X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=bdb96c6f7b3f58e761588460c175f6b2df8a0be6;hp=a661618067278c8b3099bc846603e34a617f0b19;hb=af1635af0c27a27c20e95cc3cbefb55defd363cc;hpb=453277e46f79217f90cfd996d92bec1f03403191 diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm index a661618..bdb96c6 100644 --- a/cgi-auth-flexible.pm +++ b/cgi-auth-flexible.pm @@ -701,7 +701,6 @@ sub construct_cookie ($$$) { # any - POST nrmuoi bug or attack, fail # any - GET rmuoi bug or attack, fail # any any GET muoi bug or attack, fail - # any t any nrmu bug or attack, fail # # - - GET O "just logged out" page # (any other) O bug or attack, fail @@ -746,38 +745,38 @@ sub construct_cookie ($$$) { # revoke y2 # treat as y1 n POST # - # y n GET n intra-site link from stale page, + # y nt GET n intra-site link from stale page, # treat as cross-site link, show data # - # y n POST n m intra-site form submission from stale page + # y nt POST n m intra-site form submission from stale page # show "session interrupted" # with link to main data page # - # y n GET r intra-site request from stale page + # y nt GET r intra-site request from stale page # fail # - # y n POST r u intra-site request from stale page + # y nt POST r u intra-site request from stale page # fail # - # -/n y2 GET nr intra-site link from cleared session + # -n y2 GET nr intra-site link from cleared session # do not revoke y2 as not RESTful # treat as -/n n GET # - # -/n y2 POST nrmu request from cleared session + # -n y2 POST nrmu request from cleared session # revoke y2 # treat as -/n n POST # - # -/n -/n GET n cross-site link but user not logged in + # -nt -nt GET n cross-site link but user not logged in # show login form with redirect to orig params # generate fresh cookie # - # -/n n GET rmu user not logged in + # -nt nt GET rmu user not logged in # fail # - # -/n n POST n m user not logged in + # -nt nt POST n m user not logged in # show login form # - # -/n n POST r u user not logged in + # -nt nt POST r u user not logged in # fail sub _check_divert_core ($) { @@ -844,7 +843,7 @@ sub _check_divert_core ($) { " enabled. You must enable cookies". " as we use them for login."), _CookieRaw => $r->_fresh_secret(), - Params => $r->_chain_params() }) + Params => $r->chain_params() }) } if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) { $r->_db_revoke($cookh); @@ -862,18 +861,17 @@ sub _check_divert_core ($) { return ({ Kind => 'LOGIN-BAD', Message => $login_errormessage, _CookieRaw => $cooks, - Params => $r->_chain_params() }) + Params => $r->chain_params() }) } $r->_db_record_login_ok($parmh,$username); return ({ Kind => 'REDIRECT-LOGGEDIN', Message => $r->_gt("Logging in..."), _CookieRaw => $cooks, - Params => $r->_chain_params() }); + Params => $r->chain_params() }); } if ($cookt eq 't') { $cookt = ''; } - die if $parmt eq 't'; if ($cookt eq 'y' && $parmt eq 'y' && $cookh ne $parmh) { $r->_db_revoke($parmh) if $meth eq 'POST'; @@ -882,13 +880,13 @@ sub _check_divert_core ($) { if ($cookt ne 'y') { die unless !$cookt || $cookt eq 'n'; - die unless !$parmt || $parmt eq 'n' || $parmt eq 'y'; + die unless !$parmt || $parmt eq 't' || $parmt eq 'n' || $parmt eq 'y'; my $news = $r->_fresh_secret(); if ($meth eq 'GET') { return ({ Kind => 'LOGIN-INCOMINGLINK', Message => $r->_gt("You need to log in."), _CookieRaw => $news, - Params => $r->_chain_params() }); + Params => $r->chain_params() }); } else { $r->_db_revoke($parmh); return ({ Kind => 'LOGIN-FRESH', @@ -912,6 +910,12 @@ sub _check_divert_core ($) { die unless $cookt eq 'y'; unless ($r->{S}{promise_check_mutate} && $meth eq 'GET') { + if ($parmt eq 't' || $parmt eq 'n') { + return ({ Kind => 'STALE', + Message => $r->_gt("Login session interrupted."), + _CookieRaw => $cooks, + Params => { } }); + } die unless $parmt eq 'y'; die unless $cookh eq $parmh; } @@ -922,14 +926,7 @@ sub _check_divert_core ($) { return undef; } -sub _chain_params ($) { -# =item C<< $authreq->_chain_params() >> -# -# Returns a hash of the "relevant" parameters to this request, in a form -# used by C. This is all of the query parameters -# which are not related to CGI::Auth::Flexible. The PATH_INFO from the -# request is returned as the parameter C<< '' >>. - +sub chain_params ($) { my ($r) = @_; my %p = %{ $r->_ch('get_params') }; foreach my $pncn (keys %{ $r->{S} }) { @@ -1037,9 +1034,9 @@ sub check_divert ($) { $dbh->commit(); my $divert = $r->{Divert}; - my $cookraw = $divert->{_CookieRaw}; - $divert->{CookieSecret} = $r->_blind($cookraw); + my $cookraw = $divert && $divert->{_CookieRaw}; if ($cookraw) { + $divert->{CookieSecret} = $r->_blind($cookraw); $divert->{Params}{$r->{S}{assoc_param_name}} = [ $r->_blind($r->hash($cookraw)) ]; @@ -1130,6 +1127,10 @@ sub check_ok ($) { $title = $r->_gt('Not logged in'); push @body, $divert->{Message}; push @body, $r->_ch('gen_login_link', $params); + } elsif ($kind =~ m/^STALE/) { + $title = $r->_gt('Re-entering secure site.'); + push @body, $divert->{Message}; + push @body, $r->_ch('gen_postmainpage_form', $params); } elsif ($kind =~ m/^MAINPAGEONLY$/) { $title = $r->_gt('Entering secure site.'); push @body, $divert->{Message}; @@ -1369,7 +1370,7 @@ sub check_nonpage ($$) { my ($r, $reqtype) = @_; $r->_assert_checked(); return unless $r->resource_get_needs_secret_hidden($reqtype); - return if $r->{ParmT}; + return if $r->{ParmT} eq 'y'; die "missing hidden secret parameter on nonpage request $reqtype"; }