diff options
author | Jannis M. Hoffmann <jannis@fehcom.de> | 2023-09-08 23:32:10 +0200 |
---|---|---|
committer | Jannis M. Hoffmann <jannis@fehcom.de> | 2023-09-08 23:32:10 +0200 |
commit | 926ec7a6b85e6e3f7335a8c5ddcccd51937ee2d8 (patch) | |
tree | b7a420a919d0146f2a0bd2e1e577b795fcb99202 /lib/JWebmail/Controller | |
parent | 4510e3720274865996ef056f1687997ba0b482be (diff) |
added a build configuration step
Diffstat (limited to 'lib/JWebmail/Controller')
-rw-r--r-- | lib/JWebmail/Controller/Webmail.pm | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/JWebmail/Controller/Webmail.pm b/lib/JWebmail/Controller/Webmail.pm index e06a8f7..94df668 100644 --- a/lib/JWebmail/Controller/Webmail.pm +++ b/lib/JWebmail/Controller/Webmail.pm @@ -8,6 +8,7 @@ use List::Util qw(any first); use Mojo::Util qw(encode decode b64_encode b64_decode); use Mojolicious::Types; +use JWebmail::Config 'LOGIN_SCHEME'; use JWebmail::View::Webmail; use JWebmail::View::RenderMail; @@ -72,7 +73,7 @@ sub _time :prototype(&$$) { sub login { my $self = shift; - my $uses_cram = $self->config->{session}{secure} eq 'cram'; + my $uses_cram = LOGIN_SCHEME eq fc 'cram_md5'; my $v = $self->validation; @@ -338,12 +339,12 @@ sub _rand_data { sub _session_passwd { my ($self, $passwd, $challenge) = @_; - my $secAlg = $self->config->{session}{secure}; + my $secAlg = LOGIN_SCHEME; $self->_warn_crypt; if (defined $passwd) { # set - if ($secAlg eq 'cram') { + if ($secAlg eq fc 'cram_md5') { $self->session(S_PASSWD() => $passwd, challenge => $challenge); } elsif ($secAlg eq 's3d') { @@ -352,7 +353,7 @@ sub _session_passwd { delete $self->session->{S_OTP_S3D_PW()}; return; } - die "'$passwd' contains invalid character \\n" if $passwd =~ /\n/; + die "'$passwd' contains invalid character \\n" if $passwd =~ /\n/; if (length $passwd < 20) { $passwd .= "\n" . ' ' x (20 - length($passwd) - 1); } @@ -366,7 +367,7 @@ sub _session_passwd { } } else { # get - if ($secAlg eq 'cram') { + if ($secAlg eq fc 'cram_md5') { wantarray or carp "you forgot the challenge"; return ($self->session(S_PASSWD), $self->session('challenge')); } @@ -472,18 +473,18 @@ Currently the following modes are supported: =over 6 -=item none +=item none The password is plainly stored in session cookie. The cookie is stored on the client side and send with every request. -=item cram +=item cram A nonce is send to the client and the cram_md5 is generated there via js and crypto-js. This is vulnurable to replay attacks as the nonce is not invalidated ever. -=item s3d +=item s3d The password is stored on the server. Additionally the password is encrypted by an one-time-pad that is stored in the users cookie. |