From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 1 Nov 2015 20:58:04 +0000 (+0000)
Subject: srcdump: Introduce srcdump_needlogin option
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=commitdiff_plain;h=8c6dbdb773712f0774f51c4754e9864641fbea24;hp=412316a7005df29b1adb30835848490210498ecb

srcdump: Introduce srcdump_needlogin option

This makes it technically fairly straightforward to take advantage of
the CAF Login Exception.

In the resulting website the source download link is only present on
the login page unless the application also provides such a link, but
that link is functional after logging in and can easily be used by
bookmarking the url or using multiple browser tabs.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/caf.pod b/caf.pod
index de77f3d..a5c8a3e 100644
--- a/caf.pod
+++ b/caf.pod
@@ -1146,6 +1146,11 @@ names.  They will all start with this string.  Default: C<caf__>.
 
 =over
 
+=item C<srcdump_needlogin>
+
+Boolean: do users need to log in to be able to download the source
+code for the whole application ?  Default: 0.
+
 =item C<srcdump_param_name>
 
 Form parameter name used to indicate that this is a source download
diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 3a4ee76..95c58ac 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -194,7 +194,9 @@ sub gen_plain_licence_link_html ($$) {
 }
 sub gen_plain_source_link_html ($$) {
     my ($c,$r) = @_;
-    gen_srcdump_link_html($c,$r, 'Source available', 'source');
+    my $msg = 'Source available';
+    $msg .= " to logged-in users" if $r->{S}{srcdump_needlogin};
+    gen_srcdump_link_html($c,$r, $msg, 'source');
 }
 
 sub gen_plain_footer_html ($$) {
@@ -474,6 +476,7 @@ sub new_verifier {
 	    gen_login_form => \&gen_plain_login_form,
 	    gen_login_link => \&gen_plain_login_link,
 	    gen_postmainpage_form => \&gen_postmainpage_form,
+	    srcdump_needlogin => 0,
 	    srcdump_dump => \&srcdump_dump,
 	    srcdump_prepare => \&srcdump_dirscan_prepare,
 	    srcdump_licence_path => undef,
@@ -791,10 +794,15 @@ sub _check_divert_core ($) {
     my $srcdump = $r->_rp('srcdump_param_name');
     if ($srcdump) {
 	die if $srcdump =~ m/\W/;
-	return ({ Kind => 'SRCDUMP-'.uc $srcdump,
-		  Message => undef,
-		  _CookieRaw => undef,
-		  Params => { } });
+	$srcdump= {
+	    Kind => 'SRCDUMP-'.uc $srcdump,
+	    Message => undef,
+	    _CookieRaw => undef,
+	    Params => { },
+	};
+    }
+    if ($srcdump || !$r->{S}{srcdump_needlogin}) {
+	return ($srcdump);
     }
 
     my $cooksraw = $r->_ch('get_cookie');
@@ -915,7 +923,8 @@ sub _check_divert_core ($) {
     }
 
     die unless $cookt eq 'y';
-    unless ($r->{S}{promise_check_mutate} && $meth eq 'GET') {
+    unless (($r->{S}{promise_check_mutate} && $meth eq 'GET')
+	    || $srcdump) {
         if ($parmt eq 't' || $parmt eq 'n') {
             return ({ Kind => 'STALE',
                       Message => $r->_gt("Login session interrupted."),
@@ -927,9 +936,14 @@ sub _check_divert_core ($) {
     }
     $r->_db_update_last($cooku,$parmh);
 
+    if ($srcdump) {
+	return ($srcdump);
+    }
+
     $r->{ParmT} = $parmt;
     $r->{AssocRaw} = $cooks;
     $r->{UserOK} = $cooku;
+
 #print STDERR "C-D-C OK\n";
     return undef;
 }