diff options
author | Buchan Milne <buchan@mageia.org> | 2010-11-03 16:14:41 +0000 |
---|---|---|
committer | Buchan Milne <buchan@mageia.org> | 2010-11-03 16:14:41 +0000 |
commit | c24af5b15eeedec8fa84456458d1a6537e1b9887 (patch) | |
tree | f93b2c84ecd0c972eb280eebe2e026a559377324 /lib/CatDap/Controller/user.pm | |
parent | 41074cf0bc2da78eaffef8eca757a76d5e08fc34 (diff) | |
download | identity-c24af5b15eeedec8fa84456458d1a6537e1b9887.tar identity-c24af5b15eeedec8fa84456458d1a6537e1b9887.tar.gz identity-c24af5b15eeedec8fa84456458d1a6537e1b9887.tar.bz2 identity-c24af5b15eeedec8fa84456458d1a6537e1b9887.tar.xz identity-c24af5b15eeedec8fa84456458d1a6537e1b9887.zip |
Fixed registration sequence for password encryption with cookie instead of session id
Initial work on admin password resets of users, email notification to user still
not working
Diffstat (limited to 'lib/CatDap/Controller/user.pm')
-rw-r--r-- | lib/CatDap/Controller/user.pm | 62 |
1 files changed, 45 insertions, 17 deletions
diff --git a/lib/CatDap/Controller/user.pm b/lib/CatDap/Controller/user.pm index c221eff..e2ce800 100644 --- a/lib/CatDap/Controller/user.pm +++ b/lib/CatDap/Controller/user.pm @@ -47,6 +47,11 @@ it (we need to handle failure to decrypt it better) sub auto : Private { my ( $self, $c ) = @_; + $c->log->info("Request path is currently: " . $c->req->path); + $c->log->info(Dumper($c->req->path)); + if ($c->req->path eq 'user/firstlogin') { + return 1; + } my $cipher; my $password; my $mesg; @@ -91,8 +96,8 @@ sub auto : Private { -cipher => 'Blowfish' ) or die $!; $password = $cipher->decrypt($c->session->{enc_password}); - $c->log->info("Re-authenticating user " . $c->session->{user}); - $c->authenticate({username => $c->session->{user},password => $password}); + $c->log->info("Re-authenticating user " . $c->user->username); + $c->authenticate({username => $c->user->username,password => $password}); $c->res->cookies->{'key'} = {value => $key, expires => '+10m'}; $c->stash(pages => roles2pages($c->user->roles)); @@ -267,7 +272,8 @@ sub password : Local { # re-encrypt the new password and forward to user view my $keyprefix = sprintf("%02x%02x%02x",split /\./,$c->req->address); - $cipher = Crypt::CBC->new( -key => $keyprefix . $c->sessionid, + my $key = $c->req->cookie('key')->value; + $cipher = Crypt::CBC->new( -key => $keyprefix . $key, -cipher => 'Blowfish' ) or die $!; $c->session->{enc_password} = $cipher->encrypt($newpass); @@ -281,21 +287,44 @@ sub firstlogin : Local { my ( $self, $c ) = @_; my ($mesg,$newpass,$cipher); - if (! $c->authenticate({ - username => $c->req->param('username'), - password => $c->req->param('key')}) ) { - $c->stash(errors => ['An error occurred']); - $c->res->redirect('/user'); - } + # we want to do our own authentication and caching here, as we + # dont want what auto does, and auto returns early for this path if ( not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { + if (! $c->authenticate({ + username => $c->req->param('username'), + password => $c->req->param('key')}) ) { + $c->stash(errors => ['An error occurred']); + $c->log->info("Failed to authenticate user in first login: " . $c->req->param('key')); + $c->res->redirect('/user'); + } + # cache password for next request with form data + my $keyprefix = sprintf("%02x%02x%02x",split /\./,$c->req->address); + my $key = Data::UUID->new->create_str(); + $cipher = Crypt::CBC->new( -key => $keyprefix . $key, + -cipher => 'Blowfish' + ) or die $!; + $c->session->{enc_password} = $cipher->encrypt($c->req->param('key')); + $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; $c->detach; } + if ($c->req->param('newpassword1') eq $c->req->param('newpassword2')) { $newpass = $c->req->param('newpassword1'); } else { push @{${$c->stash}{'errors'}},"New passwords dont match"; } + + #Re-authenticate user + my $keyprefix = sprintf("%02x%02x%02x",split /\./,$c->req->address); + my $key = $c->req->cookie('key')->value; + $cipher = Crypt::CBC->new( -key => $keyprefix . $key, + -cipher => 'Blowfish' + ) or die $!; + my $password = $cipher->decrypt($c->session->{enc_password}); + $c->authenticate({username => $c->req->param('username'),password => $password}) + or $c->log->info("Authenticating user for first password change failed"); + my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $c->model('User')->set_password( @@ -307,17 +336,16 @@ sub firstlogin : Local { my $perror = $mesg->error; push @{${$c->stash}{'errors'}},"Password change failed: $perror"; $c->detach; - } else { + } - # re-encrypt the new password and forward to user view - my $keyprefix = sprintf("%02x%02x%02x",split /\./,$c->req->address); - $cipher = Crypt::CBC->new( -key => $keyprefix . $c->sessionid, + # re-encrypt the new password and redirect to user view + $cipher = Crypt::CBC->new( -key => $keyprefix . $key, -cipher => 'Blowfish' ) or die $!; - $c->session->{enc_password} = $cipher->encrypt($newpass); - push @{${$c->stash}{'errors'}},"Password change succeeded"; - $c->res->redirect('/user'); - } + $c->session->{enc_password} = $cipher->encrypt($newpass); + $c->authenticate({username => $c->req->param('username'),password => $newpass}); + push @{${$c->stash}{'errors'}},"Password change succeeded"; + $c->res->redirect('/user'); } |