diff options
Diffstat (limited to 'lib/JWebmail/Plugin')
-rw-r--r-- | lib/JWebmail/Plugin/Helper.pm | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm index cd72bfa..5edb4af 100644 --- a/lib/JWebmail/Plugin/Helper.pm +++ b/lib/JWebmail/Plugin/Helper.pm @@ -3,6 +3,7 @@ package JWebmail::Plugin::Helper; use Mojo::Base Mojolicious::Plugin; use List::Util qw(all min max); +use Carp 'carp'; use POSIX qw(floor round log ceil); use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape); @@ -156,7 +157,7 @@ sub _rand_data { } sub session_passwd { - my ($c, $passwd) = @_; + my ($c, $passwd, $challenge) = @_; my $secAlg = $c->config->{session}{secure}; die "you need to install Digest::HMAC_MD5 for cram to work" @@ -165,7 +166,7 @@ sub session_passwd { if (defined $passwd) { # set if ($secAlg eq 'cram') { - $c->session(S_PASSWD() => $passwd ? b64_encode(hmac_md5($passwd, $c->app->secrets->[0]), '') : ''); + $c->session(S_PASSWD() => $passwd, challenge => $challenge); } elsif ($secAlg eq 's3d') { unless ($passwd) { @@ -187,8 +188,8 @@ sub session_passwd { } else { # get if ($secAlg eq 'cram') { - wantarray or warn "you forgot the challenge"; - return ($c->app->secrets->[0], $c->session(S_PASSWD)); + wantarray or carp "you forgot the challenge"; + return ($c->session('challenge'), $c->session(S_PASSWD)); } elsif ($secAlg eq 's3d') { my $pw = b64_decode($c->s3d(S_PASSWD) || ''); |