summaryrefslogtreecommitdiff
path: root/lib/JWebmail/Plugin
diff options
context:
space:
mode:
Diffstat (limited to 'lib/JWebmail/Plugin')
-rw-r--r--lib/JWebmail/Plugin/Helper.pm9
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm
index cd72bfa..5edb4af 100644
--- a/lib/JWebmail/Plugin/Helper.pm
+++ b/lib/JWebmail/Plugin/Helper.pm
@@ -3,6 +3,7 @@ package JWebmail::Plugin::Helper;
use Mojo::Base Mojolicious::Plugin;
use List::Util qw(all min max);
+use Carp 'carp';
use POSIX qw(floor round log ceil);
use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape);
@@ -156,7 +157,7 @@ sub _rand_data {
}
sub session_passwd {
- my ($c, $passwd) = @_;
+ my ($c, $passwd, $challenge) = @_;
my $secAlg = $c->config->{session}{secure};
die "you need to install Digest::HMAC_MD5 for cram to work"
@@ -165,7 +166,7 @@ sub session_passwd {
if (defined $passwd) { # set
if ($secAlg eq 'cram') {
- $c->session(S_PASSWD() => $passwd ? b64_encode(hmac_md5($passwd, $c->app->secrets->[0]), '') : '');
+ $c->session(S_PASSWD() => $passwd, challenge => $challenge);
}
elsif ($secAlg eq 's3d') {
unless ($passwd) {
@@ -187,8 +188,8 @@ sub session_passwd {
}
else { # get
if ($secAlg eq 'cram') {
- wantarray or warn "you forgot the challenge";
- return ($c->app->secrets->[0], $c->session(S_PASSWD));
+ wantarray or carp "you forgot the challenge";
+ return ($c->session('challenge'), $c->session(S_PASSWD));
}
elsif ($secAlg eq 's3d') {
my $pw = b64_decode($c->s3d(S_PASSWD) || '');