summaryrefslogtreecommitdiff
path: root/lib/JWebmail/Plugin
diff options
context:
space:
mode:
Diffstat (limited to 'lib/JWebmail/Plugin')
-rw-r--r--lib/JWebmail/Plugin/Helper.pm44
1 files changed, 27 insertions, 17 deletions
diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm
index ad5c8ad..c00ef0e 100644
--- a/lib/JWebmail/Plugin/Helper.pm
+++ b/lib/JWebmail/Plugin/Helper.pm
@@ -9,7 +9,6 @@ use POSIX qw(floor round log ceil);
use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape);
use constant TRUE_RANDOM => eval { require Crypt::URandom; Crypt::URandom->import('urandom'); 1 };
-use constant HMAC_MD5 => eval { require Digest::HMAC_MD5; Digest::HMAC_MD5->import('hmac_md5'); 1 };
### filter and checks for mojo validator
@@ -160,8 +159,6 @@ sub session_passwd {
my ($c, $passwd, $challenge) = @_;
my $secAlg = $c->config->{session}{secure};
- die "you need to install Digest::HMAC_MD5 for cram to work"
- if !HMAC_MD5 && $secAlg eq 'cram';
warn_crypt($c);
if (defined $passwd) { # set
@@ -234,11 +231,9 @@ sub _paginate {
my %args = @_;
my $first_item = $args{first_item};
- my $page_size = $args{page_size} || 1;
+ my $page_size = $args{page_size};
my $total_items = $args{total_items};
- my $first_item1 = $total_items ? $first_item+1 : 0;
-
my $current_page = ceil($first_item/$page_size);
my $total_pages = ceil($total_items/$page_size);
@@ -246,23 +241,29 @@ sub _paginate {
my $page_ = shift;
return [0, 0] unless $total_items;
$page_ = _clamp(0, $page_, $total_pages-1);
- [_clamp(1, $page_*$page_size + 1, $total_items), _clamp(1, ($page_+1)*$page_size, $total_items)]
+ [_clamp(0, $page_*$page_size, $total_items-1), _clamp(0, ($page_+1)*$page_size, $total_items)]
};
- return (
- first_item => $first_item1,
- last_item => _clamp($first_item1, $first_item + $page_size, $total_items),
+ my %ret = (
total_items => $total_items,
page_size => $page_size,
total_pages => $total_pages,
- current_page => $current_page + 1,
+ current_page => $current_page,
first_page => $page->(0),
prev_page => $page->($current_page-1),
+ this_page => $page->($current_page),
next_page => $page->($current_page+1),
last_page => $page->($total_pages-1),
);
+
+ if ($total_items) {
+ $ret{first_item} = $first_item;
+ $ret{last_item} = _clamp($first_item, $first_item+$page_size-1, $total_items-1);
+ }
+
+ return %ret;
}
sub paginate {
@@ -274,9 +275,13 @@ sub paginate {
my $psize = $v->optional('page_size')->num(1, undef)->param // 50;
$start = _clamp(0, $start, max($count-1, 0));
- my $end = _clamp($start, $start+$psize-1, max($count-1, 0));
+ my $end = _clamp($start, $start+$psize, max($count, 0));
- $c->stash(_paginate(first_item => $start, page_size => $psize, total_items => $count));
+ $c->stash(_paginate(
+ first_item => int($start/$psize)*$psize,
+ page_size => $psize,
+ total_items => $count,
+ ));
return $start, $end;
}
@@ -435,16 +440,21 @@ Currently the following modes are supported:
=item none
-password is plainly stored in session cookie
+The password is plainly stored in session cookie.
+The cookie is stored on the client side and send with every request.
=item cram
-challenge response authentication mechanism uses the C<< $app->secret->[0] >> as nonce.
-This is optional if Digest::HMAC_MD5 is installed.
+A nonce is send to the client and the cram_md5 is generated there via js
+and crypto-js.
+This is vulnurable to replay attacks as the nonce is not invalidated ever.
=item s3d
-data is stored on the server. Additionally the password is encrypted by an one-time-pad that is stored in the user cookie.
+The password is stored on the server. Additionally the password is encrypted
+by an one-time-pad that is stored in the users cookie.
+This is vulnurable to replay attacks during an active session.
+On log-in it is transfered plainly.
=back