]> iEval git - gruntmaster-page.git/commitdiff
Use Plack::Middleware::Auth::Complex for auth
authorMarius Gavrilescu <marius@ieval.ro>
Sun, 1 Mar 2015 12:05:40 +0000 (14:05 +0200)
committerMarius Gavrilescu <marius@ieval.ro>
Sun, 1 Mar 2015 12:05:40 +0000 (14:05 +0200)
Makefile.PL
a/account.en
app.psgi
lib/Plack/App/Gruntmaster.pm
lib/Plack/App/Gruntmaster/Auth.pm [new file with mode: 0644]

index 796f5d7ee2bf802bf58c8b5512aef5bf95448446..0407ab781a3d9bd29094f5f81bf44828b22069c7 100644 (file)
@@ -16,7 +16,6 @@ WriteMakefile(
        },
        PREREQ_PM         => {
                qw/Carp        0
-                  Digest::SHA 0
                   Encode      0
                   List::Util  0
                   POSIX       0
@@ -26,22 +25,21 @@ WriteMakefile(
                   strict      0
                   warnings    0
 
-                  CSS::Minifier::XS           0
-                  Email::Simple               0
-                  Email::Sender::Simple       0
-                  File::Slurp                 0
-                  Gruntmaster::Data           0
-                  HTML::Seamstress            0
-                  JavaScript::Minifier::XS    0
-                  JSON::MaybeXS               0
-                  Log::Log4perl               0
-                  PerlX::Maybe                0
-                  Plack::Builder              0
-                  Plack::Request              0
-                  Plack::Util                 0
-                  Scope::Upper                0
-                  Tie::Hash::Expire           0
-                  Web::Simple                 0.019/,
+                  CSS::Minifier::XS                0
+                  Email::Simple                    0
+                  Email::Sender::Simple            0
+                  File::Slurp                      0
+                  Gruntmaster::Data                0
+                  HTML::Seamstress                 0
+                  JavaScript::Minifier::XS         0
+                  JSON::MaybeXS                    0
+                  Log::Log4perl                    0
+                  PerlX::Maybe                     0
+                  Plack::Builder                   0
+                  Plack::Middleware::Auth::Complex 0
+                  Plack::Util                      0
+                  Scope::Upper                     0
+                  Web::Simple                      0.019/,
        },
        META_MERGE        => {
                dynamic_config => 0,
index 422b94991eb7db62fd9f8b13e31d9305e48de180..6c1b8cce5afc88c3b6680a89cebdcae33f3cf963 100644 (file)
 <h1>Reset password</h1>
 <form action="/action/reset" method="POST" class="jsform" role="form">
 <div class="form-group"><label for="rst_username">Username</label><input type="text" id="rst_username" name="username" class="form-control" required></div>
-<div class="form-group"><label for="rst_password">New password</label><input type="password" id="rst_password" name="password" class="form-control" required></div>
+<div class="form-group"><label for="rst_new_password">New password</label><input type="password" id="rst_new_password" name="new_password" class="form-control" required></div>
+<div class="form-group"><label for="rst_confirm_new_password">Confirm new password</label><input type="password" id="rst_confirm_new_password" name="confirm_new_password" class="form-control" required></div>
 <div class="form-group"><label for="rst_token">Reset token</label><input type="text" id="rst_token" name="token" class="form-control" required></div>
 <input type="submit" class="btn btn-default" value="Reset password">
 </form>
index 85e8847a44e8b7420e8cefca46ec862075f06cfe..53721091fb1bf799c058206d811e4bfc12eaf186 100644 (file)
--- a/app.psgi
+++ b/app.psgi
@@ -5,11 +5,8 @@ no if $] >= 5.017011, warnings => 'experimental::smartmatch';
 use Gruntmaster::Data;
 use Plack::App::Gruntmaster;
 use Plack::Builder;
-use Plack::Request;
 use Plack::Util;
-use Digest::SHA qw/sha256/;
 use Log::Log4perl;
-use Tie::Hash::Expire;
 
 use constant AUTH_TIMEOUT => 5 * 60;
 use constant ACCESSLOG_FORMAT => 'combined';
@@ -31,17 +28,6 @@ CSP
 
 my $db;
 
-tie my %auth, 'Tie::Hash::Expire', {expire_seconds => AUTH_TIMEOUT};
-
-sub authenticate {
-       my ($user, $pass, $env) = @_;
-       my $key = sha256 "$user:$pass";
-       $env->{'gruntmaster.user'} = $user;
-       return 1 if exists $auth{$key};
-       return unless $db->user($user) && $db->user($user)->check_passphrase($pass);
-       $auth{key} = 1;
-}
-
 sub add_database {
        my $app = $_[0];
        sub {
@@ -76,6 +62,9 @@ builder {
        enable 'Static', path => qr,^/static/,;
        enable 'Log4perl', category => 'plack';
        enable \&add_database;
-       enable_if { shift->{HTTP_AUTHORIZATION} } 'Auth::Basic', authenticator => \&authenticate, realm => 'Gruntmaster 6000';
+       enable '+Plack::App::Gruntmaster::Auth',
+         dbi_connect => [$ENV{GRUNTMASTER_DSN} // 'dbi:Pg:', '', ''],
+         realm       => 'Gruntmaster 6000',
+         mail_from   => $ENV{GRUNTMASTER_RESET_FROM};
        Plack::App::Gruntmaster->run_if_script
 }
index 3a7b9db121302ed83d9dcba510193693050324cb..87e9e5a18586bc654a8a36852af55b7c39df1255 100644 (file)
@@ -54,7 +54,6 @@ use constant FORMAT_EXTENSION => {
 };
 
 use constant NOT_FOUND => [404, ['X-Forever' => 1, 'Content-Type' => 'text/plain'], ['Not found']];
-use constant FORBIDDEN => [401, ['Content-Type' => 'text/plain', 'WWW-Authenticate' => 'Basic realm="Gruntmaster 6000"'], ['Forbidden']];
 
 sub development() { ($ENV{PLACK_ENV} // 'development') eq 'development' }
 
@@ -63,7 +62,7 @@ my ($env, $privacy);
 sub db { $env->{'gruntmaster.dbic'} }
 
 sub remote_user {
-       my $user = $env->{'gruntmaster.user'};
+       my $user = $env->{REMOTE_USER};
        $user &&= db->user($user);
        $user
 }
@@ -91,7 +90,7 @@ sub forbid {
        my ($condition) = @_;
        $privacy = 'private' if $condition;
        return if !$condition || admin;
-       unwind FORBIDDEN, SUB UP
+       unwind $env->{authcomplex}->unauthorized, SUB UP
 }
 
 sub dispatch_request{
@@ -217,26 +216,6 @@ sub dispatch_request{
        },
 
        sub (POST) {
-               sub (/action/register + %:username=&:password=&:confirm_password=&:name=&:email=&:phone=&:town=&:university=&:country=&:level=) {
-                       return reply 'Parameter too long' if grep { length > 200 } values %_;
-                       return reply 'Bad username. Allowed characters are letters, digits and underscores, and the username must be between 2 and 20 characters long.' unless $_{username} =~ USER_REGEX;
-                       return reply 'Username already in use' if db->user($_{username});
-                       return reply 'The two passwords do not match' unless $_{password} eq $_{confirm_password};
-
-                       db->users->create({id => $_{username}, name => $_{name}, email => $_{email}, phone => $_{phone}, town => $_{town}, university => $_{university}, country => $_{country}, level => $_{level}});
-                       db->user($_{username})->set_passphrase($_{password});
-
-                       reply 'Registered successfully';
-               },
-
-               sub (/action/passwd + %:password=&:new_password=&:confirm_new_password=) {
-                       forbid !remote_user;
-                       return reply 'Incorrect password' unless remote_user->check_passphrase($_{password});
-                       return reply 'The two passwords do not match' unless $_{new_password} eq $_{confirm_new_password};
-                       remote_user->set_passphrase($_{new_password});
-                       reply 'Password changed successfully';
-               },
-
                sub (/action/submit + %:problem=&:contest~&:prog_format=&:source_code~ + *prog~) {
                        my (undef, undef, $prog) = @_;
                        forbid !remote_user;
@@ -264,51 +243,6 @@ sub dispatch_request{
 
                        [303, [Location => '/log/' . $newjob->id], []]
                },
-
-               sub (/action/request-reset + %:username=) {
-                       return reply 'Password resets are disabled' unless $ENV{GRUNTMASTER_RESET_FROM};
-                       my $user = db->user($_{username});
-                       return reply 'No such user' unless $user;
-                       my $token = join ':', $user->make_reset_hmac;
-                       my $body = <<EOF;
-Someone has requested a password reset for your account.
-
-To reset your password, please submit the reset password form on the
-website using the following information:
-
-Username: $_{username}
-Password: <your new password>
-Reset token: $token
-
-The token is valid for 24 hours.
-EOF
-                       my $email = Email::Simple->create(
-                               header => [
-                                       From    => $ENV{GRUNTMASTER_RESET_FROM},
-                                       To      => $user->email,
-                                       Subject => 'Password reset token',
-                               ],
-                               body => $body,
-                       );
-
-                       my $ok = 0;
-                       eval {
-                               sendmail $email;
-                               $ok = 1;
-                       };
-                       return reply 'Email sent' if $ok;
-                       reply "Failure sending email: $@";
-               },
-
-               sub (/action/reset + %:username=&:password=&:token=) {
-                       my $user = db->user($_{username});
-                       return reply 'No such user' unless $user;
-                       my ($token, $exp) = split ':', $_{token};
-                       return reply 'Reset token is expired' if time >= $exp;
-                       return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
-                       $user->set_passphrase($_{password});
-                       reply 'Password reset successfully';
-               },
        }
 }
 
diff --git a/lib/Plack/App/Gruntmaster/Auth.pm b/lib/Plack/App/Gruntmaster/Auth.pm
new file mode 100644 (file)
index 0000000..40ff41b
--- /dev/null
@@ -0,0 +1,24 @@
+package Plack::App::Gruntmaster::Auth;
+
+use 5.014000;
+use strict;
+our $VERSION = '5999.000_001';
+
+use parent qw/Plack::Middleware::Auth::Complex/;
+
+sub call_register {
+       my ($self, $req) = @_;
+       return $self->bad_request('Parameter too long') if grep { length > 100 } $req->parameters->values;
+
+       $self->SUPER::call_register($req);
+}
+
+sub create_user {
+       my ($self, $parms) = @_;
+       my %parms = $parms->flatten;
+       my $sth = $self->{dbh}->prepare_cached('INSERT INTO users (id, name, email, phone, town, university, country, level, passphrase) VALUES (?,?,?,?,?,?,?,?,?)');
+       $sth->execute(@parms{qw/username name email phone town university country level/}, $self->hash_passphrase($parms{password}));
+}
+
+1;
+__END__
This page took 0.032507 seconds and 4 git commands to generate.