} = $$cookraw; + $r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)])); return $r->{Divert}; } @@ -1327,9 +1330,9 @@ sub need_add_hidden ($$) { sub check_nonpage ($$) { my ($r, $reqtype) = @_; $r->_assert_checked(); - return unless $r->resource_get_needs_secret_hidden($nonpagetype); + return unless $r->resource_get_needs_secret_hidden($reqtype); return if $r->{ParmT}; - die "missing hidden secret parameter on nonpage request $nonpagetype"; + die "missing hidden secret parameter on nonpage request $reqtype"; } #---------- output ----------