From 2abf462ca10c4ac8c4f815e608cad31851e966e3 Mon Sep 17 00:00:00 2001 From: "Jannis M. Hoffmann" Date: Sun, 26 Feb 2023 21:36:27 +0100 Subject: Specified the interface for qmauth Changes to configuration Added qmauth version written in Python Slight changes to pagination --- lib/JWebmail/Plugin/Helper.pm | 44 ++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) (limited to 'lib/JWebmail/Plugin/Helper.pm') diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm index ad5c8ad..c00ef0e 100644 --- a/lib/JWebmail/Plugin/Helper.pm +++ b/lib/JWebmail/Plugin/Helper.pm @@ -9,7 +9,6 @@ use POSIX qw(floor round log ceil); use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape); use constant TRUE_RANDOM => eval { require Crypt::URandom; Crypt::URandom->import('urandom'); 1 }; -use constant HMAC_MD5 => eval { require Digest::HMAC_MD5; Digest::HMAC_MD5->import('hmac_md5'); 1 }; ### filter and checks for mojo validator @@ -160,8 +159,6 @@ sub session_passwd { my ($c, $passwd, $challenge) = @_; my $secAlg = $c->config->{session}{secure}; - die "you need to install Digest::HMAC_MD5 for cram to work" - if !HMAC_MD5 && $secAlg eq 'cram'; warn_crypt($c); if (defined $passwd) { # set @@ -234,11 +231,9 @@ sub _paginate { my %args = @_; my $first_item = $args{first_item}; - my $page_size = $args{page_size} || 1; + my $page_size = $args{page_size}; my $total_items = $args{total_items}; - my $first_item1 = $total_items ? $first_item+1 : 0; - my $current_page = ceil($first_item/$page_size); my $total_pages = ceil($total_items/$page_size); @@ -246,23 +241,29 @@ sub _paginate { my $page_ = shift; return [0, 0] unless $total_items; $page_ = _clamp(0, $page_, $total_pages-1); - [_clamp(1, $page_*$page_size + 1, $total_items), _clamp(1, ($page_+1)*$page_size, $total_items)] + [_clamp(0, $page_*$page_size, $total_items-1), _clamp(0, ($page_+1)*$page_size, $total_items)] }; - return ( - first_item => $first_item1, - last_item => _clamp($first_item1, $first_item + $page_size, $total_items), + my %ret = ( total_items => $total_items, page_size => $page_size, total_pages => $total_pages, - current_page => $current_page + 1, + current_page => $current_page, first_page => $page->(0), prev_page => $page->($current_page-1), + this_page => $page->($current_page), next_page => $page->($current_page+1), last_page => $page->($total_pages-1), ); + + if ($total_items) { + $ret{first_item} = $first_item; + $ret{last_item} = _clamp($first_item, $first_item+$page_size-1, $total_items-1); + } + + return %ret; } sub paginate { @@ -274,9 +275,13 @@ sub paginate { my $psize = $v->optional('page_size')->num(1, undef)->param // 50; $start = _clamp(0, $start, max($count-1, 0)); - my $end = _clamp($start, $start+$psize-1, max($count-1, 0)); + my $end = _clamp($start, $start+$psize, max($count, 0)); - $c->stash(_paginate(first_item => $start, page_size => $psize, total_items => $count)); + $c->stash(_paginate( + first_item => int($start/$psize)*$psize, + page_size => $psize, + total_items => $count, + )); return $start, $end; } @@ -435,16 +440,21 @@ Currently the following modes are supported: =item none -password is plainly stored in session cookie +The password is plainly stored in session cookie. +The cookie is stored on the client side and send with every request. =item cram -challenge response authentication mechanism uses the C<< $app->secret->[0] >> as nonce. -This is optional if Digest::HMAC_MD5 is installed. +A nonce is send to the client and the cram_md5 is generated there via js +and crypto-js. +This is vulnurable to replay attacks as the nonce is not invalidated ever. =item s3d -data is stored on the server. Additionally the password is encrypted by an one-time-pad that is stored in the user cookie. +The password is stored on the server. Additionally the password is encrypted +by an one-time-pad that is stored in the users cookie. +This is vulnurable to replay attacks during an active session. +On log-in it is transfered plainly. =back -- cgit v1.2.3