summaryrefslogtreecommitdiff
path: root/lib/JWebmail/Controller/Webmail.pm
diff options
context:
space:
mode:
Diffstat (limited to 'lib/JWebmail/Controller/Webmail.pm')
-rw-r--r--lib/JWebmail/Controller/Webmail.pm15
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/JWebmail/Controller/Webmail.pm b/lib/JWebmail/Controller/Webmail.pm
index ee4a532..bdd7176 100644
--- a/lib/JWebmail/Controller/Webmail.pm
+++ b/lib/JWebmail/Controller/Webmail.pm
@@ -31,7 +31,7 @@ sub auth {
my $self = shift;
my $user = $self->session(S_USER);
- my $pw = $self->session_passwd;
+ my ($pw, $ch) = $self->session_passwd;
unless ($user && $pw) {
$self->flash(message => $self->l('no_session'));
@@ -40,9 +40,7 @@ sub auth {
return 0;
}
- my $authConf = {user => $user, password => $pw};
- $authConf->{challenge} = $self->app->secrets->[0] if $self->config->{session}{secure} eq 'cram';
- $self->stash(ST_AUTH() => $self->users->Auth($authConf));
+ $self->stash(ST_AUTH() => $self->users->Auth(user => $user, password => $pw, challenge => $ch));
return 1;
}
@@ -67,10 +65,16 @@ sub _time :prototype(&$$) {
sub login {
my $self = shift;
+ my $uses_cram = $self->config->{session}{secure} eq 'cram';
+
my $v = $self->validation;
my $user = $v->required('userid')->size(4, 50)->param;
my $passwd = $v->required('password')->size(4, 50)->like(qr/^.+$/)->param; # no new-lines
+ my $challenge;
+ if ($uses_cram) {
+ $challenge = $v->required('challenge')->size(4, 50)->param; # no new-lines
+ }
if ($v->has_error) {
$self->render(status => 400);
@@ -78,11 +82,12 @@ sub login {
}
my $auth = $self->users->Auth(user => $user, password => $passwd);
+ $auth->{challenge} = $challenge if $uses_cram;
my $valid = _time { $self->users->verify_user($auth) } $self, 'verify user';
if ($valid) {
$self->session(S_USER() => $user);
- $self->session_passwd($passwd);
+ $self->session_passwd($passwd, $challenge);
$self->res->code(303);
$self->redirect_to('displayheaders');
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 19:49:14 +0000