From 7c8bd21ccbca8a3166289ab0e5511cc82d2822aa Mon Sep 17 00:00:00 2001 From: "Jannis M. Hoffmann" Date: Sun, 1 May 2022 22:02:37 +0200 Subject: collection of smaller changes --- lib/JWebmail/Plugin/Helper.pm | 48 +++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 27 deletions(-) (limited to 'lib/JWebmail/Plugin/Helper.pm') diff --git a/lib/JWebmail/Plugin/Helper.pm b/lib/JWebmail/Plugin/Helper.pm index be147fe..cd72bfa 100644 --- a/lib/JWebmail/Plugin/Helper.pm +++ b/lib/JWebmail/Plugin/Helper.pm @@ -1,13 +1,14 @@ package JWebmail::Plugin::Helper; -use Mojo::Base 'Mojolicious::Plugin'; +use Mojo::Base Mojolicious::Plugin; use List::Util qw(all min max); -use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape); use POSIX qw(floor round log ceil); +use Mojo::Util qw(encode decode b64_encode b64_decode xml_escape); + use constant TRUE_RANDOM => eval { require Crypt::URandom; Crypt::URandom->import('urandom'); 1 }; -use constant HMAC => eval { require Digest::HMAC_MD5; Digest::HMAC_MD5->import('hmac_md5'); 1 }; +use constant HMAC_MD5 => eval { require Digest::HMAC_MD5; Digest::HMAC_MD5->import('hmac_md5'); 1 }; ### filter and checks for mojo validator @@ -32,7 +33,7 @@ sub mail_line { ) | ( $mail_addr ))$ - /xno; + /xn; } @@ -80,13 +81,14 @@ sub print_sizes2 { } -sub d { qr/([[:digit:]]{$_[0]})/ } +my sub d { "([[:digit:]]{$_[0]})" } sub parse_iso_date { - state $rx = d(4).'-'.d(2).'-'.d(2).'T'.d(2).':'.d(2).':'.d(2); - my @d = shift =~ m/$rx/; - if (!all { defined $_ } @d) { + state $rx = do { my $re = d(4).'-'.d(2).'-'.d(2).'T'.d(2).':'.d(2).':'.d(2); qr/$re/a }; + my @d = shift =~ /$rx/; + if (@d != 6) { # TODO + warn "issue when parsing date"; } return { year => $d[0], @@ -155,15 +157,17 @@ sub _rand_data { sub session_passwd { my ($c, $passwd) = @_; + my $secAlg = $c->config->{session}{secure}; - warn_cram($c); + die "you need to install Digest::HMAC_MD5 for cram to work" + if !HMAC_MD5 && $secAlg eq 'cram'; warn_crypt($c); if (defined $passwd) { # set - if ( HMAC && lc($c->config->{session}{secure}) eq 'cram' ) { + if ($secAlg eq 'cram') { $c->session(S_PASSWD() => $passwd ? b64_encode(hmac_md5($passwd, $c->app->secrets->[0]), '') : ''); } - elsif (lc($c->config->{session}{secure}) eq 's3d') { + elsif ($secAlg eq 's3d') { unless ($passwd) { $c->s3d(S_PASSWD, ''); delete $c->session->{S_OTP_S3D_PW()}; @@ -171,7 +175,7 @@ sub session_passwd { } die "'$passwd' contains invalid character \\n" if $passwd =~ /\n/; if (length $passwd < 20) { - $passwd .= "\n" . " " x (20 - length($passwd) - 1); + $passwd .= "\n" . ' ' x (20 - length($passwd) - 1); } my $rand_bytes = _rand_data(length $passwd); $c->s3d(S_PASSWD, b64_encode(encode('UTF-8', $passwd) ^ $rand_bytes, '')); @@ -182,10 +186,11 @@ sub session_passwd { } } else { # get - if ( HMAC && lc($c->config->{'session'}{secure}) eq 'cram' ) { + if ($secAlg eq 'cram') { + wantarray or warn "you forgot the challenge"; return ($c->app->secrets->[0], $c->session(S_PASSWD)); } - elsif (lc($c->config->{'session'}{secure}) eq 's3d') { + elsif ($secAlg eq 's3d') { my $pw = b64_decode($c->s3d(S_PASSWD) || ''); my $otp = b64_decode($c->session(S_OTP_S3D_PW) || ''); my ($res) = split "\n", decode('UTF-8', $pw ^ $otp), 2; @@ -197,24 +202,13 @@ sub session_passwd { } } -sub warn_cram { - my $c = shift; - - state $once = 0; - - if ( !HMAC && !$once && lc($c->config->{'session'}{secure}) eq 'cram' ) { - $c->log->warn("cram requires Digest::HMAC_MD5. Falling back to 'none'."); - $once = 1; - } -} - sub warn_crypt { my $c = shift; state $once = 0; - if ( !TRUE_RANDOM && !$once && lc($c->config->{'session'}{secure}) eq 's3d' ) { - $c->log->warn("Falling back to pseudo random generation. Please install Crypt::Random"); + if ( !TRUE_RANDOM && !$once && lc($c->config->{session}{secure}) eq 's3d' ) { + $c->log->warn("Falling back to pseudo random generation. Please install Crypt::URandom"); $once = 1; } } -- cgit v1.2.3