From e4eea69f44d3b010401e24bd7bfa24e9886498f0 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Tue, 15 Jan 2013 17:18:32 +0000
Subject: [PATCH] change login/password protocol to support custom error
 messages

---
 cgi-auth-flexible.pm | 12 +++++++-----
 test.cgi             |  5 ++++-
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 61955c9..49b3303 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -93,8 +93,8 @@ sub login_ok_password ($$) {
     my $username_params = $r->{S}{username_param_names};
     my $username = $r->_ch('get_param',$username_params->[0]);
     my $password = $r->_rp('password_param_name');
-    return undef unless $r->_ch('username_password_ok', $username, $password);
-    return $username;
+    my $error = $r->_ch('username_password_error', $username, $password);
+    return defined($error) ? (undef,$error) : ($username,undef);
 }
 
 sub do_redirect_cgi ($$$$) {
@@ -209,7 +209,7 @@ sub new_verifier {
 	    get_url => sub { $_[0]->url(); },
             is_login => sub { defined $_[1]->_rp('password_param_name') },
             login_ok => \&login_ok_password,
-            username_password_ok => sub { die },
+            username_password_error => sub { die },
 	    is_logout => sub { $_[1]->has_a_param('logout_param_names') },
 	    is_loggedout => sub { $_[1]->has_a_param('loggedout_param_names') },
 	    is_page => sub { return 1 },
@@ -540,10 +540,12 @@ sub _check_divert_core ($) {
                       Params => { } })
         }
 	die unless $parmt eq 't' || $parmt eq 'y';
-	my $username = $r->_ch('login_ok');
+	my ($username, $login_errormessage) = $r->_ch('login_ok');
         unless (defined $username && length $username) {
+            $login_errormessage = $r->_gt("Incorrect username/password.")
+                if !$login_errormessage;
             return ({ Kind => 'LOGIN-BAD',
-                      Message => $r->_gt("Incorrect username/password."),
+                      Message => $login_errormessage,
                       CookieSecret => $cooks,
                       Params => $r->chain_params() })
         }
diff --git a/test.cgi b/test.cgi
index 0715861..92fb7ee 100755
--- a/test.cgi
+++ b/test.cgi
@@ -13,7 +13,10 @@ $SIG{__DIE__} = sub { Carp::confess(@_) };
 my $dump = "$ENV{'CAHTEST_HOME'}/dump";
 
 my $verifier = CGI::Auth::Flexible->new_verifier(
-    username_password_ok => sub { my ($c,$r,$u,$p)=@_; return $p eq 'sesame'; },
+    username_password_error => sub {
+        my ($c,$r,$u,$p)=@_;
+        return $p eq 'sesame' ? undef : 'wrong password'
+    },
     encrypted_only => 0,
     promise_check_mutate => 1,
     dir => $dump,
-- 
2.30.2