X-Git-Url: https://git.dogcows.com/gitweb?a=blobdiff_plain;f=lib%2FCGI%2FEx%2FAuth.pm;h=337801cd6b4da37927eb23fd8c2a9198fd8e2c39;hb=d710d6cd21be21c0ab2df3566c2bd61d9015cac6;hp=21693186e489f25d23d33e4c007b8ba36f72f26b;hpb=a8620142ba0dcda3f0c5f102f791df944ed2245e;p=chaz%2Fp5-CGI-Ex diff --git a/lib/CGI/Ex/Auth.pm b/lib/CGI/Ex/Auth.pm index 2169318..337801c 100644 --- a/lib/CGI/Ex/Auth.pm +++ b/lib/CGI/Ex/Auth.pm @@ -18,7 +18,7 @@ use MIME::Base64 qw(encode_base64 decode_base64); use Digest::MD5 qw(md5_hex); use CGI::Ex; -$VERSION = '2.01'; +$VERSION = '2.04'; ###----------------------------------------------------------------### @@ -144,6 +144,10 @@ sub get_valid_auth { $self->login_print; my $data = $self->last_auth_data; eval { die defined($data) ? $data : "Requesting credentials" }; + + ### allow for a sleep to help prevent brute force + sleep($self->failed_sleep) if defined($data) && $data->error ne 'Login expired' && $self->failed_sleep; + return; } @@ -226,6 +230,7 @@ sub use_blowfish { shift->{'use_blowfish'} ||= '' } sub use_plaintext { my $s = shift; $s->use_crypt || ($s->{'use_plaintext'} ||= 0) } sub use_base64 { my $s = shift; $s->{'use_base64'} = 1 if ! defined $s->{'use_base64'}; $s->{'use_base64'} } sub expires_min { my $s = shift; $s->{'expires_min'} = 6 * 60 if ! defined $s->{'expires_min'}; $s->{'expires_min'} } +sub failed_sleep { shift->{'failed_sleep'} ||= 0 } sub logout_redirect { my $self = shift; @@ -310,7 +315,9 @@ sub login_hash_common { $self->key_time => $self->server_time, $self->key_payload => $self->generate_payload({%$data, login_form => 1}), $self->key_expires_min => $self->expires_min, - + text_user => $self->text_user, + text_pass => $self->text_pass, + text_save => $self->text_save, }; } @@ -332,7 +339,7 @@ sub verify_token { my $key; for my $armor ('none', 'base64', 'blowfish') { # try with and without base64 encoding my $copy = ($armor eq 'none') ? $token - : ($armor eq 'base64') ? decode_base64($token) + : ($armor eq 'base64') ? eval { local $^W; decode_base64($token) } : ($key = $self->use_blowfish) ? decrypt_blowfish($token, $key) : next; if ($copy =~ m|^ ([^/]+) / (\d+) / (-?\d+) / (.*) / ([a-fA-F0-9]{32}) (?: / (sh\.\d+\.\d+))? $|x) { @@ -378,6 +385,13 @@ sub verify_token { } elsif (! defined($pass = eval { $self->get_pass_by_user($data->{'user'}) })) { $data->add_data({details => $@}); $data->error('Could not get pass'); + } elsif (ref $pass eq 'HASH') { + my $extra = $pass; + $pass = exists($extra->{'real_pass'}) ? delete($extra->{'real_pass'}) + : exists($extra->{'password'}) ? delete($extra->{'password'}) + : do { $data->error('Data returned by get_pass_by_user did not contain real_pass or password'); undef }; + $data->error('Invalid login') if ! defined $pass && ! $data->error; + $data->add_data($extra); } return $data if $data->error; @@ -617,16 +631,16 @@ sub login_form {
Username: | +[% text_user %] | |
Password: | +[% text_pass %] | |
- Save Password ? + [% text_save %] | ||