X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-hybrid.pm;h=83ee4198ba2d72734eba4dc03f82d2430b3e5900;hp=953db1518c38a3dd3d97a7af0408178cce19afb7;hb=9810fb59419d20567ba6344aad1bbfbda3c7402c;hpb=edba190acf5982ec65b3775c27e4a8048abd4b3a

diff --git a/cgi-auth-hybrid.pm b/cgi-auth-hybrid.pm
index 953db15..83ee419 100644
--- a/cgi-auth-hybrid.pm
+++ b/cgi-auth-hybrid.pm
@@ -32,6 +32,16 @@ our @EXPORT_OK;
 use DBI;
 use CGI;
 
+#---------- default callbacks ----------
+
+sub _def_is_logout ($$) {
+    my ($c,$r) = @_;
+    foreach my $pn (@{ $r->{S}{logout_param_names} }) {
+	return 1 if $r->_cm('get_param')($pn);
+    }
+    return 0;
+}
+
 #---------- verifier object methods ----------
 
 sub new_verifier {
@@ -46,14 +56,17 @@ sub new_verifier {
 	    random_source => '/dev/urandom',
 	    associdlen => 128, # bits
 	    login_timeout => 86400, # seconds
-	    param_name => 'cah_associd',
+	    assoc_param_name => 'cah_associd',
+	    password_param_name => 'password',
+	    logout_param_names => [qw(logout)],
 	    promise_check_mutate => 0,
-	    cookie_name => 'cah_associd', # make undef to disable cookie
-	    get_param => sub { $_[0]->param($s->{S}{param_name}) },
-	    get_cookie => sub { $s->{S}{cookie_name}
-				? $_[0]->cookie($s->{S}{cookie_name})
-				: '' },
+	    get_param => sub { $_[0]->param($_[2]) },
+	    get_cookie => sub { $_[0]->cookie($s->{S}{cookie_name}) },
 	    get_method => sub { $_[0]->request_method() },
+            is_login => sub { defined $_[1]->_rp('password_param_name') },
+            login_ok => sub { die },
+	    is_logout => \&_def_is_logout,
+	    is_page => sub { return 1 },
 	},
 	Dbh => undef,
     };
@@ -86,9 +99,9 @@ sub _dbopen ($) {
 
     eval {
 	$dbh->do("CREATE TABLE $s->{S}{assocdb_table} (".
-		 " associd VARCHAR PRIMARY KEY,".
+		 " associdh VARCHAR PRIMARY KEY,".
                  " username VARCHAR,".
-		 " last INTEGER"
+		 " last INTEGER NOT NULL"
 		 ")");
     };
     return $dbh;
@@ -111,56 +124,18 @@ sub new_request {
     bless $r, ref $classbase;
 }
 
-sub _cm ($$@) {
+sub _ch ($$@) { # calls an application hook
     my ($r,$methname, @args) = @_;
     my $methfunc = $r->{S}{$methname};
     return $methfunc->($r->{Cgi}, $r, @args);
 }
 
-sub record_login ($$) {
-    my ($r,$nusername) = @_;
-    my $rsp = $r->{S}{random_source};
-    my $rsf = new IO::File $rsp, '<' or die "$rsp $!";
-    my $bytes = ($r->{S}{associdlen} + 7) >> 3;
-    my $nassocbin;
-    $!=0;
-    read($rsf,$nassocbin,$bytes) == $bytes or die "$rsp $!";
-    close $rsf;
-    my $nassoc = unpack "H*", $nassocbin;
-    my $dbh = $r->{Dbh};
-    $dbh->do("INSERT INTO $r->{S}{assocdb_table}".
-	     " (associd, username, last) VALUES (?,?,?)", {},
-	     $nassoc, $nusername, time);
-    $dbh->do("COMMIT");
-    $r->{U} = $nusername;
-    $r->{A} = $nassoc;
+sub _rp ($$@) {
+    my ($r,$pnvb) = @_;
+    my $pn = $r->{S}{"${pnvb}_param_name"};
+    my $p = $r->_ch('get_param',$pn)
 }
 
-sub _check_core ($) {
-    my ($r) = @_;
-    my $qassoc = $r->_cm('get_param');
-    my ($nassoc,$nmutate);
-    if (!defined $r->{S}{cookie_name}) {
-	# authentication is by hidden form parameter only
-	return undef unless defined $qassoc;
-	$nassoc = $qassoc;
-	$nmutate = 1;
-    } else {
-	# authentication is by cookie
-	# the cookie suffices for read-only GET requests
-	# for mutating and non-GET requests we require hidden param too
-	my $cassoc = $r->_cm('get_cookie');
-	return undef unless defined $cassoc;
-	$nassoc = $cassoc;
-	if (defined $qassoc && $qassoc eq $cassoc) {
-	    $nmutate = 1;
-	} else {
-	    return undef unless $r->{S}{promise_check_mutate};
-	    return undef unless $r->_cm('get_method') eq 'GET';
-	    $nmutate = 0;
-	}
-    }
-
 # pages/param-sets are
 #   n normal non-mutating page
 #   r retrieval of information for JS, non-mutating
@@ -257,6 +232,33 @@ sub _check_core ($) {
     #  -/n n   POST  nrmu     user not logged in
     #                           fail
 
+UP TO HERE
+
+sub _check_core ($) {
+    my ($r) = @_;
+    my $qassoc = $r->_ch('get_param');
+    my ($nassoc,$nmutate);
+    if (!defined $r->{S}{cookie_name}) {
+	# authentication is by hidden form parameter only
+	return undef unless defined $qassoc;
+	$nassoc = $qassoc;
+	$nmutate = 1;
+    } else {
+	# authentication is by cookie
+	# the cookie suffices for read-only GET requests
+	# for mutating and non-GET requests we require hidden param too
+	my $cassoc = $r->_ch('get_cookie');
+	return undef unless defined $cassoc;
+	$nassoc = $cassoc;
+	if (defined $qassoc && $qassoc eq $cassoc) {
+	    $nmutate = 1;
+	} else {
+	    return undef unless $r->{S}{promise_check_mutate};
+	    return undef unless $r->_ch('get_method') eq 'GET';
+	    $nmutate = 0;
+	}
+    }
+
     my $dbh = $r->{Dbh};
     my ($nusername, $nlast) =
 	$dbh->selectrow_array("SELECT username, last".
@@ -270,6 +272,25 @@ sub _check_core ($) {
     return ($nusername, $nassoc, $nmutate);
 }
 
+sub record_login ($$) {
+    my ($r,$nusername) = @_;
+    my $rsp = $r->{S}{random_source};
+    my $rsf = new IO::File $rsp, '<' or die "$rsp $!";
+    my $bytes = ($r->{S}{associdlen} + 7) >> 3;
+    my $nassocbin;
+    $!=0;
+    read($rsf,$nassocbin,$bytes) == $bytes or die "$rsp $!";
+    close $rsf;
+    my $nassoc = unpack "H*", $nassocbin;
+    my $dbh = $r->{Dbh};
+    $dbh->do("INSERT INTO $r->{S}{assocdb_table}".
+	     " (associd, username, last) VALUES (?,?,?)", {},
+	     $nassoc, $nusername, time);
+    $dbh->do("COMMIT");
+    $r->{U} = $nusername;
+    $r->{A} = $nassoc;
+}
+
 sub _check ($) {
     my ($r) = @_;