copy current state of medienstaatsvertrag.org, to be verified
This commit is contained in:
Milan
354
lib/calcms/auth.pm
Normal file
354
lib/calcms/auth.pm
Normal file
@@ -0,0 +1,354 @@
|
||||
#!/bin/perl
|
||||
|
||||
use CGI;
|
||||
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
|
||||
use CGI::Session qw(-ip-match);
|
||||
use CGI::Cookie;
|
||||
#$CGI::Session::IP_MATCH=1;
|
||||
|
||||
package auth;
|
||||
|
||||
use warnings "all";
|
||||
use strict;
|
||||
|
||||
use Data::Dumper;
|
||||
use Authen::Passphrase::BlowfishCrypt;
|
||||
use time;
|
||||
|
||||
require Exporter;
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT_OK = qw(get_user login logout crypt_password);
|
||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK ] );
|
||||
|
||||
|
||||
my $defaultExpiration=60;
|
||||
my $tmp_dir='/var/tmp/';
|
||||
my $debug=0;
|
||||
|
||||
sub debug;
|
||||
|
||||
sub get_user{
|
||||
my $cgi=shift;
|
||||
my $config=shift;
|
||||
|
||||
my %parms=$cgi->Vars();
|
||||
my $parms=\%parms;
|
||||
|
||||
debug("get_user")if ($debug);
|
||||
|
||||
# login or logout on action
|
||||
if (defined $parms->{action}){
|
||||
if ($parms->{action} eq 'login'){
|
||||
my $user=login($cgi, $config, $parms->{user}, $parms->{password});
|
||||
$cgi->delete('user','password','uri','action');
|
||||
return $user;
|
||||
}elsif($parms->{action} eq 'logout'){
|
||||
logout($cgi);
|
||||
$cgi->delete('user','password','uri','action');
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
||||
# read session id from cookie
|
||||
my $session_id=read_cookie($cgi);
|
||||
|
||||
# login if no cookie found
|
||||
return show_login_form($parms->{user}, 'Please login') unless defined $session_id;
|
||||
|
||||
# read session
|
||||
my $session=read_session($session_id);
|
||||
|
||||
# login if user not found
|
||||
return show_login_form($parms->{user}, 'unknown User') unless defined $session;
|
||||
|
||||
$parms->{user} = $session->{user};
|
||||
$parms->{expires} = $session->{expires};
|
||||
debug($parms->{expires});
|
||||
return $session->{user}, $session->{expires};
|
||||
}
|
||||
|
||||
sub crypt_password{
|
||||
my $password=shift;
|
||||
|
||||
my $ppr = Authen::Passphrase::BlowfishCrypt->new(
|
||||
cost => 8,
|
||||
salt_random => 1,
|
||||
passphrase => $password
|
||||
);
|
||||
return{
|
||||
salt => $ppr->salt_base64,
|
||||
crypt => $ppr->as_crypt
|
||||
};
|
||||
}
|
||||
|
||||
sub login{
|
||||
my $cgi=shift;
|
||||
my $config=shift;
|
||||
my $user=shift;
|
||||
my $password=shift;
|
||||
debug("login")if ($debug);
|
||||
|
||||
#print STDERR "login $user $password\n";
|
||||
my $result = authenticate($config, $user, $password);
|
||||
#print STDERR Dumper($result);
|
||||
|
||||
return show_login_form($user,'Could not authenticate you') unless defined $result;
|
||||
return unless defined $result->{login}eq '1';
|
||||
|
||||
my $timeout=$result->{timeout} || $defaultExpiration;
|
||||
$timeout='+'.$timeout.'m';
|
||||
|
||||
my $session_id=create_session($user, $password, $timeout);
|
||||
return $user if(create_cookie($cgi, $session_id, $timeout));
|
||||
return undef;
|
||||
}
|
||||
|
||||
sub logout{
|
||||
my $cgi=shift;
|
||||
my $session_id=read_cookie($cgi);
|
||||
debug("logout")if ($debug);
|
||||
unless(delete_session($session_id)){
|
||||
return show_login_form('Cant delete session', 'logged out');
|
||||
};
|
||||
unless(delete_cookie($cgi)){
|
||||
return show_login_form('Cant remove cookie', 'logged out');
|
||||
}
|
||||
my $uri=$ENV{HTTP_REFERER}||'';
|
||||
$uri=~s/action=logout//g;
|
||||
print $cgi->redirect($uri);
|
||||
# return show_login_form('', 'logged out');
|
||||
}
|
||||
|
||||
#read and write data from browser, http://perldoc.perl.org/CGI/Cookie.html
|
||||
sub create_cookie{
|
||||
my $cgi=shift;
|
||||
my $session_id=shift;
|
||||
my $timeout=shift;
|
||||
#debug("create_cookie")if ($debug);
|
||||
|
||||
my $cookie = CGI::Cookie->new(
|
||||
-name => 'sessionID',
|
||||
-value => $session_id,
|
||||
-expires => $timeout,
|
||||
# -domain => '.capricorn.com',
|
||||
# -path => '/agenda/admin/',
|
||||
-secure => 1
|
||||
);
|
||||
print "Set-Cookie: ",$cookie->as_string,"\n";
|
||||
print STDERR "#Set-Cookie: ",$cookie->as_string,"\n";
|
||||
# print $cgi->header( -cookie => $cookie );
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub read_cookie{
|
||||
my $cgi=shift;
|
||||
|
||||
debug("read_cookie")if ($debug);
|
||||
my %cookie = CGI::Cookie->fetch;
|
||||
debug("cookies: ".Dumper(\%cookie))if ($debug);
|
||||
my $cookie=$cookie{'sessionID'};
|
||||
debug("cookie: ".$cookie)if ($debug);
|
||||
return undef unless (defined $cookie);
|
||||
my $session_id= $cookie->value || undef;
|
||||
debug("sid: ".$session_id)if ($debug);
|
||||
return $session_id;
|
||||
#return $cgi->cookie('sessionID') || undef;
|
||||
};
|
||||
|
||||
sub delete_cookie{
|
||||
my $cgi=shift;
|
||||
|
||||
debug("delete_cookie")if ($debug);
|
||||
my $cookie = $cgi->cookie(
|
||||
-name => 'sessionID',
|
||||
-value => '',
|
||||
-expires => '+1s'
|
||||
);
|
||||
print $cgi->header( -cookie => $cookie );
|
||||
return 1;
|
||||
}
|
||||
|
||||
#read and write server-side session data
|
||||
sub create_session{
|
||||
my $user=shift;
|
||||
my $password=shift;
|
||||
my $expiration=shift;
|
||||
|
||||
debug("create_session")if ($debug);
|
||||
my $session = new CGI::Session(undef, undef, {Directory=>$tmp_dir});
|
||||
$session->expire($expiration);
|
||||
$session->param("user", $user);
|
||||
$session->param("pid", $$);
|
||||
# $session->param("password", $password);
|
||||
return $session->id();
|
||||
}
|
||||
|
||||
sub read_session{
|
||||
my $session_id=shift;
|
||||
|
||||
debug("read_session")if $debug;
|
||||
return undef unless(defined $session_id);
|
||||
|
||||
debug("read_session2")if $debug;
|
||||
my $session = new CGI::Session(undef, $session_id, {Directory=>$tmp_dir});
|
||||
return undef unless defined $session;
|
||||
|
||||
debug("read_session3")if $debug;
|
||||
my $user = $session->param("user") || undef;
|
||||
return undef unless defined $user;
|
||||
my $expires = time::time_to_datetime($session->param("_SESSION_ATIME")+$session->param("_SESSION_ETIME"));
|
||||
return {
|
||||
user => $user,
|
||||
expires => $expires
|
||||
}
|
||||
}
|
||||
|
||||
sub delete_session{
|
||||
my $session_id=shift;
|
||||
|
||||
debug("delete_session")if ($debug);
|
||||
return undef unless(defined $session_id);
|
||||
my $session = new CGI::Session(undef, $session_id, {Directory=>$tmp_dir});
|
||||
$session->delete();
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
#check user authentication
|
||||
sub authenticate{
|
||||
my $config=shift;
|
||||
my $user=shift;
|
||||
my $password=shift;
|
||||
|
||||
$config->{access}->{write}=0;
|
||||
my $dbh = db::connect($config);
|
||||
my $query = qq{
|
||||
select *
|
||||
from calcms_users
|
||||
where name=?
|
||||
};
|
||||
my $bind_values = [$user];
|
||||
#print STDERR "query:".Dumper($query).Dumper($bind_values);
|
||||
|
||||
my $users = db::get($dbh,$query,$bind_values);
|
||||
#print STDERR "result:".Dumper($users);
|
||||
|
||||
if (scalar(@$users) != 1){
|
||||
print STDERR "auth: did not find user '$user'\n";
|
||||
return undef;
|
||||
}
|
||||
#print STDERR Dumper($users);
|
||||
|
||||
my $salt=$users->[0]->{salt};
|
||||
my $ppr = Authen::Passphrase::BlowfishCrypt->from_crypt(
|
||||
$users->[0]->{pass},
|
||||
$users->[0]->{salt}
|
||||
);
|
||||
|
||||
return undef unless $ppr->match($password);
|
||||
if($users->[0]->{disabled} == 1){
|
||||
print STDERR "user '$user' is disabled\n";
|
||||
return undef;
|
||||
}
|
||||
|
||||
my $timeout = $users->[0]->{session_timeout} || 120;
|
||||
$timeout =10 if $timeout < 10;
|
||||
$timeout =12*60 if $timeout > 12*60;
|
||||
|
||||
return {
|
||||
timeout => $timeout,
|
||||
login => 1
|
||||
}
|
||||
}
|
||||
|
||||
sub show_login_form{
|
||||
my $user=shift||'';
|
||||
my $uri=$ENV{HTTP_REFERER}||'';
|
||||
my $message=shift||'';
|
||||
debug("show_login_form")if ($debug);
|
||||
print qq{Content-type:text/html
|
||||
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<style type="text/css">
|
||||
html,body{
|
||||
height: 100%;
|
||||
font-family:helvetica,arial,sans-serif;
|
||||
}
|
||||
|
||||
body{
|
||||
display: table;
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
input, .row, .field{
|
||||
padding:0.5em;
|
||||
}
|
||||
|
||||
.container{
|
||||
height: 100%;
|
||||
display: table-cell;
|
||||
vertical-align: middle;
|
||||
}
|
||||
|
||||
#login_form{
|
||||
background:#ddd;
|
||||
box-shadow: 1em 1em 1em #888;
|
||||
margin:1em;
|
||||
padding:1em;
|
||||
text-align:center;
|
||||
}
|
||||
|
||||
#login_form .field{
|
||||
width:8em;
|
||||
float:left;
|
||||
}
|
||||
|
||||
#login_form .message{
|
||||
background:#ccc;
|
||||
text-align:left;
|
||||
font-weight:bold;
|
||||
padding:1em;
|
||||
margin:-1em;
|
||||
margin-bottom:0;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="container">
|
||||
<div id="login_form">
|
||||
<div class="message">$message</div><br/>
|
||||
<form method="post">
|
||||
<div class="row">
|
||||
<div class="field">user</div>
|
||||
<input name="user" value="$user"><br/>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="field">password</div>
|
||||
<input type="password" name="password"><br/>
|
||||
</div>
|
||||
<div class="row">
|
||||
<input type="submit" name="action" value="login">
|
||||
<input type="submit" name="action" value="logout">
|
||||
</div>
|
||||
<input type="hidden" name="uri" value="$uri">
|
||||
</form>
|
||||
</div>
|
||||
</container>
|
||||
</body>
|
||||
</html>
|
||||
};
|
||||
return undef;
|
||||
}
|
||||
|
||||
sub debug{
|
||||
my $message=shift;
|
||||
print STDERR "$message\n" if $debug>0;
|
||||
}
|
||||
|
||||
|
||||
#do not delete last line!
|
||||
1;
|
||||
Reference in New Issue
Block a user