X-Git-Url: https://git.dogcows.com/gitweb?p=chaz%2Fp5-CGI-Ex;a=blobdiff_plain;f=lib%2FCGI%2FEx%2FAuth.pm;h=0c384949746fcc3936c321fc1185069a6997b81c;hp=49c9a198e1ce3958713536d9a1bffe5118349306;hb=6c57b3331d84010b9e2031f8e3c8937c3117e8fc;hpb=4eee158dce82376f2f37de29d91c53f60a24aebe diff --git a/lib/CGI/Ex/Auth.pm b/lib/CGI/Ex/Auth.pm index 49c9a19..0c38494 100644 --- a/lib/CGI/Ex/Auth.pm +++ b/lib/CGI/Ex/Auth.pm @@ -7,7 +7,7 @@ CGI::Ex::Auth - Handle logins nicely. =cut ###----------------------------------------------------------------### -# Copyright 2006 - Paul Seamons # +# Copyright 2007 - Paul Seamons # # Distributed under the Perl Artistic License without warranty # ###----------------------------------------------------------------### @@ -18,7 +18,7 @@ use MIME::Base64 qw(encode_base64 decode_base64); use Digest::MD5 qw(md5_hex); use CGI::Ex; -$VERSION = '2.00'; +$VERSION = '2.11'; ###----------------------------------------------------------------### @@ -144,6 +144,10 @@ sub get_valid_auth { $self->login_print; my $data = $self->last_auth_data; eval { die defined($data) ? $data : "Requesting credentials" }; + + ### allow for a sleep to help prevent brute force + sleep($self->failed_sleep) if defined($data) && $data->error ne 'Login expired' && $self->failed_sleep; + return; } @@ -226,6 +230,7 @@ sub use_blowfish { shift->{'use_blowfish'} ||= '' } sub use_plaintext { my $s = shift; $s->use_crypt || ($s->{'use_plaintext'} ||= 0) } sub use_base64 { my $s = shift; $s->{'use_base64'} = 1 if ! defined $s->{'use_base64'}; $s->{'use_base64'} } sub expires_min { my $s = shift; $s->{'expires_min'} = 6 * 60 if ! defined $s->{'expires_min'}; $s->{'expires_min'} } +sub failed_sleep { shift->{'failed_sleep'} ||= 0 } sub logout_redirect { my $self = shift; @@ -310,7 +315,9 @@ sub login_hash_common { $self->key_time => $self->server_time, $self->key_payload => $self->generate_payload({%$data, login_form => 1}), $self->key_expires_min => $self->expires_min, - + text_user => $self->text_user, + text_pass => $self->text_pass, + text_save => $self->text_save, }; } @@ -332,7 +339,7 @@ sub verify_token { my $key; for my $armor ('none', 'base64', 'blowfish') { # try with and without base64 encoding my $copy = ($armor eq 'none') ? $token - : ($armor eq 'base64') ? decode_base64($token) + : ($armor eq 'base64') ? eval { local $^W; decode_base64($token) } : ($key = $self->use_blowfish) ? decrypt_blowfish($token, $key) : next; if ($copy =~ m|^ ([^/]+) / (\d+) / (-?\d+) / (.*) / ([a-fA-F0-9]{32}) (?: / (sh\.\d+\.\d+))? $|x) { @@ -378,6 +385,13 @@ sub verify_token { } elsif (! defined($pass = eval { $self->get_pass_by_user($data->{'user'}) })) { $data->add_data({details => $@}); $data->error('Could not get pass'); + } elsif (ref $pass eq 'HASH') { + my $extra = $pass; + $pass = exists($extra->{'real_pass'}) ? delete($extra->{'real_pass'}) + : exists($extra->{'password'}) ? delete($extra->{'password'}) + : do { $data->error('Data returned by get_pass_by_user did not contain real_pass or password'); undef }; + $data->error('Invalid login') if ! defined $pass && ! $data->error; + $data->add_data($extra); } return $data if $data->error; @@ -470,7 +484,8 @@ sub generate_token { if ( (defined($data->{'use_plaintext'}) ? $data->{'use_plaintext'} : $self->use_plaintext) # ->use_plaintext is true if ->use_crypt is || (defined($data->{'use_crypt'}) && $data->{'use_crypt'}) || (defined($data->{'type'}) && $data->{'type'} eq 'crypt')) { - $token = $data->{'user'} .'/'. $data->{'real_pass'}; + my $pass = defined($data->{'test_pass'}) ? $data->{'test_pass'} : $data->{'real_pass'}; + $token = $data->{'user'} .'/'. $pass; ### all other types go to cram - secure_hash_cram, cram, plaintext and md5 } else { @@ -617,16 +632,16 @@ sub login_form {
Username: | +[% text_user %] | |
Password: | +[% text_pass %] | |
- Save Password ? + [% text_save %] | ||