diff options
author | Jannis M. Hoffmann <jannis.hoffmann@rwth-aachen.de> | 2022-05-05 14:41:10 +0200 |
---|---|---|
committer | Jannis M. Hoffmann <jannis.hoffmann@rwth-aachen.de> | 2022-05-05 14:41:10 +0200 |
commit | febfd792ce3a63314c980cc29440cf2f127953b4 (patch) | |
tree | 196b98d1ead81459869aa4675fd7a198b0d7822b /lib/JWebmail/Plugin | |
parent | e740d60265adacfef6edb6b534ae31eedf9011da (diff) |
propper cram support (baring some details rng)
Diffstat (limited to 'lib/JWebmail/Plugin')
-rw-r--r-- | lib/JWebmail/Plugin/Helper.pm | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm index cd72bfa..5edb4af 100644 --- a/lib/JWebmail/Plugin/Helper.pm +++ b/lib/JWebmail/Plugin/Helper.pm @@ -3,6 +3,7 @@ package JWebmail::Plugin::Helper; use Mojo::Base Mojolicious::Plugin; use List::Util qw(all min max); +use Carp 'carp'; use POSIX qw(floor round log ceil); use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape); @@ -156,7 +157,7 @@ sub _rand_data { } sub session_passwd { - my ($c, $passwd) = @_; + my ($c, $passwd, $challenge) = @_; my $secAlg = $c->config->{session}{secure}; die "you need to install Digest::HMAC_MD5 for cram to work" @@ -165,7 +166,7 @@ sub session_passwd { if (defined $passwd) { # set if ($secAlg eq 'cram') { - $c->session(S_PASSWD() => $passwd ? b64_encode(hmac_md5($passwd, $c->app->secrets->[0]), '') : ''); + $c->session(S_PASSWD() => $passwd, challenge => $challenge); } elsif ($secAlg eq 's3d') { unless ($passwd) { @@ -187,8 +188,8 @@ sub session_passwd { } else { # get if ($secAlg eq 'cram') { - wantarray or warn "you forgot the challenge"; - return ($c->app->secrets->[0], $c->session(S_PASSWD)); + wantarray or carp "you forgot the challenge"; + return ($c->session('challenge'), $c->session(S_PASSWD)); } elsif ($secAlg eq 's3d') { my $pw = b64_decode($c->s3d(S_PASSWD) || ''); |