chiark
/
gitweb
/
~ian
/
cgi-auth-flexible.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c7fda90
)
blinding: Introduce _CookieRaw (same as CookieSecret for now
author
Ian Jackson
<ijackson@chiark.greenend.org.uk>
Sun, 25 Oct 2015 13:23:56 +0000
(13:23 +0000)
committer
Ian Jackson
<ijackson@chiark.greenend.org.uk>
Sun, 25 Oct 2015 13:23:56 +0000
(13:23 +0000)
cgi-auth-flexible.pm
patch
|
blob
|
history
diff --git
a/cgi-auth-flexible.pm
b/cgi-auth-flexible.pm
index 6d1c0e8577fb79dab7fb2ed2e99d735e48d2aa66..8f0538fbf1931ddd87447e583995034dec08a845 100644
(file)
--- a/
cgi-auth-flexible.pm
+++ b/
cgi-auth-flexible.pm
@@
-787,7
+787,7
@@
sub _check_divert_core ($) {
die if $srcdump =~ m/\W/;
return ({ Kind => 'SRCDUMP-'.uc $srcdump,
Message => undef,
die if $srcdump =~ m/\W/;
return ({ Kind => 'SRCDUMP-'.uc $srcdump,
Message => undef,
-
CookieSecret
=> undef,
+
_CookieRaw
=> undef,
Params => { } });
}
Params => { } });
}
@@
-796,7
+796,7
@@
sub _check_divert_core ($) {
if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) {
return ({ Kind => 'REDIRECT-HTTPS',
Message => $r->_gt("Redirecting to secure server..."),
if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) {
return ({ Kind => 'REDIRECT-HTTPS',
Message => $r->_gt("Redirecting to secure server..."),
-
CookieSecret
=> undef,
+
_CookieRaw
=> undef,
Params => { } });
}
Params => { } });
}
@@
-818,7
+818,7
@@
sub _check_divert_core ($) {
$r->_db_revoke($parmh);
return ({ Kind => 'REDIRECT-LOGGEDOUT',
Message => $r->_gt("Logging out..."),
$r->_db_revoke($parmh);
return ({ Kind => 'REDIRECT-LOGGEDOUT',
Message => $r->_gt("Logging out..."),
-
CookieSecret
=> '',
+
_CookieRaw
=> '',
Params => { } });
}
if ($r->_ch('is_loggedout')) {
Params => { } });
}
if ($r->_ch('is_loggedout')) {
@@
-827,7
+827,7
@@
sub _check_divert_core ($) {
die if $parmt;
return ({ Kind => 'SMALLPAGE-LOGGEDOUT',
Message => $r->_gt("You have been logged out."),
die if $parmt;
return ({ Kind => 'SMALLPAGE-LOGGEDOUT',
Message => $r->_gt("You have been logged out."),
-
CookieSecret
=> '',
+
_CookieRaw
=> '',
Params => { } });
}
if ($r->_ch('is_login')) {
Params => { } });
}
if ($r->_ch('is_login')) {
@@
-838,7
+838,7
@@
sub _check_divert_core ($) {
Message => $r->_gt("You do not seem to have cookies".
" enabled. You must enable cookies".
" as we use them for login."),
Message => $r->_gt("You do not seem to have cookies".
" enabled. You must enable cookies".
" as we use them for login."),
-
CookieSecret
=> $r->_fresh_secret(),
+
_CookieRaw
=> $r->_fresh_secret(),
Params => $r->_chain_params() })
}
if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) {
Params => $r->_chain_params() })
}
if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) {
@@
-846,7
+846,7
@@
sub _check_divert_core ($) {
return ({ Kind => 'LOGIN-STALE',
Message => $r->_gt("Stale session;".
" you need to log in again."),
return ({ Kind => 'LOGIN-STALE',
Message => $r->_gt("Stale session;".
" you need to log in again."),
-
CookieSecret
=> $r->_fresh_secret(),
+
_CookieRaw
=> $r->_fresh_secret(),
Params => { } })
}
die unless $parmt eq 't' || $parmt eq 'y';
Params => { } })
}
die unless $parmt eq 't' || $parmt eq 'y';
@@
-856,13
+856,13
@@
sub _check_divert_core ($) {
if !$login_errormessage;
return ({ Kind => 'LOGIN-BAD',
Message => $login_errormessage,
if !$login_errormessage;
return ({ Kind => 'LOGIN-BAD',
Message => $login_errormessage,
-
CookieSecret
=> $cooks,
+
_CookieRaw
=> $cooks,
Params => $r->_chain_params() })
}
$r->_db_record_login_ok($parmh,$username);
return ({ Kind => 'REDIRECT-LOGGEDIN',
Message => $r->_gt("Logging in..."),
Params => $r->_chain_params() })
}
$r->_db_record_login_ok($parmh,$username);
return ({ Kind => 'REDIRECT-LOGGEDIN',
Message => $r->_gt("Logging in..."),
-
CookieSecret
=> $cooks,
+
_CookieRaw
=> $cooks,
Params => $r->_chain_params() });
}
if ($cookt eq 't') {
Params => $r->_chain_params() });
}
if ($cookt eq 't') {
@@
-882,13
+882,13
@@
sub _check_divert_core ($) {
if ($meth eq 'GET') {
return ({ Kind => 'LOGIN-INCOMINGLINK',
Message => $r->_gt("You need to log in."),
if ($meth eq 'GET') {
return ({ Kind => 'LOGIN-INCOMINGLINK',
Message => $r->_gt("You need to log in."),
-
CookieSecret
=> $news,
+
_CookieRaw
=> $news,
Params => $r->_chain_params() });
} else {
$r->_db_revoke($parmh);
return ({ Kind => 'LOGIN-FRESH',
Message => $r->_gt("You need to log in."),
Params => $r->_chain_params() });
} else {
$r->_db_revoke($parmh);
return ({ Kind => 'LOGIN-FRESH',
Message => $r->_gt("You need to log in."),
-
CookieSecret
=> $news,
+
_CookieRaw
=> $news,
Params => { } });
}
}
Params => { } });
}
}
@@
-897,7
+897,7
@@
sub _check_divert_core ($) {
if ($meth ne 'POST') {
return ({ Kind => 'MAINPAGEONLY',
Message => $r->_gt('Entering via cross-site link.'),
if ($meth ne 'POST') {
return ({ Kind => 'MAINPAGEONLY',
Message => $r->_gt('Entering via cross-site link.'),
-
CookieSecret
=> $cooks,
+
_CookieRaw
=> $cooks,
Params => { } });
# NB caller must then ignore params & path!
# if this is too hard they can spit out a small form
Params => { } });
# NB caller must then ignore params & path!
# if this is too hard they can spit out a small form
@@
-1030,6
+1030,10
@@
sub check_divert ($) {
my $dbh = $r->{Dbh};
$r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); });
$dbh->commit();
my $dbh = $r->{Dbh};
$r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); });
$dbh->commit();
+
+ my $cookraw = $r->{_CookieRaw};
+ $r->{CookieSecret} = $$cookraw;
+
$r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)]));
return $r->{Divert};
}
$r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)]));
return $r->{Divert};
}