diff options
author | Jannis M. Hoffmann <jannis.hoffmann@rwth-aachen.de> | 2022-05-05 14:41:10 +0200 |
---|---|---|
committer | Jannis M. Hoffmann <jannis.hoffmann@rwth-aachen.de> | 2022-05-05 14:41:10 +0200 |
commit | febfd792ce3a63314c980cc29440cf2f127953b4 (patch) | |
tree | 196b98d1ead81459869aa4675fd7a198b0d7822b /lib/JWebmail/Controller/Webmail.pm | |
parent | e740d60265adacfef6edb6b534ae31eedf9011da (diff) |
propper cram support (baring some details rng)
Diffstat (limited to 'lib/JWebmail/Controller/Webmail.pm')
-rw-r--r-- | lib/JWebmail/Controller/Webmail.pm | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/JWebmail/Controller/Webmail.pm b/lib/JWebmail/Controller/Webmail.pm index ee4a532..bdd7176 100644 --- a/lib/JWebmail/Controller/Webmail.pm +++ b/lib/JWebmail/Controller/Webmail.pm @@ -31,7 +31,7 @@ sub auth { my $self = shift; my $user = $self->session(S_USER); - my $pw = $self->session_passwd; + my ($pw, $ch) = $self->session_passwd; unless ($user && $pw) { $self->flash(message => $self->l('no_session')); @@ -40,9 +40,7 @@ sub auth { return 0; } - my $authConf = {user => $user, password => $pw}; - $authConf->{challenge} = $self->app->secrets->[0] if $self->config->{session}{secure} eq 'cram'; - $self->stash(ST_AUTH() => $self->users->Auth($authConf)); + $self->stash(ST_AUTH() => $self->users->Auth(user => $user, password => $pw, challenge => $ch)); return 1; } @@ -67,10 +65,16 @@ sub _time :prototype(&$$) { sub login { my $self = shift; + my $uses_cram = $self->config->{session}{secure} eq 'cram'; + my $v = $self->validation; my $user = $v->required('userid')->size(4, 50)->param; my $passwd = $v->required('password')->size(4, 50)->like(qr/^.+$/)->param; # no new-lines + my $challenge; + if ($uses_cram) { + $challenge = $v->required('challenge')->size(4, 50)->param; # no new-lines + } if ($v->has_error) { $self->render(status => 400); @@ -78,11 +82,12 @@ sub login { } my $auth = $self->users->Auth(user => $user, password => $passwd); + $auth->{challenge} = $challenge if $uses_cram; my $valid = _time { $self->users->verify_user($auth) } $self, 'verify user'; if ($valid) { $self->session(S_USER() => $user); - $self->session_passwd($passwd); + $self->session_passwd($passwd, $challenge); $self->res->code(303); $self->redirect_to('displayheaders'); |