blinding: Introduce _CookieRaw (same as CookieSecret for now

author Ian Jackson <ijackson@chiark.greenend.org.uk>

Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)

committer Ian Jackson <ijackson@chiark.greenend.org.uk>

Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)
author Ian Jackson <ijackson@chiark.greenend.org.uk>
Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)
committer Ian Jackson <ijackson@chiark.greenend.org.uk>
Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)
diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm

index 6d1c0e8577fb79dab7fb2ed2e99d735e48d2aa66..8f0538fbf1931ddd87447e583995034dec08a845 100644 (file)
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -787,7 +787,7 @@ sub _check_divert_core ($) {
         die if $srcdump =~ m/\W/;
         return ({ Kind => 'SRCDUMP-'.uc $srcdump,
                   Message => undef,
-                 CookieSecret => undef,
+                 _CookieRaw => undef,
                   Params => { } });
      }
  
@@ -796,7 +796,7 @@ sub _check_divert_core ($) {
      if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) {
          return ({ Kind => 'REDIRECT-HTTPS',
                    Message => $r->_gt("Redirecting to secure server..."),
-                  CookieSecret => undef,
+                  _CookieRaw => undef,
                    Params => { } });
      }
  
@@ -818,7 +818,7 @@ sub _check_divert_core ($) {
         $r->_db_revoke($parmh);
         return ({ Kind => 'REDIRECT-LOGGEDOUT',
                   Message => $r->_gt("Logging out..."),
-                 CookieSecret => '',
+                 _CookieRaw => '',
                   Params => { } });
      }
      if ($r->_ch('is_loggedout')) {
@@ -827,7 +827,7 @@ sub _check_divert_core ($) {
         die if $parmt;
         return ({ Kind => 'SMALLPAGE-LOGGEDOUT',
                   Message => $r->_gt("You have been logged out."),
-                 CookieSecret => '',
+                 _CookieRaw => '',
                   Params => { } });
      }
      if ($r->_ch('is_login')) {
@@ -838,7 +838,7 @@ sub _check_divert_core ($) {
                        Message => $r->_gt("You do not seem to have cookies".
                                           " enabled.  You must enable cookies".
                                           " as we use them for login."),
-                      CookieSecret => $r->_fresh_secret(),
+                      _CookieRaw => $r->_fresh_secret(),
                        Params => $r->_chain_params() })
          }
          if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) {
@@ -846,7 +846,7 @@ sub _check_divert_core ($) {
              return ({ Kind => 'LOGIN-STALE',
                        Message => $r->_gt("Stale session;".
                                           " you need to log in again."),
-                      CookieSecret => $r->_fresh_secret(),
+                      _CookieRaw => $r->_fresh_secret(),
                        Params => { } })
          }
         die unless $parmt eq 't' || $parmt eq 'y';
@@ -856,13 +856,13 @@ sub _check_divert_core ($) {
                  if !$login_errormessage;
              return ({ Kind => 'LOGIN-BAD',
                        Message => $login_errormessage,
-                      CookieSecret => $cooks,
+                      _CookieRaw => $cooks,
                        Params => $r->_chain_params() })
          }
         $r->_db_record_login_ok($parmh,$username);
         return ({ Kind => 'REDIRECT-LOGGEDIN',
                   Message => $r->_gt("Logging in..."),
-                 CookieSecret => $cooks,
+                 _CookieRaw => $cooks,
                   Params => $r->_chain_params() });
      }
      if ($cookt eq 't') {
@@ -882,13 +882,13 @@ sub _check_divert_core ($) {
         if ($meth eq 'GET') {
             return ({ Kind => 'LOGIN-INCOMINGLINK',
                       Message => $r->_gt("You need to log in."),
-                     CookieSecret => $news,
+                     _CookieRaw => $news,
                       Params => $r->_chain_params() });
         } else {
             $r->_db_revoke($parmh);
             return ({ Kind => 'LOGIN-FRESH',
                        Message => $r->_gt("You need to log in."),
-                      CookieSecret => $news,
+                      _CookieRaw => $news,
                        Params => { } });
         }
      }
@@ -897,7 +897,7 @@ sub _check_divert_core ($) {
         if ($meth ne 'POST') {
             return ({ Kind => 'MAINPAGEONLY',
                       Message => $r->_gt('Entering via cross-site link.'),
-                     CookieSecret => $cooks,
+                     _CookieRaw => $cooks,
                       Params => { } });
             # NB caller must then ignore params & path!
             # if this is too hard they can spit out a small form
@@ -1030,6 +1030,10 @@ sub check_divert ($) {
      my $dbh = $r->{Dbh};
      $r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); });
      $dbh->commit();
+
+    my $cookraw = $r->{_CookieRaw};
+    $r->{CookieSecret} = $$cookraw;
+
      $r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)]));
      return $r->{Divert};
  }
author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)