summaryrefslogtreecommitdiff
path: root/lib/JWebmail/Plugin/Helper.pm
diff options
context:
space:
mode:
Diffstat (limited to 'lib/JWebmail/Plugin/Helper.pm')
-rw-r--r--lib/JWebmail/Plugin/Helper.pm48
1 files changed, 21 insertions, 27 deletions
diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm
index be147fe..cd72bfa 100644
--- a/lib/JWebmail/Plugin/Helper.pm
+++ b/lib/JWebmail/Plugin/Helper.pm
@@ -1,13 +1,14 @@
package JWebmail::Plugin::Helper;
-use Mojo::Base 'Mojolicious::Plugin';
+use Mojo::Base Mojolicious::Plugin;
use List::Util qw(all min max);
-use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape);
use POSIX qw(floor round log ceil);
+use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape);
+
use constant TRUE_RANDOM => eval { require Crypt::URandom; Crypt::URandom->import('urandom'); 1 };
-use constant HMAC => eval { require Digest::HMAC_MD5; Digest::HMAC_MD5->import('hmac_md5'); 1 };
+use constant HMAC_MD5 => eval { require Digest::HMAC_MD5; Digest::HMAC_MD5->import('hmac_md5'); 1 };
### filter and checks for mojo validator
@@ -32,7 +33,7 @@ sub mail_line {
) | (
$mail_addr
))$
- /xno;
+ /xn;
}
@@ -80,13 +81,14 @@ sub print_sizes2 {
}
-sub d { qr/([[:digit:]]{$_[0]})/ }
+my sub d { "([[:digit:]]{$_[0]})" }
sub parse_iso_date {
- state $rx = d(4).'-'.d(2).'-'.d(2).'T'.d(2).':'.d(2).':'.d(2);
- my @d = shift =~ m/$rx/;
- if (!all { defined $_ } @d) {
+ state $rx = do { my $re = d(4).'-'.d(2).'-'.d(2).'T'.d(2).':'.d(2).':'.d(2); qr/$re/a };
+ my @d = shift =~ /$rx/;
+ if (@d != 6) {
# TODO
+ warn "issue when parsing date";
}
return {
year => $d[0],
@@ -155,15 +157,17 @@ sub _rand_data {
sub session_passwd {
my ($c, $passwd) = @_;
+ my $secAlg = $c->config->{session}{secure};
- warn_cram($c);
+ die "you need to install Digest::HMAC_MD5 for cram to work"
+ if !HMAC_MD5 && $secAlg eq 'cram';
warn_crypt($c);
if (defined $passwd) { # set
- if ( HMAC && lc($c->config->{session}{secure}) eq 'cram' ) {
+ if ($secAlg eq 'cram') {
$c->session(S_PASSWD() => $passwd ? b64_encode(hmac_md5($passwd, $c->app->secrets->[0]), '') : '');
}
- elsif (lc($c->config->{session}{secure}) eq 's3d') {
+ elsif ($secAlg eq 's3d') {
unless ($passwd) {
$c->s3d(S_PASSWD, '');
delete $c->session->{S_OTP_S3D_PW()};
@@ -171,7 +175,7 @@ sub session_passwd {
}
die "'$passwd' contains invalid character \\n" if $passwd =~ /\n/;
if (length $passwd < 20) {
- $passwd .= "\n" . " " x (20 - length($passwd) - 1);
+ $passwd .= "\n" . ' ' x (20 - length($passwd) - 1);
}
my $rand_bytes = _rand_data(length $passwd);
$c->s3d(S_PASSWD, b64_encode(encode('UTF-8', $passwd) ^ $rand_bytes, ''));
@@ -182,10 +186,11 @@ sub session_passwd {
}
}
else { # get
- if ( HMAC && lc($c->config->{'session'}{secure}) eq 'cram' ) {
+ if ($secAlg eq 'cram') {
+ wantarray or warn "you forgot the challenge";
return ($c->app->secrets->[0], $c->session(S_PASSWD));
}
- elsif (lc($c->config->{'session'}{secure}) eq 's3d') {
+ elsif ($secAlg eq 's3d') {
my $pw = b64_decode($c->s3d(S_PASSWD) || '');
my $otp = b64_decode($c->session(S_OTP_S3D_PW) || '');
my ($res) = split "\n", decode('UTF-8', $pw ^ $otp), 2;
@@ -197,24 +202,13 @@ sub session_passwd {
}
}
-sub warn_cram {
- my $c = shift;
-
- state $once = 0;
-
- if ( !HMAC && !$once && lc($c->config->{'session'}{secure}) eq 'cram' ) {
- $c->log->warn("cram requires Digest::HMAC_MD5. Falling back to 'none'.");
- $once = 1;
- }
-}
-
sub warn_crypt {
my $c = shift;
state $once = 0;
- if ( !TRUE_RANDOM && !$once && lc($c->config->{'session'}{secure}) eq 's3d' ) {
- $c->log->warn("Falling back to pseudo random generation. Please install Crypt::Random");
+ if ( !TRUE_RANDOM && !$once && lc($c->config->{session}{secure}) eq 's3d' ) {
+ $c->log->warn("Falling back to pseudo random generation. Please install Crypt::URandom");
$once = 1;
}
}