From 0238b57dac39695fd01fce9e89b0456435964f5f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 25 Oct 2015 13:23:56 +0000 Subject: [PATCH] blinding: Introduce _CookieRaw (same as CookieSecret for now --- cgi-auth-flexible.pm | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm index 6d1c0e8..8f0538f 100644 --- a/cgi-auth-flexible.pm +++ b/cgi-auth-flexible.pm @@ -787,7 +787,7 @@ sub _check_divert_core ($) { die if $srcdump =~ m/\W/; return ({ Kind => 'SRCDUMP-'.uc $srcdump, Message => undef, - CookieSecret => undef, + _CookieRaw => undef, Params => { } }); } @@ -796,7 +796,7 @@ sub _check_divert_core ($) { if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) { return ({ Kind => 'REDIRECT-HTTPS', Message => $r->_gt("Redirecting to secure server..."), - CookieSecret => undef, + _CookieRaw => undef, Params => { } }); } @@ -818,7 +818,7 @@ sub _check_divert_core ($) { $r->_db_revoke($parmh); return ({ Kind => 'REDIRECT-LOGGEDOUT', Message => $r->_gt("Logging out..."), - CookieSecret => '', + _CookieRaw => '', Params => { } }); } if ($r->_ch('is_loggedout')) { @@ -827,7 +827,7 @@ sub _check_divert_core ($) { die if $parmt; return ({ Kind => 'SMALLPAGE-LOGGEDOUT', Message => $r->_gt("You have been logged out."), - CookieSecret => '', + _CookieRaw => '', Params => { } }); } if ($r->_ch('is_login')) { @@ -838,7 +838,7 @@ sub _check_divert_core ($) { Message => $r->_gt("You do not seem to have cookies". " enabled. You must enable cookies". " as we use them for login."), - CookieSecret => $r->_fresh_secret(), + _CookieRaw => $r->_fresh_secret(), Params => $r->_chain_params() }) } if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) { @@ -846,7 +846,7 @@ sub _check_divert_core ($) { return ({ Kind => 'LOGIN-STALE', Message => $r->_gt("Stale session;". " you need to log in again."), - CookieSecret => $r->_fresh_secret(), + _CookieRaw => $r->_fresh_secret(), Params => { } }) } die unless $parmt eq 't' || $parmt eq 'y'; @@ -856,13 +856,13 @@ sub _check_divert_core ($) { if !$login_errormessage; return ({ Kind => 'LOGIN-BAD', Message => $login_errormessage, - CookieSecret => $cooks, + _CookieRaw => $cooks, Params => $r->_chain_params() }) } $r->_db_record_login_ok($parmh,$username); return ({ Kind => 'REDIRECT-LOGGEDIN', Message => $r->_gt("Logging in..."), - CookieSecret => $cooks, + _CookieRaw => $cooks, Params => $r->_chain_params() }); } if ($cookt eq 't') { @@ -882,13 +882,13 @@ sub _check_divert_core ($) { if ($meth eq 'GET') { return ({ Kind => 'LOGIN-INCOMINGLINK', Message => $r->_gt("You need to log in."), - CookieSecret => $news, + _CookieRaw => $news, Params => $r->_chain_params() }); } else { $r->_db_revoke($parmh); return ({ Kind => 'LOGIN-FRESH', Message => $r->_gt("You need to log in."), - CookieSecret => $news, + _CookieRaw => $news, Params => { } }); } } @@ -897,7 +897,7 @@ sub _check_divert_core ($) { if ($meth ne 'POST') { return ({ Kind => 'MAINPAGEONLY', Message => $r->_gt('Entering via cross-site link.'), - CookieSecret => $cooks, + _CookieRaw => $cooks, Params => { } }); # NB caller must then ignore params & path! # if this is too hard they can spit out a small form @@ -1030,6 +1030,10 @@ sub check_divert ($) { my $dbh = $r->{Dbh}; $r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); }); $dbh->commit(); + + my $cookraw = $r->{_CookieRaw}; + $r->{CookieSecret} = $$cookraw; + $r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)])); return $r->{Divert}; } -- 2.30.2